Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is being used as a proxy


  • Please log in to reply
9 replies to this topic

#1 Blake21

Blake21

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 07 September 2015 - 09:24 PM

Hi, I have recently discovered that my computer is being used as a proxy or there is some type of virus on my computer  and I can not figure out how to stop it. I recently came across this as I was using fiddler to capture traffic that I was seeing in my firewall. I would have no browsers open and there would be traffic on my computer to various webpages and such. I have searched and scanned with tons of Antivrius programs, and various malware programs, even used rookit remover and nothing. So I am in need of the support of an export. Any advice or direction you can point me into to fix this problem would be greatly appreciated. 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,992 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:14 PM

Posted 08 September 2015 - 06:11 AM

Welcome to BC !

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Blake21

Blake21
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 08 September 2015 - 08:34 AM

Here is all the information that you have requested, thank you for your help and time :)

 

Ccleaner

 

Startup

============================================================

No HKCU:Run AirDroid 3 Sand Studio C:\Program Files (x86)\AirDroid\AirDroid.exe /start
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Blake\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run GoogleChromeAutoLaunch_2C7C08ACC7DE94D8A4468D1F14464A81 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
No HKCU:Run iFunBox Fast App Install Handler i-Funbox.com C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe /tray
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes HKLM:Run Andy Andy OS, Inc "C:\Program Files\Andy\HandyAndy.exe"
Yes HKLM:Run egui ESET "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
No HKLM:Run Raptr Raptr, Inc C:\PROGRA~2\Raptr\raptrstub.exe --startup
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Blake\AppData\Roaming\Dropbox\bin\Dropbox.exe
No Startup User Trillian.lnk Cerulean Studios C:\Program Files (x86)\Trillian\trillian.exe
 
Scheduled Tasks
=========================================================================
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskUserS-1-5-21-1126651128-2268894878-2975208119-1001Core Dropbox, Inc. C:\Users\Blake\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-1126651128-2268894878-2975208119-1001UA Dropbox, Inc. C:\Users\Blake\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d041694b77b8 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d08f028c6212e2 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Optimize Start Menu Cache Files-S-1-5-21-1126651128-2268894878-2975208119-1001
Yes Task TADP Poller C:\NVPACK\Poller.exe
 
====================================================================================
 
# AdwCleaner v5.006 - Logfile created 08/09/2015 at 08:18:04
# Updated 06/09/2015 by Xplode
# Database : 2015-09-07.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Blake - NEWHOME
# Running from : C:\Users\Blake\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ Files ] *****
 
File Found : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
File Found : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : elicpjhcidhpjomhibiffojpinpmmpil
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1318 bytes] ##########
 

======================================================================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 x64
Ran by Blake on Tue 09/08/2015 at  8:25:33.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2C7C08ACC7DE94D8A4468D1F14464A81
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Blake\Appdata\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
 
[C:\Users\Blake\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Blake\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
elicpjhcidhpjomhibiffojpinpmmpil
 
[C:\Users\Blake\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Blake\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  elicpjhcidhpjomhibiffojpinpmmpil
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/08/2015 at  8:28:59.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 buddy215

buddy215

  • BC Advisor
  • 12,992 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:14 PM

Posted 08 September 2015 - 09:16 AM

Rerun AdwCleaner and choose the option to Clean.

 

I don't see the list of installed programs from CCleaner....

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and then choosing Disable, Remove or Uninstall

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Blake\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run GoogleChromeAutoLaunch_2C7C08ACC7DE94D8A4468D1F14464A81 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe If it is the FREE version
Yes HKLM:Run Andy Andy OS, Inc "C:\Program Files\Andy\HandyAndy.exe"
Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
Disable these Tasks:
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskUserS-1-5-21-1126651128-2268894878-2975208119-1001Core Dropbox, Inc. C:\Users\Blake\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-1126651128-2268894878-2975208119-1001UA Dropbox, Inc. C:\Users\Blake\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d041694b77b8 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d08f028c6212e2 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Optimize Start Menu Cache Files-S-1-5-21-1126651128-2268894878-2975208119-1001

