Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sex site on my computer has appeared


  • Please log in to reply
29 replies to this topic

#1 Jonfirefox

Jonfirefox

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 December 2015 - 02:41 PM

Hi

 

My computer is running windows 7.

 

I went away from my computer and  when I came back this was on my desktop:

 

 

Screen shots from firefox below created using the print screen button on my keyboard & uploaded to flickr photo sharing website:

 

https://www.flickr.com/photos/130925116@N06/23556431490/in/datetaken-public/

 

Urls below contains a number of links that may of been displayed???

 

https://www.flickr.com/photos/130925116@N06/23484235479/in/datetaken-public/ (this shows the last website I Ioaded was yahoo mail)

 

 

Malwarebytes Anti-Malware does not pick anything up

 

thanks

 

Jonathan


Edited by Jonfirefox, 19 December 2015 - 03:41 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:35 AM

Posted 19 December 2015 - 03:15 PM

I haven't clicked on the links...really.

 

See what the programs below can find and remove.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:12:35 PM

Posted 19 December 2015 - 03:21 PM

No comment :tophat:


Honesty & Integrity Above All!


#4 Jonfirefox

Jonfirefox
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 December 2015 - 04:23 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Jonathan (Administrator) on 19/12/2015 at 21:19:50.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Windows\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/12/2015 at 21:22:07.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#5 Jonfirefox

Jonfirefox
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 December 2015 - 05:04 PM

# AdwCleaner v5.025 - Logfile created 19/12/2015 at 22:02:20
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jonathan - JONATHAN-PC
# Running from : C:\Users\Jonathan\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF51AD29-5239-441A-B921-E655C8162060}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[!] Key Not Deleted : HKU\S-1-5-21-2393814480-1901860420-2681352935-1001\Software\Myfree Codec

***** [ Web browsers ] *****

[-] [C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3284 bytes] ##########
 



#6 Jonfirefox

Jonfirefox
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 December 2015 - 05:06 PM

Scanned c drive using Eset, nothing was found on c drive.



#7 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:35 AM

Posted 19 December 2015 - 05:36 PM

So far...so good..

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Jonfirefox

Jonfirefox
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 December 2015 - 06:00 PM

Yes    HKCU:Run    AmazonMP3DownloaderHelper    Amazon Services LLC    C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
No    HKCU:Run    EADM    Electronic Arts    "e:\Program Files (x86)\Origin\Origin.exe" -AutoStart
Yes    HKCU:Run    KiesAirMessage        C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Yes    HKCU:Run    KiesPDLR    Samsung    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Yes    HKCU:Run    KiesPreload    Samsung    C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
Yes    HKCU:Run    MoneyAgent    Microsoft Corporation    "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
Yes    HKCU:Run    Skype    Skype Technologies S.A.    "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\Steam.exe" -silent
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64"
Yes    HKLM:Run    CanonMyPrinter    CANON INC.    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Yes    HKLM:Run    CanonSolutionMenuEx    CANON INC.    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    IAStorIcon    Intel Corporation    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Yes    HKLM:Run    KiesTrayAgent    Samsung Electronics Co., Ltd.    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
Yes    HKLM:Run    LifeCam    Microsoft Corporation    "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
Yes    HKLM:Run    MagicTuneEngine        C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
Yes    HKLM:Run    MSC    Microsoft Corporation    "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes    HKLM:Run    PMBVolumeWatcher    Sony Corporation    C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
Yes    HKLM:Run    StatusAlerts    Hewlett-Packard Company    "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
Yes    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    HKLM:Run    WinampAgent    Nullsoft, Inc.    "C:\Program Files (x86)\Winamp\winampa.exe"
Yes    Startup Common    GammaTray.exe.lnk        C:\Program Files\MagicTune Premium\GammaTray.exe
Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes    Startup User    ZooskMessenger.lnk        C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
 



#9 Jonfirefox

Jonfirefox
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 December 2015 - 06:01 PM

