Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with wonderlandads.com


  • Please log in to reply
17 replies to this topic

#1 nhquan94

nhquan94

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 01 January 2016 - 04:08 AM

Good afternoon (in my timezone it is 4pm now)  :),

 

Wonderlandads.com has affected all of my web browsers like Edge, Chrome for about 2 weeks. I have tried every method suggested on the internet but it is remaining on my computer.

 

- I don't have any strange extention on Chrome or Edge and there isn't any strange program in control panel.

- I have tried everything: Avast, Kasperky Virus Removal, Bit Defender, Norton or MBAM and no threat found.

- I have already tried to follow the instruction in this thread  http://www.bleepingcomputer.com/forums/t/596694/tricky-one-chrome-redirects-to-wonderlandadscom/ but it still happens.

- Wonderlandads does not appear on all websites I used. Some websites have this problem but some doesn't. And I don't need to click on links. Just clicking on everywhere on the website and the ads will appear in new tab.

- The problem even appears when I'm using this site.

- If I reset setting in chrome of edge, the problem'll disapprear for a little time but then it'll happen again very soon.

- My computer runs window 10 pro 64bit.

 

Can you guys help me fix this problem? Many thanks in advance and happy new year :D

 

Best regard,



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 01 January 2016 - 04:21 AM

G'day nhquan94, and Welcome to BC.

 

If you followed the instructions in THIS post do you still have the logs ?....if so please copy and paste them in your reply.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#3 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:22 AM

Posted 01 January 2016 - 05:11 AM

Nothing in the other post found anything except one of the programs below. Rerun the scans using AdwCleaner and JRT along 

with cleaning up the computer using CCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 


Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 nhquan94

nhquan94
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 01 January 2016 - 07:17 AM

Greatly appreciate you guys for very quick replies :)

 

Thanks Condobloke :) I think I'll follow buddy215 first.

----------

Here are logs that you required:

----------------------------------------

AdwCleaner

-----------------------------------------

# AdwCleaner v5.027 - Logfile created 01/01/2016 at 19:00:02
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Nhat Quan - NHATQUAN
# Running from : C:\Users\Nhat Quan\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Nhat Quan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Nhat Quan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [790 bytes] ##########
 
--------------------------------------------------------------
JRT
--------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64 
Ran by Nhat Quan (Administrator) on Fri 01/01/2016 at 19:09:25.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
Deleted the following from C:\Users\Nhat Quan\AppData\Roaming\Mozilla\Firefox\Profiles\7wx34AD6.default\prefs.js
user_pref(extensions.xpiState, {\app-profile\:{\abs@avira.com\:{\d\:\C:\\\\Users\\\\Nhat Quan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\7wx34AD6.def
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/01/2016 at 19:11:56.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#5 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:22 AM

Posted 01 January 2016 - 08:29 AM

Temp file cleaner may have removed something that CCleaner didn't. So, use Temp File Cleaner, too.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

EDIT: Rerun AdwCleaner and be sure to choose Clean after scan finishes.


Edited by buddy215, 01 January 2016 - 08:35 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 nhquan94

nhquan94
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 01 January 2016 - 08:45 AM

Dear bro, here are what you need:

 

---------

Startup list:

----------

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Free Download Manager FreeDownloadManager.ORG "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
Yes HKCU:Run GoogleDriveSync Google "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
Yes HKCU:Run UniKey C:\Program Files (x86)\UniKey\UniKeyNT.exe
Yes HKCU:RunOnce Uninstall C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
Yes HKLM:Run AdobeCS5ServiceManager "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run DptfPolicyLpmServiceHelper Intel Corporation C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SDTray Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
 
----------
Scheduled tasks
-----------
Yes Task ASUS Smart Gesture Launcher AsusTek C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateExplorerShellUnelevatedTask Microsoft Corporation C:\WINDOWS\explorer.exe /NOUACCHECK
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task klcp_update "C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=14
No Task Optimize Start Menu Cache Files-S-1-5-21-1748947013-2706026659-642613028-1001
Yes Task RtHDVBg Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
Yes Task RtHDVBg_ListenToDevice Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /AECBYLISTENTOSTATUS
Yes Task RTKCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
 