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Blake21

Blake21
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 08 September 2015 - 02:49 PM

I have disabled and removed the ones suggested. Here is the list of installed programs

 

AirDroid 3.1.0.0 Sand Studio 5/11/2015 3.1.0.0
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 1/12/2015 26.7 MB 8.0.916.0
AMD VISION Engine Control Center AMD 1/27/2015 1.00.0000
Andy OS Andy OS, Inc 6/11/2015 0.44.0.0
Apple Application Support Apple Inc. 1/17/2015 98.0 MB 3.1
Apple Mobile Device Support Apple Inc. 1/17/2015 23.6 MB 8.0.5.6
Apple Software Update Apple Inc. 1/17/2015 2.38 MB 2.1.3.127
AutoHotkey 1.1.22.03 Lexikos 7/13/2015 1.1.22.03
Bonjour Apple Inc. 1/17/2015 2.00 MB 3.0.0.10
CCleaner Piriform 9/8/2015 5.09
Charles 3.10.2 XK72 Ltd 7/27/2015 159 MB 3.10.2.1
Dropbox Dropbox, Inc. 9/3/2015 3.8.8
EditPlus (64 bit) ES-Computing 4/17/2015
Entity Framework 6.1.1 Tools  for Visual Studio 2013 Microsoft Corporation 1/16/2015 145 MB 12.0.30610.0
ESET Smart Security ESET, spol s r. o. 5/22/2015 52.4 MB 8.0.312.0
Fiddler Telerik 9/4/2015 4.45 MB 4.6.0.2
Fiddler2 CertMaker Telerik 8/5/2015
GnuWin32: OpenSSL-0.9.8h-1 GnuWin32 5/11/2015 0.9.8h-1
Google Chrome Google Inc. 1/13/2015 45.0.2454.85
HP Support Solutions Framework Hewlett-Packard Company 1/12/2015 8.16 MB 11.51.0048
iFunbox (v2.92.2440.749), iFunbox DevTeam 1/17/2015 18.3 MB v2.92.2440.749
IIS 8.0 Express Microsoft Corporation 1/16/2015 36.3 MB 8.0.1557
IIS Express Application Compatibility Database for x64 1/21/2015
IIS Express Application Compatibility Database for x86 1/21/2015
IrfanView (remove only) Irfan Skiljan 5/31/2015 2.00 MB 4.38
iTunes Apple Inc. 1/17/2015 244 MB 12.0.1.26
Java™ 6 Update 45 Oracle 6/11/2015 98.0 MB 6.0.450
KeyboardLock 1.2.4606 amberfish.net 1/29/2015 1.34 MB 1.2.4606
KeyFreeze KeyFreeze 1/29/2015 1.0.0.1
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 6/24/2015 64.6 MB 2.1.8.1057
Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft Corporation 1/16/2015 41.8 MB 4.5.50710
Microsoft .NET Framework 4.5 SDK Microsoft Corporation 1/16/2015 18.5 MB 4.5.50710
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack Microsoft Corporation 1/16/2015 49.3 MB 4.5.50932
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) Microsoft Corporation 1/16/2015 74.5 MB 4.5.50932
Microsoft .NET Framework 4.5.1 SDK Microsoft Corporation 1/16/2015 19.4 MB 4.5.51641
Microsoft Help Viewer 2.1 Microsoft Corporation 1/21/2015 12.1 MB 2.1.21005
Microsoft Mouse and Keyboard Center Microsoft Corporation 8/5/2015 2.5.166.0
Microsoft Silverlight Microsoft Corporation 1/16/2015 35.4 MB 5.1.20513.0
Microsoft Silverlight 5 SDK Microsoft Corporation 1/16/2015 77.5 MB 5.0.61118.0
Microsoft SQL Server 2012 Command Line Utilities Microsoft Corporation 1/16/2015 2.38 MB 11.1.3000.0
Microsoft SQL Server 2012 Data-Tier App Framework Microsoft Corporation 1/16/2015 10.1 MB 11.1.2902.0
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) Microsoft Corporation 1/16/2015 10.1 MB 11.1.2902.0
Microsoft SQL Server 2012 Express LocalDB Microsoft Corporation 1/16/2015 161 MB 11.1.3000.0
Microsoft SQL Server 2012 Management Objects Microsoft Corporation 1/16/2015 25.0 MB 11.1.3000.0
Microsoft SQL Server 2012 Management Objects  (x64) Microsoft Corporation 1/16/2015 18.2 MB 11.1.3000.0
Microsoft SQL Server 2012 Native Client Microsoft Corporation 1/16/2015 9.70 MB 11.1.3000.0
Microsoft SQL Server 2012 T-SQL Language Service Microsoft Corporation 1/16/2015 6.14 MB 11.1.3000.0
Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft Corporation 1/16/2015 4.53 MB 11.1.3000.0
Microsoft SQL Server 2014 Express LocalDB Microsoft Corporation 1/16/2015 230 MB 12.0.2000.8
Microsoft SQL Server 2014 Management Objects Microsoft Corporation 1/16/2015 24.2 MB 12.0.2000.8
