Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spin the Lucky Wheel virus/malware?


  • Please log in to reply
9 replies to this topic

#1 kwagner21

kwagner21

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 05 January 2016 - 11:21 AM

I am running Windows 10 with the edge browser. I mistakenly went to a page that keeps pulling up a popup that says spin the lucky wheel... and an ok button. I  have not clicked the button. I closed the browser but everytime I reopen it, it goes straight to that page, with no access to the tool bar or anything. tried restarting the computer, no luck. every time I open edge, it goes straight to that screen. can't close it normally, need to go to the task manager. I can only guess it is a virus. tried running a virus scan with avast but it didn't find anything. Thanks



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 PM

Posted 05 January 2016 - 11:29 AM

The programs below have success in finding and removing adware and malware. Use all of them as often malware is responsible for the adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 kwagner21

kwagner21
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 05 January 2016 - 03:21 PM

MBAM didn't find anything and didn't create a log.

Adwcleaner log:

 

# AdwCleaner v5.028 - Logfile created 05/01/2016 at 12:52:26
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : law2 - LAW2-PC
# Running from : C:\Users\law2\AppData\Local\Microsoft\Windows\INetCache\IE\L49X32XW\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Key Found : HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2013 bytes] ##########

 

 

Junkware log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by law2 (Administrator) on Tue 01/05/2016 at 13:16:10.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 8

Successfully deleted: C:\Users\law2\AppData\Local\{332A72A0-6D9B-4E54-8F16-792C91E8F91A} (Empty Folder)
Successfully deleted: C:\Users\law2\AppData\Local\{37141295-DEFB-4988-8720-BE4183C06495} (Empty Folder)
Successfully deleted: C:\Users\law2\AppData\Local\{677E0F8A-70DA-4836-ACA6-E8E10E8C4B5A} (Empty Folder)
Successfully deleted: C:\Users\law2\AppData\Local\{7D824EC5-E411-4786-B92D-832416F0A80A} (Empty Folder)
Successfully deleted: C:\Users\law2\AppData\Local\{959C9E40-C5DD-4B4D-8519-7CEEA4BB800F} (Empty Folder)
Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/05/2016 at 13:17:37.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

ESET Log:

 

C:\Users\law2\Documents\AA Sabrina's\7zip_installer_1650.exe a variant of Win32/InstallIQ potentially unwanted application cleaned by deleting
C:\Users\law2\Documents\Downloads\couponprinter(1).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\law2\Documents\Downloads\couponprinter(2).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\law2\Downloads\cbsidlm-cbsi213-WinDjView-SEO-10907418.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application cleaned by deleting
C:\Windows.old\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application cleaned by deleting

 

 

 

 



#4 buddy215

buddy215

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 PM

Posted 05 January 2016 - 04:22 PM

If MBAM completed its scan then it would of created a scan log. Please check and post the log.

 

Restart MBAM

  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.

    mbamlog_zpsa7413aad.png
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

Rerun AdwCleaner and be sure to choose Clean after scan finishes.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 kwagner21

kwagner21
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 06 January 2016 - 10:49 AM

mbam log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/6/2016
Scan Time: 10:13 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.06.03
Rootkit Database: v2016.01.05.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: law2
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 459513
Time Elapsed: 26 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 

(end)

 

 

 



#6 kwagner21

kwagner21
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 06 January 2016 - 10:51 AM

for some reason it isn't letting me copy and past the info from ccleaner.

i'll keep trying



#7 kwagner21

kwagner21
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 06 January 2016 - 11:03 AM

startup:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\law2\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKLM:Run AccuWeatherWidget Unlimited Realities "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
Yes HKLM:Run Adobe Reader Speed Launcher  "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run Dell Registration Dell, Inc. C:\Program Files (x86)\System Registration\prodreg.exe /boot
Yes HKLM:Run DellStage Unlimited Realities "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
No HKLM:Run HotSync  "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
No HKLM:Run NeroLauncher Nero AG C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
Yes HKLM:Run Persistence Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
Yes HKLM:Run Stage Remote ArcSoft, Inc. C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No Startup Common HotSync Manager.lnk PalmSource, Inc C:\Program Files (x86)\palmOne\Hotsync.exe

 

Scheduled:

 

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateExplorerShellUnelevatedTask Microsoft Corporation C:\WINDOWS\explorer.exe /NOUACCHECK
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task SystemToolsDailyTest  "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
Yes Task {76F885B3-3423-4218-8FA2-F7C16FAB37B5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\law2\Desktop\install_flash_player(2).exe -d C:\Users\law2\Desktop
Yes Task {D28DD71D-889C-41EB-8AB7-5AF724225001} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\law2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4H3Q1WXE\AdobeAIRInstaller.exe" -d C:\Users\law2\Desktop

 

Install:

 