Adobe Acrobat Reader DC    Adobe Systems Incorporated    27/11/2015    187 MB    15.009.20079
Adobe AIR    Adobe Systems Incorporated    21/08/2015        18.0.0.199
Adobe Flash Player 20 ActiveX    Adobe Systems Incorporated    09/12/2015    8.46 MB    20.0.0.228
Adobe Flash Player 20 NPAPI    Adobe Systems Incorporated    09/12/2015    9.05 MB    20.0.0.235
Age of Empires II: HD Edition        09/04/2013        
Amazon MP3 Downloader 1.0.18    Amazon Services LLC    18/11/2013        1.0.18
Battlefield 4™    Electronic Arts    26/12/2013    24.1 GB    1.0.0.1
Battlelog Web Plugins    EA Digital Illusions CE AB    31/12/2013        2.3.2
Call of Duty: Ghosts    Infinity Ward    21/12/2013        
Call of Duty: Ghosts - Multiplayer        21/12/2013        
Canon Easy-PhotoPrint EX        27/03/2013        
Canon Easy-PhotoPrint Pro        27/03/2013        
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data        27/03/2013        
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data        27/03/2013        
Canon Easy-WebPrint EX        27/03/2013        
Canon Inkjet Printer/Scanner/Fax Extended Survey Program        27/03/2013        
Canon MG6200 series MP Drivers        27/03/2013        
Canon MG6200 series On-screen Manual        27/03/2013        
Canon MG6200 series User Registration        27/03/2013        
Canon MP Navigator EX 5.0        27/03/2013        
Canon My Printer        27/03/2013        
Canon Solution Menu EX        27/03/2013        
CCleaner    Piriform    19/12/2015        5.12
Command and Conquer 3: Tiberium Wars    EA Los Angeles    28/12/2013        
Dropbox    Dropbox, Inc.    11/12/2015        3.12.5
ESN Sonar    ESN Social Software AB    31/12/2013        0.70.4
eSupport UndeletePlus 3.0.4.513    Copyright © 2011 eSupport.com • All Rights Reserved    16/07/2013        
Google Chrome    Google Inc.    05/02/2014        47.0.2526.106
HP Color LaserJet Pro MFP M277    Hewlett-Packard    21/07/2015        14.0.14309.409
HP Support Solutions Framework    Hewlett-Packard Company    21/07/2015    5.53 MB    12.0.30.219
HP Update    Hewlett-Packard    21/07/2015    4.04 MB    5.005.002.002
HPScanPlugin    Hewlett-Packard Co.    21/07/2015    3.55 MB    28.11.0.0
I.R.I.S. OCR    HP    21/07/2015    71.3 MB    12.3.6.6
Intel® Control Center    Intel Corporation    25/03/2013        1.2.1.1007
Intel® Management Engine Components    Intel Corporation    25/03/2013        8.0.2.1410
Intel® OpenCL CPU Runtime    Intel Corporation    25/03/2013        
Intel® Rapid Storage Technology    Intel Corporation    25/03/2013        11.0.0.1032
Intel® USB 3.0 eXtensible Host Controller Driver    Intel Corporation    25/03/2013        1.0.1.209
Intel® Trusted Connect Service Client    Intel Corporation    09/10/2012    10.6 MB    1.23.605.1
Intel® Watchdog Timer Driver (Intel® WDT)    Intel Corporation    25/03/2013    5.03 MB    
Macrium Reflect Home Edition    Paramount Software (UK) Ltd.    16/10/2015        6.1
MagicTunePremium    Samsung Electronics Ltd.    27/03/2013        4.0.07
Malwarebytes Anti-Malware version 2.2.0.1024    Malwarebytes    21/11/2015    66.0 MB    2.2.0.1024
Microsoft .NET Framework 4.5.2    Microsoft Corporation    15/10/2015    38.8 MB    4.5.51209
Microsoft LifeCam    Microsoft Corporation    27/03/2013    32.8 MB    3.60.253.0
Microsoft Money    Microsoft    27/03/2013    48.1 MB    11.0.100
Microsoft Money System Pack    Microsoft    27/03/2013    6.37 MB    11.0.120
Microsoft Office Home and Student 2010    Microsoft Corporation    07/01/2014        14.0.7015.1000
Microsoft Security Essentials    Microsoft Corporation    13/05/2015        4.8.204.0
Microsoft Silverlight    Microsoft Corporation    19/12/2015    447 MB    5.1.41105.0
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    09/10/2012    1.69 MB    3.1.0000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022    Microsoft Corporation    27/03/2013    2.52 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    28/03/2013    788 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    12/02/2015    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    12/02/2015    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610    Microsoft Corporation    25/10/2013    20.5 MB    11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    01/04/2015    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610    Microsoft Corporation    25/10/2013    17.3 MB    11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    01/04/2015    17.3 MB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501    Microsoft Corporation    01/04/2015    20.5 MB    12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501    Microsoft Corporation    01/04/2015    17.1 MB    12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    12/02/2015        10.0.50903
Mozilla Firefox 43.0.1 (x86 en-US)    Mozilla    19/12/2015    90.1 MB    43.0.1
Mozilla Maintenance Service    Mozilla    19/12/2015    341 KB    43.0.1.5828
MyFreeCodec        07/05/2013        
NVIDIA 3D Vision Controller Driver 314.07    NVIDIA Corporation    25/03/2013        314.07
NVIDIA 3D Vision Driver 314.07    NVIDIA Corporation    25/03/2013        314.07
NVIDIA Graphics Driver 314.07    NVIDIA Corporation    25/03/2013        314.07
NVIDIA HD Audio Driver 1.3.23.1    NVIDIA Corporation    25/03/2013        1.3.23.1
NVIDIA PhysX System Software 9.12.1031    NVIDIA Corporation    25/03/2013        9.12.1031
NVIDIA Update 1.12.12    NVIDIA Corporation    25/03/2013        1.12.12
Origin    Electronic Arts, Inc.    26/12/2013        9.3.6.4639
Paint Shop Pro 7 Anniversary Edition    Jasc Software Inc    27/03/2013    204 MB    7.0.4.0000
Planetary Annihilation    Uber Entertainment    13/09/2014        
PlayMemories Home    Sony Corporation    02/04/2013        7.0.00.11271
PowerChute Business Edition Agent    American Power Conversion    05/02/2015        9.0.1.608
PunkBuster Services    Even Balance, Inc.    26/12/2013        0.993
Realtek Ethernet Controller Driver    Realtek    09/10/2012        7.49.927.2011
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    25/03/2013        6.0.1.6526
Samsung Kies    Samsung Electronics Co., Ltd.    07/05/2013    159 MB    2.5.3.13043_14
SAMSUNG USB Driver for Mobile Phones    SAMSUNG Electronics Co., Ltd.    07/05/2013    34.9 MB    1.5.23.0
Skype™ 7.15    Skype Technologies S.A.    05/12/2015    79.1 MB    7.15.103
Speccy    Piriform    03/10/2014        1.26
Steam    Valve Corporation    09/04/2013    1.77 MB    1.0.0.0
SUPERAntiSpyware    SUPERAntiSpyware.com    28/09/2014    45.1 MB    6.0.1146
Supreme Commander: Forged Alliance    Gas Powered Games    25/03/2014        
TP-LINK 300Mbps Wireless USB Adapter Driver    TP-LINK    26/10/2013        1.3.1
TP-LINK Wireless Configuration Utility    TP-LINK    26/10/2013        1.3.1
Trusteer Endpoint Protection    Trusteer    02/12/2015        3.5.1507.99
Winamp    Nullsoft, Inc    27/03/2013        5.63
Winamp Detector Plug-in    Nullsoft, Inc    27/03/2013    75.0 KB    1.0.0.1
WinDirStat 1.1.2        03/07/2014        
Windows Live Essentials    Microsoft Corporation    23/12/2014        16.4.3528.0331
 



