Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware Infected Win10 Laptop - What next?


  • Please log in to reply
13 replies to this topic

#1 ModeratelyConfused

ModeratelyConfused

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 December 2015 - 04:09 AM

I am trying to sort out my son's Win10 laptop that had adware pop ups galore on it and was virtually unusable.

 

I uninstalled Firefox which had most problems and used Edge which was slightly better

 

I then used Emisoft Emergency Kit which removed a raft of PUPs and other stuff

 

Then I ran Windows Update and got it fully up to date.

 

I followed this up with MalwareBytes free (which also had a field day) and Microsoft safety Scanner (which said it found nothing, but the laptop boots considerably faster after this)

 

Finally I ran the full scan with McAfee which was clean

 

I reinstalled Firefox from the Mozilla website, but on using it things still don't seem right so I don't know if this is a problem with FireFox or the laptop.

 

Opening FF takes you to http:// searchinterneat-a.akamaihd.net no matter how often you change the home page

 

going to google now works, but trying to do anything including scroll down immediately takes you to a pop up.

 

I have reached the limit of my knowledge with this. I don't understand why I can use Edge, but not FF. help please.


Edited by ModeratelyConfused, 18 December 2015 - 04:14 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:53 PM

Posted 18 December 2015 - 05:53 AM

Welcome to BC !

 

Seems you have already done quiet a bit to clean the computer.

Run another scan using MBAM. Be sure to  click on the settings tab and choose to scan for Rootkits, too.

  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Please post the scan results log if anything is found.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 18 December 2015 - 05:57 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ModeratelyConfused

ModeratelyConfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 December 2015 - 09:12 AM

MBAM found 2 PUPs - PUP.Optional.Yontoo

 

These have been cleared and I am moving on down your list @buddy215

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 18/12/2015

Scan Time: 12:15

Logfile: MBAM.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.12.18.02

Rootkit Database: v2015.12.16.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: A-dog

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 356332

Time Elapsed: 1 hr, 33 min, 46 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

Files: 2

PUP.Optional.Yontoo, C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggXI1oNAwtBFBgReQ0ATA1JFwQOeAwBAhQTGAEWdgAKVQpEEwAFIk0FA18DB0VXfWFoKB8fHGZGIUtbCWgESFZIC1dXFg==");), ,[404ae7bf7d0e6acc93136450699b4db3]

PUP.Optional.Yontoo, C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\searchplugins\default.xml, , [1b6f6f37ee9d4de974fef4beef151ee2],

Physical Sectors: 0

(No malicious items detected)

 

(end)


Edited by ModeratelyConfused, 18 December 2015 - 09:46 AM.


#4 ModeratelyConfused

ModeratelyConfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 December 2015 - 09:34 AM

ADW Cleaner log file
 
# AdwCleaner v5.025 - Logfile created 18/12/2015 at 14:48:15

# Updated 13/12/2015 by Xplode

# Database : 2015-12-13.2 [Server]

# Operating system : Windows 10 Home  (x64)

# Username : A-dog - DESKTOP-N39S01B

# Running from : C:\Users\A-dog\Desktop\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

[-] File Deleted : C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\user.js

[-] File Deleted : C:\WINDOWS\Reimage.ini

 

***** [ DLLs ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled tasks ] *****

 

[-] Task Deleted : YCMServiceAgent

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

[-] Key Deleted : HKCU\Software\SoftSuma

[-] Key Deleted : HKLM\SOFTWARE\Lightspark Team

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat

[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage

***** [ Web browsers ] *****

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1794 bytes] ##########


Edited by ModeratelyConfused, 18 December 2015 - 09:54 AM.


#5 ModeratelyConfused

ModeratelyConfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 December 2015 - 10:05 AM

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.1 (11.24.2015)

Operating System: Windows 10 Home x64

Ran by A-dog (Administrator) on 18/12/2015 at 14:58:02.00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

File System: 1

 

Successfully deleted: C:\Users\A-dog\AppData\Roaming\nico mak computing (Folder)

 

Deleted the following from C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\prefs.js

user_pref(extensions.SearchQuickKnow.cg, 4cc5b205-2948-4861-859c-b94569243525);

user_pref(extensions.foxstart-cck@extensions.foxstart.com.install-event-fired, true);

user_pref(extensions.foxstart-cck@extensions.foxstart.com.version, 1.1);

user_pref(extensions.installedDistroAddon.foxstart-cck@extensions.foxstart.com, true);

user_pref(extensions.xpiState, {\app-profile\:{\foxstart-cck@extensions.foxstart.com\:{\d\:\C:\\\\Users\\\\A-dog\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profi