---------
Installed program
----------
3D Builder Microsoft Corporation 12/13/2015 10.10.38.0
Adobe AIR Adobe Systems Incorporated 12/2/2015 18.7 MB 3.1.0.4880
Adobe Help Manager Adobe Systems Incorporated 12/11/2015 47.7 MB 4.0.244
Adobe Illustrator CS5 Adobe Systems Incorporated 12/11/2015 47.7 MB 15.0
Adobe Media Player Adobe Systems Incorporated 12/2/2015 1.33 MB 1.8
Adobe Photoshop CS5 Adobe Systems Incorporated 12/11/2015 47.7 MB 12.0
Adobe Photoshop Lightroom 5 64-bit Adobe 9/17/2015 1.80 GB 5.0.1
Adobe Story Adobe Systems Incorporated 12/2/2015 4.44 MB 1.0.571
Alarms & Clock Microsoft Corporation 12/29/2015 10.1512.58020.0
App connector Microsoft Corporation 11/24/2015 1.3.3.0
Apple Application Support Apple Inc. 9/21/2015 83.6 MB 2.3.6
Apple Software Update Apple Inc. 9/21/2015 4.53 MB 2.1.3.127
ASUS Smart Gesture ASUS 11/24/2015 69.7 MB 4.0.5
ASUS Welcome ASUSTeK COMPUTER INC. 11/24/2015 1.0.1.0
Avast Free Antivirus AVAST Software 12/29/2015 967 MB 11.1.2245
Calculator Microsoft Corporation 12/30/2015 10.1512.54020.0
Camera Microsoft Corporation 12/16/2015 2015.1211.10.0
CCleaner Piriform 1/1/2016 5.13
Compare Advance 1.4.1.0 BauerApps 11/30/2015 4.38 MB
Facebook Facebook, Inc. 11/24/2015 1.4.0.9
Free Download Manager 3.9.7 FreeDownloadManager.ORG 1/1/2016 32.2 MB
Get Office Microsoft Corporation 12/10/2015 17.6508.23761.0
Get Skype Skype 11/24/2015 3.2.1.0
Get Started Microsoft Corporation 11/24/2015 2.5.6.0
Google Chrome Google Inc. 9/7/2015 466 MB 47.0.2526.106
Google Drive Google, Inc. 11/30/2015 67.3 MB 1.26.0707.2863
Groove Music Microsoft Corporation 11/24/2015 3.6.15131.0
HP AiO Printer Remote Hewlett-Packard Company 11/25/2015 58.1.78.0
HP LaserJet Professional P1100-P1560-P1600 Series 11/24/2015
K-Lite Codec Pack 11.5.0 Full 10/16/2015 111 MB 11.5.0
Mail and Calendar Microsoft Corporation 12/31/2015 17.6525.42271.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 11/11/2015 55.8 MB 2.2.0.1024
Maps Microsoft Corporation 12/15/2015 4.1512.3450.0
Messaging + Skype Microsoft Corporation 12/17/2015 2.12.15004.0
Microsoft Office Professional Plus 2016 Microsoft Corporation 12/2/2015 60.4 MB 16.0.4266.1001
Microsoft Solitaire Collection Microsoft Studios 12/19/2015 3.6.12153.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10/7/2015 6.45 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 10/7/2015 13.6 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 10/7/2015 16.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/7/2015 17.7 MB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 9/19/2015 33.4 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/7/2015 17.7 MB 10.0.40219