Microsoft SQL Server 2014 Management Objects  (x64) Microsoft Corporation 1/16/2015 16.5 MB 12.0.2000.8
Microsoft SQL Server 2014 T-SQL Language Service Microsoft Corporation 1/16/2015 6.65 MB 12.0.2000.8
Microsoft SQL Server 2014 Transact-SQL ScriptDom Microsoft Corporation 1/16/2015 6.17 MB 12.0.2000.8
Microsoft SQL Server Compact 4.0 SP1 x64 ENU Microsoft Corporation 1/16/2015 21.2 MB 4.0.8876.1
Microsoft SQL Server Data Tools - enu (12.0.41012.0) Microsoft Corporation 1/16/2015 29.1 MB 12.0.41012.0
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) Microsoft Corporation 1/16/2015 2.15 MB 12.0.30919.1
Microsoft SQL Server System CLR Types Microsoft Corporation 1/16/2015 2.53 MB 10.50.1600.1
Microsoft SQL Server System CLR Types (x64) Microsoft Corporation 1/16/2015 3.13 MB 10.50.1600.1
Microsoft System CLR Types for SQL Server 2012 Microsoft Corporation 1/16/2015 2.80 MB 11.1.3366.16
Microsoft System CLR Types for SQL Server 2012 (x64) Microsoft Corporation 1/16/2015 2.91 MB 11.1.3366.16
Microsoft System CLR Types for SQL Server 2014 Microsoft Corporation 1/16/2015 6.44 MB 12.0.2000.8
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 1/12/2015 10.2 MB 9.0.30729
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 6/19/2015 12.4 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 4/10/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 Microsoft Corporation 1/27/2015 20.4 MB 11.0.50727.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 1/21/2015 20.5 MB 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Corporation 1/27/2015 17.3 MB 11.0.50727.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 1/21/2015 17.3 MB 11.0.60610.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 1/21/2015 10.0.50903
Microsoft Visual Studio Ultimate 2013 with Update 4 Microsoft Corporation 1/21/2015 9.98 GB 12.0.31101
Microsoft Web Deploy 3.5 Microsoft Corporation 1/16/2015 11.8 MB 3.1237.1763
NVIDIA Nsight Tegra v2.1, Visual Studio Edition NVIDIA Corporation 4/10/2015 110 MB 2.1.0.15079
NVIDIA PerfHUD ES Tegra 4/10/2015 1.0
NVIDIA Tegra Android Development Pack NVIDIA Corporation 9/6/2015
NVIDIA Tegra Graphics Debugger v1.3 NVIDIA Corporation 4/10/2015 149 MB 1.3.15044.1937
NVIDIA Tegra System Profiler v2.2 NVIDIA Corporation 4/10/2015 115 MB 2.2.1931.1905
Oracle VM VirtualBox 4.3.28 Oracle Corporation 6/11/2015 157 MB 4.3.28
PeerBlock 1.2 (r693) PeerBlock, LLC 1/13/2015 3.57 MB 1.2.0.693
Prerequisites for SSDT Microsoft Corporation 1/16/2015 6.36 MB 12.0.2000.8
Raptr 1/21/2015
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 1/21/2015 6.0.1.6662
Rome - Total War - Gold Edition The Creative Assembly 6/7/2015 1.6
Sid Meier's Civilization V 2K Games, Inc. 5/20/2015
Sikuli X Sikuli Development Team 6/11/2015 1.0.3
Skype Click to Call Microsoft Corporation 5/28/2015 9.94 MB 7.4.0.9058
Skype™ 7.5 Skype Technologies S.A. 6/7/2015 48.8 MB 7.5.102
Sophos Virus Removal Tool Sophos Limited 9/6/2015 133 MB 2.5.4
Steam Valve Corporation 5/20/2015 2.10.91.91
SUPERAntiSpyware SUPERAntiSpyware.com 5/29/2015 51.8 MB 6.0.1194
TeamViewer 10 TeamViewer 8/22/2015 10.0.45862
TeraCopy 2.3 Code Sector 1/13/2015 7.22 MB
Trillian Cerulean Studios, LLC 1/21/2015
VLC media player VideoLAN 3/22/2015 2.2.0
WCF RIA Services V1.0 SP2 Microsoft Corporation 1/16/2015 9.60 MB 4.1.62812.0
Windows 7 USB/DVD Download Tool Microsoft Corporation 8/22/2015 2.71 MB 1.0.30
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) Google, Inc. 5/11/2015 01/27/2014 9.0.0000.00000
WinPcap 4.1.3 Riverbed Technology, Inc. 6/19/2015 4.1.0.2980
WinRAR 5.21 beta 1 (64-bit) win.rar GmbH 1/21/2015 5.21.1
Wireshark 1.12.6 (64-bit) The Wireshark developer community, http://www.wireshark.org 6/19/2015 99.6 MB 1.12.6