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{37FED393-DAE8-4665-9EDA-1458536BFFBE} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{37FED393-DAE8-4665-9EDA-1458536BFFBE} (Registry Key)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18/12/2015 at 14:59:48.96

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:53 PM

Posted 18 December 2015 - 10:24 AM

The Eset scan, based on the volume of data stored on your computer, is likely to take 2 or more hours....so plan accordingly.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 ModeratelyConfused

ModeratelyConfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 December 2015 - 10:32 AM

It's running now. I'm in no hurry, even if my son disagrees ;)

#8 ModeratelyConfused

ModeratelyConfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 December 2015 - 11:37 AM

And finally ESET

 

C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\extensions\{74718e2a-06ee-4e3d-80d2-1a8e07137dfb}.xpi JS/BrowseFox.A potentially unwanted application deleted - quarantined

C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\extensions\{85adb0f7-f4ea-4312-b3b4-c8cae4300aef}.xpi JS/BrowseFox.A potentially unwanted application deleted - quarantined

C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\extensions\{d5a54bd0-d4c9-432f-a47c-7e60ffbf44f5}.xpi JS/BrowseFox.A potentially unwanted application deleted - quarantined

C:\Windows.old\Users\A-dog\AppData\Local\Microsoft\Windows\INetCache\IE\83YFAMUE\OneSystemCare[1].exe a variant of Win32/OptimizerEliteMax.E potentially unwanted application deleted - quarantined

C:\Windows.old\Users\A-dog\AppData\Local\Microsoft\Windows\INetCache\IE\F8SFH13O\PCDriverKitE[1].exe multiple threats cleaned by deleting - quarantined

C:\Windows.old\Users\A-dog\AppData\Local\Microsoft\Windows\INetCache\IE\YQ7IMHBQ\setup[1].exe Win32/BrowseFox.CC potentially unwanted application deleted - quarantined

C:\Windows.old\Users\A-dog\AppData\Local\Temp\ICSW1.17\ICSW1.17_0S1F1O2Z1B2Y1H1T1V0I0C1V0P2Y1S1V0C0C0V1.17.exe a variant of Win32/InstallCore.ADV.gen potentially unwanted application cleaned by deleting - quarantined



#9 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:53 PM

Posted 18 December 2015 - 12:10 PM

So far....so good...

 

It may be necessary to do a clean uninstall of Firefox...that means uninstalling your Firefox profile, too. You will know to do that if

evidence of adware, search redirect, popups, etc happen after rebooting the computer and Firefox. You can use Download Revo Uninstaller Freeware

in Advanced Mode or you can run the unistaller for Firefox and then do a search for Mozilla Firefox and delete all that is found.

You can save the Firefox Bookmarks before uninstalling. Click on Bookmarks > Show All Bookmarks > then click on Import and Backup....save in a html file to your desktop and email.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 ModeratelyConfused

ModeratelyConfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 December 2015 - 01:05 PM

Firefox is behaving beautifully :)
 
CCleaner stuff
 
WINDOWS:
 
Yes HKCU:Run BingSvc © 2015 Microsoft Corporation C:\Users\A-dog\AppData\Local\Microsoft\BingSvc\BingSvc.exe

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\A-dog\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

Yes HKLM:Run AccelerometerSysTrayApplet Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe

Yes HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup

Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe

Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

Yes HKLM:Run PowerDVD14Agent CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"

Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s

Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

 

 

INTERNET EXPLORER:

 

Yes Extension Add to Evernote 5  C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html

Yes Extension Launches HP Network Check that helps you solve connection issues Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

Yes Extension Lync Click to Call Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll

Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll

Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll

Yes Extension Send to OneNote Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll

Yes Extension Send to OneNote Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll

No Helper Evernote extension Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

No Helper HP Network Check Helper Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

Yes Helper Lync Browser Helper Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll

Yes Helper Microsoft OneDrive for Business Browser Helper Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL

 

 

FIREFOX:

 

Yes Extension Adblock Plus 2.7 Wladimir Palant default Firefox 43.0 C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Yes Extension Foxstart Default Settings 1.1 Foxstart.com default Firefox 43.0 C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\extensions\foxstart-cck@extensions.foxstart.com