3D Builder Microsoft Corporation 12/31/2015  10.10.38.0
Acrobat.com Adobe Systems Incorporated 12/30/2015  2.0.0.0
Adobe Acrobat Reader DC Adobe Systems Incorporated 11/30/2015 187 MB 15.009.20079
Adobe AIR Adobe Systems Incorporated 1/5/2016  20.0.0.233
Adobe Digital Editions 2.0 Adobe Systems Incorporated 12/30/2015 15.3 MB 2.0.1
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 12/30/2015 9.04 MB 20.0.0.267
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 12/30/2015  12.1.9.160
Alarms & Clock Microsoft Corporation 12/31/2015  10.1512.58020.0
App connector Microsoft Corporation 12/30/2015  1.3.3.0
Avast Free Antivirus AVAST Software 12/30/2015  11.1.2245
Blio K-NFB Reading Technology, Inc. 1/17/2012 65.7 MB 2.3.7140
Calculator Microsoft Corporation 12/31/2015  10.1512.54020.0
Camera Microsoft Corporation 12/30/2015  2015.1211.10.0
CCleaner Piriform 1/5/2016  5.13
Conexant HD Audio Conexant 12/30/2015  8.50.4.0
Cozi Cozi Group, Inc. 1/17/2012  1.0.6505.38692
Dark Arcana - The Carnival Oberon Media 12/30/2015  
Dell Customer Connect Dell Inc. 8/27/2015 5.30 MB 1.2.1.0
Dell Data Vault  1/17/2012  
Dell DataSafe Local Backup Dell Inc. 1/17/2012  9.4.61
Dell DataSafe Local Backup - Support Software Dell Inc. 1/17/2012  9.4.61
Dell DataSafe Online Dell 1/17/2012 6.46 MB 2.1.19634
Dell Digital Delivery Dell Products, LP 6/25/2014 2.57 MB 2.9.901.0
Dell Getting Started Guide Dell Inc. 1/17/2012  1.00.0000
Dell Home Systems Service Agreement Dell Inc. 1/17/2012  2.0.0
Dell MusicStage Fingertapps 1/17/2012  1.5.201.0
Dell PhotoStage ArcSoft 1/17/2012 130 MB 1.5.0.65
Dell Product Registration Dell Inc. 1/17/2012  1.1.3
Dell Stage Fingertapps 7/9/2012 85.5 MB 1.7.209.0
Dell Stage Remote ArcSoft 1/17/2012 80.8 MB 2.0.0.43
Dell SupportAssist Dell 12/30/2015 197 MB 1.1.6664.93
Dell SupportAssistAgent Dell 11/12/2015 47.8 MB 1.1.1.14
Dell Update Dell Inc. 8/31/2015 2.91 MB 1.7.1015.0
Dell VideoStage CyberLink Corp. 1/17/2012  1.2.0.1712
eBay eBay Inc. 1/17/2012  1.4.0
ESET Online Scanner v3  12/30/2015  
Get Office Microsoft Corporation 12/30/2015  17.6508.23761.0
Get Skype Skype 12/30/2015  3.2.1.0
Get Started Microsoft Corporation 12/30/2015  2.5.6.0
Groove Music Microsoft Corporation 12/30/2015  3.6.15131.0
InstallIQ Updater  1/17/2012  
Intel® Processor Graphics Intel Corporation 12/30/2015 74.2 MB 8.15.10.2291
Java 8 Update 60 Oracle Corporation 10/14/2015 20.6 MB 8.0.600.27
Mail and Calendar Microsoft Corporation 12/31/2015  17.6525.42271.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 1/5/2016 66.1 MB 2.2.0.1024
Maps Microsoft Corporation 12/30/2015  4.1512.3450.0
Messaging + Skype Microsoft Corporation 12/31/2015  2.12.15004.0
Microsoft Office Home and Business 2010 Microsoft Corporation 12/30/2015  14.0.7015.1000
Microsoft Office Outlook Connector Microsoft Corporation 8/16/2012 3.36 MB 14.0.6123.5001
Microsoft Silverlight Microsoft Corporation 12/9/2015 398 MB 5.1.41105.0
Microsoft Solitaire Collection Microsoft Studios 12/30/2015  3.6.12153.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 1/17/2012 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 7/11/2012 300 KB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 1/17/2012 608 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 1/17/2012 586 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 1/17/2012 586 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/11/2012 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/12/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/12/2015 11.1 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 12/30/2015  10.0.50903
Microsoft Wi-Fi Microsoft Corporation 12/31/2015  1.1511.2.0
Money Microsoft Corporation 12/30/2015  4.7.118.0
Movies & TV Microsoft Corporation 12/30/2015  3.6.15731.0
Mozilla Firefox 43.0.1 (x86 en-US) Mozilla 1/4/2016 89.8 MB 43.0.1
Mozilla Maintenance Service Mozilla 1/4/2016 233 KB 43.0.1.5828
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 7/11/2012 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 7/11/2012 1.33 MB 4.20.9876.0
News Microsoft Corporation 12/30/2015  4.7.118.0
NOOK for PC Barnesandnoble.com 12/30/2015 38.0 MB 2.5.6.9575
OneNote Microsoft Corporation 1/6/2016  17.6366.43091.0
OverDrive Media Console OverDrive, Inc. 1/30/2014 9.95 MB 3.3.0
Palm Desktop by ACCESS Palm, Inc. 8/1/2012 125 MB 6.4.0.0
People Microsoft Corporation 12/30/2015  10.0.3450.0
Phone Microsoft Corporation 12/31/2015  2.12.2002.0
Phone Companion Microsoft Corporation 12/30/2015  10.1511.18010.0
Photos Microsoft Corporation 12/30/2015  15.1208.10480.0
PlayReady PC Runtime x86 Microsoft Corporation 1/17/2012 1.65 MB 1.3.0
Skype™ 7.0 Skype Technologies S.A. 4/15/2015 47.9 MB 7.0.102
Sports Microsoft Corporation 12/30/2015  4.7.130.0
Store Microsoft Corporation 12/30/2015  2015.25.5.0
Sway Microsoft Corporation 12/31/2015  17.6509.20251.0
SyncUP Nero AG 1/17/2012 287 MB 1.10.11100.8.106
TrustedID TrustedID 1/17/2012  5.0
Twitter Twitter Inc. 12/30/2015  4.3.3.0
Unity Web Player Unity Technologies ApS 12/30/2015 12.0 MB 4.6.2f1
Voice Recorder Microsoft Corporation 12/30/2015  10.1512.21110.0
Weather Microsoft Corporation 12/30/2015  4.7.118.0
WildTangent Games WildTangent 12/30/2015  1.0.2.5
WinDjView 2.0.2 Andrew Zhezherun 12/30/2015  2.0.2
Windows DVD Player Microsoft Corporation 12/30/2015  3.6.13291.0
Windows Live Essentials Microsoft Corporation 1/17/2012  15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 1/17/2012 5.57 MB 15.4.5722.2
Xbox Microsoft Corporation 12/30/2015  11.12.9011.0
Zinio Reader 4 Zinio LLC 12/30/2015  4.2.4164