Microsoft Wi-Fi Microsoft Corporation 12/1/2015 1.1511.2.0
Money Microsoft Corporation 11/24/2015 4.7.118.0
Movies & TV Microsoft Corporation 12/10/2015 3.6.15731.0
MSN Food & Drink Microsoft Corporation 11/24/2015 3.0.4.336
MSN Health & Fitness Microsoft Corporation 11/24/2015 3.0.4.336
MSN Travel Microsoft Corporation 11/24/2015 3.0.4.336
News Microsoft Corporation 11/24/2015 4.7.118.0
NVIDIA GeForce Experience 2.5.14.5 NVIDIA Corporation 9/5/2015 24.7 MB 2.5.14.5
NVIDIA Graphics Driver 355.98 NVIDIA Corporation 10/4/2015 512 MB 355.98
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 9/5/2015 348 MB 9.15.0428
OneNote Microsoft Corporation 12/11/2015 17.6366.15841.0
People Microsoft Corporation 12/19/2015 10.0.3450.0
Phone Microsoft Corporation 12/8/2015 2.12.2002.0
Phone Companion Microsoft Corporation 11/24/2015 10.1511.18010.0
Photodex Presenter Photodex Corporation 12/2/2015 17.6 MB
Photos Microsoft Corporation 12/10/2015 15.1208.10480.0
ProShow Gold Photodex Corporation 12/2/2015 100 MB
QuickTime 7 Apple Inc. 9/21/2015 97.4 MB 7.76.80.95
Reader Microsoft Corporation 11/24/2015 6.4.9926.17994
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/2/2015 37.5 MB 6.0.1.7571
Sophos Virus Removal Tool Sophos Limited 12/31/2015 142 MB 2.5.5
Sports Microsoft Corporation 11/24/2015 4.7.130.0
Spybot - Search & Destroy Safer-Networking Ltd. 12/31/2015 154 MB 2.4.40
Store Microsoft Corporation 12/17/2015 2015.25.5.0
Sway Microsoft Corporation 12/11/2015 17.6509.20251.0
TeamViewer 10 TeamViewer 12/29/2015 36.3 MB 10.0.47484
The Economist on Windows The Economist Newspaper 12/7/2015 2.0.1.0
UniKey 4.0 RC2 (build 1101) Pham Kim Long 9/4/2015 1.63 MB
Visual Studio 2012 x64 Redistributables AVG Technologies 10/17/2015 13.0 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 10/17/2015 40.0 KB 14.0.0.1
Voice Recorder Microsoft Corporation 12/22/2015 10.1512.21110.0
Weather Microsoft Corporation 11/24/2015 4.7.118.0
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) ASUS 11/24/2015 06/17/2015 1.0.0.262
Windows Reading List Microsoft Corporation 11/24/2015 6.3.9654.20947
Windows Scan Microsoft Corporation 11/24/2015 6.3.9654.17133
WinRAR 5.21 (64-bit) win.rar GmbH 12/2/2015 4.93 MB 5.21.0
Xbox Microsoft Corporation 12/10/2015 11.12.9011.0
 