#6 buddy215

buddy215

  • BC Advisor
  • 12,992 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:14 PM

Posted 08 September 2015 - 03:22 PM

Did you rerun AdwCleaner?

 

Uninstall these programs: 

Java™ 6 Update 45 Oracle 6/11/2015 98.0 MB 6.0.450 (Or UPDATE it if you actually use it...most don't)

Skype Click to Call Microsoft Corporation 5/28/2015 9.94 MB 7.4.0.9058 (unless you actually click on phone #s in ads. )

 

Team Viewer was recently installed....If you intentionally installed it...keep it....we sometimes see similar programs installed by scammers is the reason for mentioning this.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Blake21

Blake21
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 09 September 2015 - 01:22 AM

I reran ADWCleaner. And cleaned everything it said. There was only two things and one was a folder.  Also, I uninstalled Skype click to call, and yes I installed team viewer myself. I also ran Eset Online Scanner. It said no threats founds and had no log. 



#8 buddy215

buddy215

  • BC Advisor
  • 12,992 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:14 PM

Posted 09 September 2015 - 05:11 AM

One final check

 

Please download MiniToolBox and run it.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entrie
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

 

You can block Third Party aka ad/ tracking cookies from installing in your browsers. Once you have blocked their install run CCleaner and it will remove

the ones that are presently installed. See How To Disable Third-Party Cookies In All Major Browsers


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Blake21

Blake21
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 09 September 2015 - 06:54 AM

Here are the contents of the log from MiniToolBox. I have also disabled and removed 3rd party cookies with CCleaner