 

and Adwcleaner, in case you want it:

 

# AdwCleaner v5.028 - Logfile created 06/01/2016 at 10:55:10
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : law2 - LAW2-PC
# Running from : C:\Users\law2\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [560 bytes] ##########


 

 



#8 buddy215

buddy215

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 PM

Posted 06 January 2016 - 12:22 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKLM:Run AccuWeatherWidget Unlimited Realities "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
Yes HKLM:Run Adobe Reader Speed Launcher  "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

Yes HKLM:Run Dell Registration Dell, Inc. C:\Program Files (x86)\System Registration\prodreg.exe /boot
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"

Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

Disable these Scheduled Tasks:

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateExplorerShellUnelevatedTask Microsoft Corporation C:\WINDOWS\explorer.exe /NOUACCHECK
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task SystemToolsDailyTest  "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
Yes Task {76F885B3-3423-4218-8FA2-F7C16FAB37B5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\law2\Desktop\install_flash_player(2).exe -d C:\Users\law2\Desktop
Yes Task {D28DD71D-889C-41EB-8AB7-5AF724225001} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\law2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4H3Q1WXE\AdobeAIRInstaller.exe" -d C:\Users\law2\Desktop

 

Uninstall These Programs:

Dell Customer Connect Dell Inc. 8/27/2015 5.30 MB 1.2.1.0

Dell SupportAssist Dell 12/30/2015 197 MB 1.1.6664.93

Dell SupportAssistAgent Dell 11/12/2015 47.8 MB 1.1.1.14

eBay eBay Inc. 1/17/2012  1.4.0

ESET Online Scanner v3  12/30/2015

InstallIQ Updater  1/17/2012 (adware)

Java 8 Update 60 Oracle Corporation 10/14/2015 20.6 MB 8.0.600.27

Unity Web Player Unity Technologies ApS 12/30/2015 12.0 MB 4.6.2f1 (suggest using VideoLAN - Official page for VLC media player, the Open Source video framework!

WildTangent Games WildTangent 12/30/2015  1.0.2.5 (ad and spyware intensive)

Windows Live Essentials Microsoft Corporation 1/17/2012  15.4.3508.1109 (no longer supported)

 

If you have a problem uninstalling an item try using Download Revo Uninstaller Freeware in Advanced Mode.

 

Please tell me if you are still seeing ads, search redirects, etc.

I don't know if the first MBAM scan removed the culprit or not....you only gave me today's scan.


Edited by buddy215, 06 January 2016 - 12:23 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 kwagner21

kwagner21
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 06 January 2016 - 12:42 PM

here is the log from yesterday:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/5/2016
Scan Time: 11:53 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.05.04
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: law2

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 458246
Time Elapsed: 25 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Deleting the other programs listed. 

No, not getting anything strange anymore. thank you.
 



#10 buddy215

buddy215

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 PM

Posted 06 January 2016 - 01:28 PM

Two suggestions...though you might already have performed them.

 

Install the Adblock Plus extension in Firefox. Once installed click on its ABP icon. Choose Filter Preferences and UNcheck Allow some non-intrusive advertisements

Adblock Plus :: Add-ons for Firefox

 

Block the install of Third Party (ad / tracking) cookies in Firefox and other browsers.

How to disable third-party cookies in all major web browsers

 

You're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users