Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Youtube related issue and/or hijacked Chrome


  • Please log in to reply
8 replies to this topic

#1 TimvdO

TimvdO

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 January 2016 - 04:32 AM

Alright, I've been having a rather unusual issue so I'll be very thorough and detailed about what's happened and what measures I have taken. I'm sorry for the large text in advance.

 

Using Windows 7 with Microsoft Security Essentials. Issue first spotted in Google Chrome with adblock plus.

 

The problem

  • I tried to connect to a website and it seemed to be down (rest of internet worked fine as usual)
  • Several hours later I refreshed and the website loaded again, but something seemed weird with the layout and strange symbols. (as I later figured it was mainly due to an embedded youtube being broken/weird)
  • At this time I went to youtube directly and found out that the layout for the entire html page/text was broken and the same weird symbols were popping up.
  • It finally came to me that some of the symbols are just enlarged buttons from the youtube player that was broken for whatever reason. You can see some of these here: http://i.imgur.com/ytvgtzI.png
  • If I click the play button there for example then another area appears. I am not sure if this is to do with (normally) hidden draw areas but it's basically the first of the following images, except if I hoover the mouse over certain areas and it will appear as the second. First: http://i.imgur.com/RYCU0TF.png Second: http://i.imgur.com/hWbZPyz.png
  • I thought it could be to do with flash although that shouldn't affect page layout, and youtube mainly uses html5 these days so it could be to do with that but at that point I figured it might be time to run a virus scan.

Troubleshooting

 

  • Microsoft Security Essentials scans and finds 0 problems.
  • I downloaded Malwarebytes Anti-Malware to run a scan with that. Please note that before this I have not downloaded a single file to my computer in several weeks.
  • Malwarebytes Anti-Malware scans and finds 0 problems.
  • I search around on Chrome a bit and discover that on certain websites embedded youtube videos still look and function as normal. I guess there are two different types of embedded youtube videos.
  • I tried googling for any issues, but unfortunately it's almost impossible to find anything related to youtube or google as these words are simply far too common.
  • I tried opening Internet Explorer to see if the issue is present there. In Internet Explorer youtube works perfectly fine so my issue is Chrome related.
  • At this stage I restarted Chrome but that did not change anything.
  • Afterwards I thought to reboot my computer, however I decided to install windows updates first in case some of the updates could help with my issues.

Troubleshooting when things get complicated

 

  • All windows updates installed, but youtube is still broken when I open Chrome.
  • I try running Microsoft Security Essentials again and it gets stuck after a while on a notable file: chrome.exe !
  • Since that didn't work I tried scanning with Malwarebytes again which found 0 problems still.
  • At some point I opened a tab in my browser and got a small warning pop-up from Malwarebytes Anti-Malware stating something was blocked to do with clickadu.com !
  • I have googled for something to do with a virus there, and did find some bad things related to it, but all of it seems a lot different from my situation so it seems unwise to follow those steps.
  • At a later stage after another attempt to find something with MBAM the scanner gets stuck after a while.
  • Here I unplugged the ethernet cable and disconnect from the internet to see if that affects the scans.
  • At this point I run both MSE and MBAM scans and without being connected to the internet neither of them gets stuck. They both scan as normal but find 0 problems.

Trying some different programs

 