 
Thanks you very much. I'll run the Adwcleaner again and click Cleaning :)


#7 nhquan94

nhquan94
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 01 January 2016 - 08:56 AM

I also give you the log file of the 2nd run of Adwcleaner :)

----------

# AdwCleaner v5.027 - Logfile created 01/01/2016 at 20:50:55
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Nhat Quan - NHATQUAN
# Running from : C:\Users\Nhat Quan\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2298 bytes] ##########


#8 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:22 AM

Posted 01 January 2016 - 09:14 AM

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right

Yes HKCU:Run Free Download Manager FreeDownloadManager.ORG "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun

Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

Remove/ Delete the Spybot item above not just Disable

Yes HKCU:RunOnce Uninstall C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
Yes HKLM:Run AdobeCS5ServiceManager "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SDTray Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
 
Disable these Scheduled Tasks:
Yes Task CreateExplorerShellUnelevatedTask Microsoft Corporation C:\WINDOWS\explorer.exe /NOUACCHECK
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task klcp_update "C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=14
 
Uninstall these programs: (Uninstall the Microsoft ones in green that you do not use)
Money Microsoft Corporation 11/24/2015 4.7.118.0
Movies & TV Microsoft Corporation 12/10/2015 3.6.15731.0
MSN Food & Drink Microsoft Corporation 11/24/2015 3.0.4.336
MSN Health & Fitness Microsoft Corporation 11/24/2015 3.0.4.336
MSN Travel Microsoft Corporation 11/24/2015 3.0.4.336
News Microsoft Corporation 11/24/2015 4.7.118.0
Sophos Virus Removal Tool Sophos Limited 12/31/2015 142 MB 2.5.5
Spybot - Search & Destroy Safer-Networking Ltd. 12/31/2015 154 MB 2.4.40
TeamViewer 10 TeamViewer 12/29/2015 36.3 MB 10.0.47484 (Unless you intentionally installed and use it)
 
Check your Firefox Extensions for unknown extensions. If you see Avira mentioned, remove it and any other you did not install.
 
After doing the above, let me know if the ads are still appearing.
You didn't mention running Temp File Cleaner....please do if you haven't.
 

Edited by buddy215, 01 January 2016 - 09:55 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:22 AM

Posted 01 January 2016 - 09:23 AM

I just now saw the latest AdwCleaner scan results. I did notice you installed a Downloader on Jan. 1st. Almost always

adware will be included in that and similar free downloads. Best to run another scan using both MBAM and JRT.

 

  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

You already have the Junkware Removal Tool you downloaded today so use it to scan again.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 nhquan94

nhquan94
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 01 January 2016 - 10:25 AM

Yes, I did run Temp File Clearer :)

 

And I also did all the things you mentioned above.

 

About the tasks related to Onedrive and Google, could you tell me why should I disable them? I dont understand the purposes of these tasks :)

 

Yes HKCU:RunOnce Uninstall C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 Microsoft CorporationC:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

Here are the log files:

-------

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 1/1/2016
Scan Time: 9:43 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.01.02
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Nhat Quan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352125
Time Elapsed: 27 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 nhquan94

nhquan94
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 01 January 2016 - 10:29 AM

Also here are the lists after using CCleaner:

------

Startup:

-----------

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run GoogleDriveSync Google "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run UniKey C:\Program Files (x86)\UniKey\UniKeyNT.exe
No HKCU:RunOnce Uninstall C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nhat Quan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
No HKLM:Run AdobeCS5ServiceManager "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run DptfPolicyLpmServiceHelper Intel Corporation C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
No HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
No HKLM:Run SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
No Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
 
---------
Scheduled tasks:
---------
Yes Task ASUS Smart Gesture Launcher AsusTek C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
No Task CreateExplorerShellUnelevatedTask Microsoft Corporation C:\WINDOWS\explorer.exe /NOUACCHECK
No Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
No Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task klcp_update "C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=14
No Task Optimize Start Menu Cache Files-S-1-5-21-1748947013-2706026659-642613028-1001
Yes Task RtHDVBg Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
Yes Task RtHDVBg_ListenToDevice Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /AECBYLISTENTOSTATUS
Yes Task RTKCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
 