Yes Plugin Intel® Identity Protection Technology 4.0.68.0 Intel Corporation default Firefox 43.0 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

Yes Plugin Intel® Identity Protection Technology 4.0.68.0 Intel Corporation default Firefox 43.0 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

Yes Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default Firefox 43.0 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

Yes Plugin McAfee SecurityCenter 14.0.5120.0 McAfee, Inc. default Firefox 43.0 c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll

Yes Plugin Microsoft Office 2016 16.0.6326.1010 Microsoft Corporation default Firefox 43.0 C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

Yes Plugin OpenH264 Video Codec 1.5.1 Mozilla Corporation default Firefox 43.0 C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\gmp-gmpopenh264\1.5.1\gmpopenh264.dll

Yes Plugin Primetime Content Decryption Module provided by Adobe Systems, Incorporated 15 Adobe Systems Inc default Firefox 43.0 C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\gmp-eme-adobe\15\eme-adobe.dll

Yes Plugin Silverlight Plug-In 5.1.41105.0  Microsoft Corporation default Firefox 43.0 c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll

Yes Plugin WildTangent Games App V2 Presence Detector 4.1.0.5 WildTangent Inc default Firefox 43.0 C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

 

 

SCHEDULED TASKS:

 

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task DropboxOEM  "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe" auto

Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c

Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes Task HPCeeScheduleForA-dog Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForA-dog (null)

Yes Task HPGenoobeReminder Hewlett-Packard Company "C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe" CLEAR

Yes Task IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec Intel Corporation "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic

Yes Task IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon Intel Corporation "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic

Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473  C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic

Yes Task McAfeeLogon McAfee, Inc. C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe /platui

 

 

CONTEXT MENU:

 

Yes Directory DropboxExt Dropbox, Inc. C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll

Yes Directory SHAREit.FileContextMenuExt  C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll

Yes File DropboxExt Dropbox, Inc. C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll

Yes File McCtxMenuFrmWrk McAfee, Inc. c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll

Yes File SHAREit.FileContextMenuExt  C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll

Yes Folder McCtxMenuFrmWrk McAfee, Inc. c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll

 

 

UNINSTALL:

 