#10 Jonfirefox

Jonfirefox
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 December 2015 - 06:08 PM

I'm having trouble with the CCleaner third list option? How do I get the third list?

 

 

I have posted these so far:

startup.txt

install.txt

 

 

 

thanks

 

Jonathan


Edited by Jonfirefox, 19 December 2015 - 06:11 PM.


#11 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:35 AM

Posted 19 December 2015 - 06:38 PM

Scheduled Tasks is the missing list. Click on Tools > Startups and then at the top right you should see Scheduled Tasks....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:35 AM

Posted 19 December 2015 - 06:51 PM

Uninstall this program....MyFreeCodec        07/05/2013      

 

Disable these Startups: Use CCleaner by clicking on each item and then choose Disable on the right

Yes    HKCU:Run    AmazonMP3DownloaderHelper    Amazon Services LLC    C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes    HKCU:Run    MoneyAgent    Microsoft Corporation    "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\Steam.exe" -silent
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
Yes    HKCU:RunOnce    Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64    Microsoft Corporation    C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64"
Yes    HKLM:Run    CanonMyPrinter    CANON INC.    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Yes    HKLM:Run    CanonSolutionMenuEx    CANON INC.    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

Yes    HKLM:Run    WinampAgent    Nullsoft, Inc.    "C:\Program Files (x86)\Winamp\winampa.exe"

Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes    Startup User    ZooskMessenger.lnk        C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Jonfirefox

Jonfirefox
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 20 December 2015 - 05:20 AM

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002Core    Dropbox, Inc.    C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002UA    Dropbox, Inc.    C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    HPLJCustParticipation    Hewlett Packard    "C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe"
Yes    Task    RealDownloaderDownloaderScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002        C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
Yes    Task    RealDownloaderRealUpgradeLogonTaskS-1-5-21-2393814480-1901860420-2681352935-1002        C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /logoncheck
Yes    Task    RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002        C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck
Yes    Task    RealPlayerRealUpgradeLogonTaskS-1-5-21-2393814480-1901860420-2681352935-1002        C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealPlayerRealUpgradeScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002        C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes    Task    {E8E50606-BC56-461E-966B-7DF8E6B7D9BA}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Jonathan\Downloads\wlsetup-web.exe -d C:\Users\Jonathan\Downloads
 



#14 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:35 AM

Posted 20 December 2015 - 05:56 AM

Disable ALL Tasks

 

The last entry in Tasks is suspect. Please look in your Downloads for the wlsetup-web.exe -d and submit it to VirusTotal - Free Online Virus and Malware Scan

to be scanned by numerous security programs.

 

How is the computer performing...up to par? Has there been another instance of the problem?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Jonfirefox

Jonfirefox
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 20 December 2015 - 07:14 AM

wlsetup-web.exe is windows essentials

 

the VirusTota virus scan did not detect any virus/malware

 

so far the website has not reappeared.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users