--------
Program list
---------
3D Builder Microsoft Corporation 12/13/2015 10.10.38.0
Adobe AIR Adobe Systems Incorporated 12/2/2015 18.7 MB 3.1.0.4880
Adobe Help Manager Adobe Systems Incorporated 12/11/2015 47.7 MB 4.0.244
Adobe Illustrator CS5 Adobe Systems Incorporated 12/11/2015 47.7 MB 15.0
Adobe Media Player Adobe Systems Incorporated 12/2/2015 1.33 MB 1.8
Adobe Photoshop CS5 Adobe Systems Incorporated 12/11/2015 47.7 MB 12.0
Adobe Photoshop Lightroom 5 64-bit Adobe 9/17/2015 1.80 GB 5.0.1
Adobe Story Adobe Systems Incorporated 12/2/2015 4.44 MB 1.0.571
Alarms & Clock Microsoft Corporation 12/29/2015 10.1512.58020.0
App connector Microsoft Corporation 11/24/2015 1.3.3.0
Apple Application Support Apple Inc. 9/21/2015 83.6 MB 2.3.6
Apple Software Update Apple Inc. 9/21/2015 4.53 MB 2.1.3.127
ASUS Smart Gesture ASUS 11/24/2015 69.7 MB 4.0.5
ASUS Welcome ASUSTeK COMPUTER INC. 11/24/2015 1.0.1.0
Avast Free Antivirus AVAST Software 12/29/2015 967 MB 11.1.2245
Calculator Microsoft Corporation 12/30/2015 10.1512.54020.0
Camera Microsoft Corporation 12/16/2015 2015.1211.10.0
CCleaner Piriform 1/1/2016 5.13
Compare Advance 1.4.1.0 BauerApps 11/30/2015 4.38 MB
Facebook Facebook, Inc. 11/24/2015 1.4.0.9
Free Download Manager 3.9.7 FreeDownloadManager.ORG 1/1/2016 32.2 MB
Get Office Microsoft Corporation 12/10/2015 17.6508.23761.0
Get Skype Skype 11/24/2015 3.2.1.0
Get Started Microsoft Corporation 11/24/2015 2.5.6.0
Google Chrome Google Inc. 9/7/2015 466 MB 47.0.2526.106
Google Drive Google, Inc. 11/30/2015 67.3 MB 1.26.0707.2863
Groove Music Microsoft Corporation 11/24/2015 3.6.15131.0
HP AiO Printer Remote Hewlett-Packard Company 11/25/2015 58.1.78.0
HP LaserJet Professional P1100-P1560-P1600 Series 11/24/2015
K-Lite Codec Pack 11.5.0 Full 10/16/2015 111 MB 11.5.0
Mail and Calendar Microsoft Corporation 12/31/2015 17.6525.42271.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 11/11/2015 55.8 MB 2.2.0.1024
Maps Microsoft Corporation 12/15/2015 4.1512.3450.0
Messaging + Skype Microsoft Corporation 12/17/2015 2.12.15004.0
Microsoft Office Professional Plus 2016 Microsoft Corporation 12/2/2015 60.4 MB 16.0.4266.1001
Microsoft Solitaire Collection Microsoft Studios 12/19/2015 3.6.12153.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10/7/2015 6.45 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 10/7/2015 13.6 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 10/7/2015 16.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/7/2015 17.7 MB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 9/19/2015 33.4 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/7/2015 17.7 MB 10.0.40219
Microsoft Wi-Fi Microsoft Corporation 12/1/2015 1.1511.2.0
Money Microsoft Corporation 11/24/2015 4.7.118.0
Movies & TV Microsoft Corporation 12/10/2015 3.6.15731.0
MSN Food & Drink Microsoft Corporation 11/24/2015 3.0.4.336
MSN Health & Fitness Microsoft Corporation 11/24/2015 3.0.4.336
MSN Travel Microsoft Corporation 11/24/2015 3.0.4.336
News Microsoft Corporation 11/24/2015 4.7.118.0
NVIDIA GeForce Experience 2.5.14.5 NVIDIA Corporation 9/5/2015 24.7 MB 2.5.14.5
NVIDIA Graphics Driver 355.98 NVIDIA Corporation 10/4/2015 512 MB 355.98
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 9/5/2015 348 MB 9.15.0428
OneNote Microsoft Corporation 12/11/2015 17.6366.15841.0
People Microsoft Corporation 12/19/2015 10.0.3450.0
Phone Microsoft Corporation 12/8/2015 2.12.2002.0
Phone Companion Microsoft Corporation 11/24/2015 10.1511.18010.0
Photodex Presenter Photodex Corporation 12/2/2015 17.6 MB
Photos Microsoft Corporation 12/10/2015 15.1208.10480.0
ProShow Gold Photodex Corporation 12/2/2015 100 MB
QuickTime 7 Apple Inc. 9/21/2015 97.4 MB 7.76.80.95
Reader Microsoft Corporation 11/24/2015 6.4.9926.17994
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/2/2015 37.5 MB 6.0.1.7571
Sports Microsoft Corporation 11/24/2015 4.7.130.0
Store Microsoft Corporation 12/17/2015 2015.25.5.0
Sway Microsoft Corporation 12/11/2015 17.6509.20251.0
TeamViewer 10 TeamViewer 12/29/2015 36.3 MB 10.0.47484
The Economist on Windows The Economist Newspaper 12/7/2015 2.0.1.0
UniKey 4.0 RC2 (build 1101) Pham Kim Long 9/4/2015 1.63 MB
Visual Studio 2012 x64 Redistributables AVG Technologies 10/17/2015 13.0 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 10/17/2015 40.0 KB 14.0.0.1
Voice Recorder Microsoft Corporation 12/22/2015 10.1512.21110.0
Weather Microsoft Corporation 11/24/2015 4.7.118.0
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) ASUS 11/24/2015 06/17/2015 1.0.0.262
Windows Reading List Microsoft Corporation 11/24/2015 6.3.9654.20947
Windows Scan Microsoft Corporation 11/24/2015 6.3.9654.17133
WinRAR 5.21 (64-bit) win.rar GmbH 12/2/2015 4.93 MB 5.21.0
Xbox Microsoft Corporation 12/10/2015 11.12.9011.0
 