3D Builder Microsoft Corporation 17/12/2015  10.10.38.0

Alarms & Clock Microsoft Corporation 17/12/2015  10.1511.65020.0

Amazon Amazon.com 17/12/2015  3.1.2.8

App connector Microsoft Corporation 17/12/2015  1.3.3.0

Apple Application Support (32-bit) Apple Inc. 11/12/2015 114 MB 4.1

Apple Application Support (64-bit) Apple Inc. 11/12/2015 130 MB 4.1

Apple Mobile Device Support Apple Inc. 11/12/2015 28.0 MB 9.1.0.6

Apple Software Update Apple Inc. 11/12/2015 2.40 MB 2.1.4.131

Bonjour Apple Inc. 11/12/2015 2.01 MB 3.1.0.1

Calculator Microsoft Corporation 17/12/2015  10.1512.47020.0

Camera Microsoft Corporation 17/12/2015  2015.1211.10.0

Candy Crush Soda Saga king.com 17/12/2015  1.57.200.0

CCleaner Piriform 18/12/2015  5.12

CyberLink PhotoDirector CyberLink Corp. 17/12/2015 439 MB 5.0.5.6713

CyberLink Power Media Player 14 CyberLink Corp. 17/12/2015 460 MB 14.0.1.5624

CyberLink PowerDirector 12 CyberLink Corp. 17/12/2015 915 MB 12.0.4.4301

CyberLink YouCam CyberLink Corp. 17/12/2015 530 MB 6.0.1.4301

Dropbox Dropbox, Inc. 17/12/2015  3.12.5

Dropbox 25 GB Dropbox, Inc. 24/11/2015 3.07 MB 1.0.8.2

Energy Star Hewlett-Packard Company 24/11/2015 3.39 MB 1.0.9

ESET Online Scanner v3  18/12/2015 

Evernote v. 5.8.6 Evernote Corp. 24/11/2015 234 MB 5.8.6.7519

Films & TV Microsoft Corporation 17/12/2015  3.6.15731.0

Get Office Microsoft Corporation 17/12/2015  17.6508.23761.0

Get Skype Skype 17/12/2015  3.2.1.0

Get Started Microsoft Corporation 17/12/2015  2.5.6.0

Groove Music Microsoft Corporation 17/12/2015  3.6.15131.0

HP 3D DriveGuard Hewlett-Packard Company 24/11/2015 2.00 MB 6.0.28.1

HP CoolSense Hewlett-Packard Company 06/10/2015 12.0 MB 2.20.51

HP Documentation HP 17/12/2015  1.0.0.1

HP Lounge Universal Music Mobile 17/12/2015  1.5.0.22

HP Registration Service Hewlett-Packard 24/11/2015 33.1 MB 1.2.8305.5282

HP Support Assistant Hewlett-Packard Company 24/11/2015 68.4 MB 8.0.29.6

HP Support Solutions Framework Hewlett-Packard Company 24/11/2015 6.02 MB 12.0.30.219

HP System Event Utility Hewlett-Packard Company 24/11/2015 10.0 MB 1.4.6

HP Welcome Hewlett-Packard Company 17/12/2015  1.0

HP Wireless Button Driver Hewlett-Packard 24/11/2015 1.08 MB 1.1.5.1

Intel® Dynamic Platform and Thermal Framework Intel Corporation 17/12/2015  8.1.10600.150

Intel® Management Engine Components Intel Corporation 24/11/2015  11.0.0.1158

Intel® PRO/Wireless Driver Intel Corporation 24/11/2015 53.9 MB 18.12.0001.3121

Intel® Processor Graphics Intel Corporation 06/10/2015  10.18.15.4248

Intel® Rapid Storage Technology Intel Corporation 24/11/2015  14.5.0.1081

Intel® WiDi Intel Corporation 24/11/2015 58.2 MB 6.0.40.0

Intel® Wireless Bluetooth® Intel Corporation 24/11/2015 2.93 MB 17.1.1530.1676

Intel® Software Guard Extensions Platform Software Intel Corporation 24/11/2015 8.70 MB 1.0.26920.1393

iTunes Apple Inc. 11/12/2015 218 MB 12.3.1.23

Mail and Calendar Microsoft Corporation 17/12/2015  17.6515.64021.0

Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 17/12/2015 66.1 MB 2.2.0.1024

Maps Microsoft Corporation 17/12/2015  4.1512.3450.0

McAfee LiveSafe - Internet Security McAfee, Inc. 17/12/2015  14.0.5120

Messaging + Skype Microsoft Corporation 17/12/2015  2.12.15004.0

Microsoft Office 365 - en-us Microsoft Corporation 17/12/2015  16.0.6366.2036

Microsoft Silverlight Microsoft Corporation 11/12/2015 50.7 MB 5.1.41105.0

Microsoft Solitaire Collection Microsoft Studios 17/12/2015  3.5.11021.0

Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24/11/2015 4.84 MB 8.0.59193

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 24/11/2015 13.2 MB 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17/12/2015 11.5 MB 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24/11/2015 10.1 MB 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17/12/2015 8.78 MB 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 17/12/2015 5.90 MB 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 17/12/2015 5.13 MB 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 17/12/2015 20.5 MB 11.0.61030.0

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 17/12/2015 17.3 MB 11.0.61030.0

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 17/12/2015 20.5 MB 12.0.21005.1