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Blake (administrator) on 09-09-2015 at 06:53:06
Running from "C:\Users\Blake\Downloads"
Microsoft Windows 8.1  (X64)
Model: p7-1010 Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Ethernet (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
802.11n Wireless LAN Card = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : NewHome
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : D0-DF-9A-4E-F6-26
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : D0-DF-9A-4E-F6-24
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 3C-D9-2B-4A-A3-3B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:ccbc:d10::49(Preferred) 
   Lease Obtained. . . . . . . . . . : Tuesday, September 8, 2015 2:51:00 PM
   Lease Expires . . . . . . . . . . : Wednesday, October 7, 2015 8:41:58 PM
   IPv6 Address. . . . . . . . . . . : 2602:306:ccbc:d10:11fc:4277:b213:ea83(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:306:ccbc:d10:d16d:6315:d702:7322(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::11fc:4277:b213:ea83%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.222(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 8, 2015 2:50:59 PM
   Lease Expires . . . . . . . . . . : Thursday, September 10, 2015 2:50:59 AM
   Default Gateway . . . . . . . . . : fe80::ce65:adff:fe4a:ab40%2
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 255645995
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-46-94-C2-3C-D9-2B-4A-A3-3B
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-50-C2
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c829:2571:c23b:cf64%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 319291431
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-46-94-C2-3C-D9-2B-4A-A3-3B
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:4aa:2649:9334:3f2e(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::4aa:2649:9334:3f2e%8(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-46-94-C2-3C-D9-2B-4A-A3-3B
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{AA8139AF-D8B4-47CA-802D-B60246F82BB7}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4005:802::100e
 74.125.224.2
 74.125.224.5
 74.125.224.8
 74.125.224.0
 74.125.224.14
 74.125.224.9
 74.125.224.7
 74.125.224.6
 74.125.224.4
 74.125.224.3
 74.125.224.1
 
 
Pinging google.com [2607:f8b0:4005:801::200e] with 32 bytes of data:
Reply from 2607:f8b0:4005:801::200e: time=75ms 
Reply from 2607:f8b0:4005:801::200e: time=74ms 
 
Ping statistics for 2607:f8b0:4005:801::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 74ms, Maximum = 75ms, Average = 74ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=90ms 
Reply from 2001:4998:58:c02::a9: time=89ms 
 
Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 90ms, Average = 89ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...d0 df 9a 4e f6 26 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...d0 df 9a 4e f6 24 ......802.11n Wireless LAN Card
  2...3c d9 2b 4a a3 3b ......Realtek PCIe FE Family Controller
 10...08 00 27 00 50 c2 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.222     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.222    276
    192.168.1.222  255.255.255.255         On-link     192.168.1.222    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.222    276
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.222    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.222    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  2    276 ::/0                     fe80::ce65:adff:fe4a:ab40
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:5ef5:79fb:4aa:2649:9334:3f2e/128
                                    On-link
  2    276 2602:306:ccbc:d10::/64   On-link
  2     36 2602:306:ccbc:d10::/64   fe80::ce65:adff:fe4a:ab40
  2    276 2602:306:ccbc:d10::49/128
                                    On-link
  2    276 2602:306:ccbc:d10:11fc:4277:b213:ea83/128
                                    On-link
  2    276 2602:306:ccbc:d10:d16d:6315:d702:7322/128
                                    On-link
 10    276 fe80::/64                On-link
  2    276 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::4aa:2649:9334:3f2e/128
                                    On-link
  2    276 fe80::11fc:4277:b213:ea83/128
                                    On-link
 10    276 fe80::c829:2571:c23b:cf64/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
  2    276 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 18%
Total physical RAM: 16383.28 MB
Available physical RAM: 13329 MB
Total Virtual: 18815.28 MB
Available Virtual: 15626.47 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:97.32 GB) (Free:10.01 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:488.28 GB) (Free:71.2 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\NEWHOME
 
Administrator            Blake                    Guest                    
 
 
**** End of log ****


#10 buddy215

buddy215

  • BC Advisor
  • 12,992 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:14 PM

Posted 09 September 2015 - 08:01 AM

The only thing I see that needs attention is 1 Drive c: () (Fixed) (Total:97.32 GB) (Free:10.01 GB) NTFS

Fifteen to twenty percent of free space is recommended to allow Windows to defragment properly or at all.

 

Two articles you may want to read:

Windows 10 Worst Feature To Install On Windows 7 And Windows 8 - Forbes  (you may want to uninstall those updates)

 

How to secure your home wireless network router.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users