#12 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:22 AM

Posted 01 January 2016 - 11:24 AM

You can re-enable any item if and when you like. Google updating is a bit over done and I consider it more spying than actually performing a service.

I couldn't find any reliable info on the one drive item. Disable it and if you see a problem using one drive then you can always re-enable.

 

So...are ads gone?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 nhquan94

nhquan94
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 01 January 2016 - 09:27 PM

Thank you :)

 

Now the ads doesn't appear but I'll try to use my laptop as usual and inform you tomorrow.

 

It seems that these instructions are applied for my computer only. Shall I applied them to a different computer as well? Actually I have a second computer whom also be affected by this ads. It runs windows 7 x32.

 

Initially, I will use your instructions to see if the problem goes away or not :)

 

Editted: Acctually I'm still waiting for your approval before trying to fix my second computer :)


Edited by nhquan94, 02 January 2016 - 02:04 AM.


#14 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:22 AM

Posted 02 January 2016 - 04:28 AM

Scan and clean up the other computer using CCleaner, MBAM, AdwCleaner, Junkware Removal Tool and Eset Online Scanner.

Here are the directions for use all in one place:

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 nhquan94

nhquan94
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 02 January 2016 - 09:45 AM

Dear bro,

 

Thanks for your advice.

 

My second computer seems to be running well again. Firstly I run CCleaner, then performed an Adwcleaner scan, then run JRT, TFR and run Adwcleaner again. I also scan this computer with MBMA and finally I run Eset online scanner.

 

Eset found nothing.

 

I will use both computers and inform you the results tomorrow. I'm also intending to use Zonealarm Free Firewall, how do you think about this program?

---------------------------

Here are the log files:

--------------------------

First Adwcleaner:

# AdwCleaner v5.027 - Logfile created 02/01/2016 at 20:03:39
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : thanh quyen - THANHQUYEN-PC
# Running from : C:\Users\thanh quyen\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : Service KMSELDI
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\kmspico
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kmspico
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
 
***** [ Web browsers ] *****
 
[C:\Users\thanh quyen\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\thanh quyen\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1212 bytes] ##########

 

--------------
JRT result:
--------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x86 
Ran by thanh quyen (Administrator) on Sat 01/02/2016 at 20:08:53.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/02/2016 at 20:10:34.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2nd Adwcleaner
--------------------------
# AdwCleaner v5.027 - Logfile created 02/01/2016 at 20:15:03
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : thanh quyen - THANHQUYEN-PC
# Running from : C:\Users\thanh quyen\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [595 bytes] ##########
 
MBMA
----------------
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/2/2016
Scan Time: 8:22 PM
Logfile: abc.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.02.04
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: thanh quyen
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280133
Time Elapsed: 7 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users