Microsoft WiFi Microsoft Corporation 17/12/2015  1.1511.2.0

Money Microsoft Corporation 17/12/2015  4.7.118.0

Mozilla Firefox 43.0 (x86 en-GB) Mozilla 18/12/2015 88.9 MB 43.0

Mozilla Maintenance Service Mozilla 18/12/2015 232 KB 43.0

Netflix Netflix, Inc. 17/12/2015  6.1.24.0

News Microsoft Corporation 17/12/2015  4.7.118.0

OneNote Microsoft Corporation 17/12/2015  17.6366.15841.0

People Microsoft Corporation 17/12/2015  10.0.3350.0

Phone Microsoft Corporation 17/12/2015  2.12.2002.0

Phone Companion Microsoft Corporation 17/12/2015  10.1511.18010.0

PhotoDirector CyberLink Corp. 24/11/2015 439 MB 5.0.5.6713

Photos Microsoft Corporation 17/12/2015  15.1208.10480.0

PowerDirector CyberLink Corp. 24/11/2015 915 MB 12.0.4.4301

R2-D2 Hewlett-Packard Company 24/11/2015 8.29 MB 1.0.9

Realtek Card Reader Realtek Semiconductor Corp. 24/11/2015 11.7 MB 10.0.370.103

Realtek Ethernet Controller Driver Realtek 24/11/2015  10.1.505.2015

Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17/12/2015  6.0.1.7584

Simple Solitaire Random Salad Games LLC 17/12/2015  5.0.0.31

Snapfish HP Inc. 17/12/2015  6.0.224.0

Sport Microsoft Corporation 17/12/2015  4.7.130.0

Star Wars Command Center Hewlett-Packard Company 24/11/2015 11.5 MB 1.0.30

Store Microsoft Corporation 17/12/2015  2015.25.5.0

Sway Microsoft Corporation 17/12/2015  17.6509.20251.0

Synaptics ClickPad Driver Synaptics Incorporated 17/12/2015 46.4 MB 19.0.12.97

TripAdvisor TripAdvisor LLC 17/12/2015  1.4.3.0

Twitter Twitter Inc. 17/12/2015  4.3.2.0

Voice Recorder Microsoft Corporation 17/12/2015  10.1511.17110.0

Weather Microsoft Corporation 17/12/2015  4.7.118.0

WildTangent Games WildTangent 17/12/2015  1.0.4.0

Xbox Microsoft Corporation 17/12/2015  11.12.9011.0



#11 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:53 PM

Posted 18 December 2015 - 01:39 PM

Okay...if Firefox acts up in the next few days don't hesitate to perform the uninstall.

 

Disable these Windows Startups: Use CCleaner by clicking on each item and then choosing Disable on the right

Yes HKCU:Run BingSvc © 2015 Microsoft Corporation C:\Users\A-dog\AppData\Local\Microsoft\BingSvc\BingSvc.exe

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup

Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe

Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

 

Remove/ delete Yes Extension Foxstart Default Settings 1.1 Foxstart.com default Firefox 43.0 C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\extensions\foxstart-cck@extensions.foxstart.com

 

Disable these Firefox plugins: Click on Tools > Add-ons > Plugins > click on each item and choose Disable on the right.

Yes Plugin McAfee SecurityCenter 14.0.5120.0 McAfee, Inc. default Firefox 43.0 c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll

Yes Plugin Primetime Content Decryption Module provided by Adobe Systems, Incorporated 15 Adobe Systems Inc default Firefox 43.0 C:\Users\A-dog\AppData\Roaming\Mozilla\Firefox\Profiles\do5rpkxf.default\gmp-eme-adobe\15\eme-adobe.dll

Yes Plugin Silverlight Plug-In 5.1.41105.0  Microsoft Corporation default Firefox 43.0 c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll

Yes Plugin WildTangent Games App V2 Presence Detector 4.1.0.5 WildTangent Inc default Firefox 43.0 C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

 

Disable these Tasks: Click on each item and then choose Disable on the right

Yes Task DropboxOEM  "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe" auto

Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c

Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes Task HPCeeScheduleForA-dog Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForA-dog (null)

Yes Task HPGenoobeReminder Hewlett-Packard Company "C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe" CLEAR

Yes Task IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec Intel Corporation "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic

Yes Task IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon Intel Corporation "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic

Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473  C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic

 

Uninstall These Items:

Amazon Amazon.com 17/12/2015  3.1.2.8

Candy Crush Soda Saga king.com 17/12/2015  1.57.200.0

ESET Online Scanner v3  18/12/2015

Simple Solitaire Random Salad Games LLC 17/12/2015  5.0.0.31

WildTangent Games WildTangent 17/12/2015  1.0.4.0


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:53 PM

Posted 18 December 2015 - 01:43 PM

I see you have Adblock Plus extension for Firefox. If you haven't done so, do this for blocking a ton more ads:

Click on the Adblock Plus icon > choose Filter Preferences > UNcheck Allow some Non-intrusive advertisements


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 ModeratelyConfused

ModeratelyConfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 December 2015 - 01:50 PM

Thank you so much for all your help. You have been amazing :)

 

I will get on with the list and hopefully not have to get back to you again!

 

Son has received lesson in web sense, I think!



#14 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:53 PM

Posted 18 December 2015 - 02:07 PM

A lot of stuff downloaded yesterday. Free stuff these days come with adware....some easy to get rid of...some very difficult. I think

he got lucky in that respect.

 

Enjoyed working with you...don't hesitate to ask for more help...you are welcome.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users