  • Since neither of these suites seem able to pinpoint what the problem is or help me find out exactly what I'm dealing with I tried out some other programs.
  • AdwCleaner finds a few issues in - AppData\Local\Google\Chrome\User Data\Default\Local Storage\ - some files with the words chatango.com and olark.com stand out ! (can attach logs if wanted)
  • Again as with clickadu before I can find some negatives related to these names but nothing like my issue. I don't have any weird ads or pop-ups, only the issue with youtube.
  • I ran FRST64.exe afterwards but I think I'm not supposed to post those logs here. I am just noting that I did run that program at this point and I could provide logs when desired.
  • At this point I tried ESET Online Scanner through Internet Explorer which seemed to get stuck early on similar to MBAM.
  • Since I was busy for a while I left it running instead of aborting and it did proceed again eventually even though it seemed to get stuck forever on certain files.
  • (as I am writing this down now I'd like to point out I have a very powerful computer and until this stage I didn't experience and slowing down of my system)
  • I am aware that it might be very bad to remove files at a bad stage, and unfortunately ESET Online Scanner did find ONE single problem and deleted that right away without asking for my input. Namely: - C:\Users\workstation\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted -
  • At this stage I suddenly noticed that some programs started to freeze up, I guess as a consequence of the deleted file which triggered something else.
  • Although the programs did respond again after a few minutes it was a scary turn of events so I rebooted again to try some basic scans again, in case they would now actually find something.
  • Booting into Safe mode MSE & MBAM scan and still find nothing.
  • Booting normally and WITH internet MSE gets stuck after approximately 17 minutes.
  • Unlike before it's not on Chrome.exe no more but it will repeatedly get stuck somewhere in C:\Windows\winsxs\Backup (not always on the same file though)
  • MBAM scan will still start to get stuck on files after a few minutes only to go through a few more. Eventually even if I leave it running a couple of hours it just stays stuck.
  • I rebooted again and discovered if I run an MBAM scan even with internet it will scan and not find any issues. Only AFTER running MSE and getting it stuck, will MBAM scans get frozen.

This is about where I'm at now. I haven't the feinted idea what's wrong, but despite most scans finding nothing there's more than enough indications that there is some sort of virus or malware present or I would have simply tried reinstalling Google Chrome. I checked the browser extensions and there are no unknown extensions there.

I have never really had a virus myself before, but I have used resources in forums like these in the past to help other people remove viruses and malware. I am kind of suspicious that most likely the site I mentioned at the start uses some bad advertisement companies and despite running adblock plus I somehow got a virus that was served through an ad.

 

I do really appreciate if someone here could spare some time to help out. I can understand it might take a while for a reaction, but in case I get a swift response I'll just state for clarity I will go to sleep now and I might not have much time tomorrow to respond tomorrow either, but I will subscribe to this topic and if someone responds I will see what I can do!

 


BC AdBot (Login to Remove)

 


#2 pigmeej

pigmeej

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 January 2016 - 05:35 AM

I've created the account on this forum just to answer your question. I had the same problem. Disabling adblock on youtube should fix the issue.



#3 TimvdO

TimvdO
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 January 2016 - 06:00 AM

Thanks for your response, turned my computer on to check and I didn't even need to turn of adblock plus. Youtube was already working.

 

https://twitter.com/AdblockPlus/status/688023643822096384

 

Seems as though this issue has been resolved, although I still find it strange that this even affected my virus scanner when Google Chrome wasn't even running. Unless an expert feels like there's more to look at here consider this topic resolved. (whether or not I should stick to adblock plus on the other hand is a whole different matter)



#4 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 PM

Posted 16 January 2016 - 07:28 AM

Welcome to BC...

 

Scan your computer with the two programs below. I doubt Adblock Plus caused the problem unless it was corrupted. It can easily be

uninstalled and reinstalled. Click on the ABP icon and choose Filter Preferences. Uncheck the box next to Allow some non-intrusive advertisements.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

I see that you may have CCleaner installed. Use it to run a scan by opening it and clicking on the Run Cleaner button in the bottom right corner.

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:03:08 PM

Posted 16 January 2016 - 02:24 PM

See HERE.



#6 TimvdO

TimvdO
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 January 2016 - 06:07 PM

Hello Buddy215,

 

Thank you for your time. I have followed the steps you told me. Unfortunately I can't seem to find the text document of AdwCleaner however I still have the one from when I previously scanned with AdwCleaner and didn't remove files. I did compare the results and they were exactly the same files, except this time I did the step to clean the files listed.

 

 

# AdwCleaner v5.029 - Logfile created 15/01/2016 at 21:19:57

# Updated 11/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : workstation - WORKSTATION-PC
# Running from : C:\Users\workstation\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
File Found : C:\Users\workstation\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Found : C:\Users\workstation\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\workstation\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
File Found : C:\Users\workstation\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\workstation\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\workstation\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\workstation\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aida64-extreme-edition.en.softonic.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1577 bytes] ##########
 

 

here are the results of JRT

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x64 
Ran by workstation (Administrator) on za 16-01-2016 at 20:10:17,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 15 
 
Failed to delete: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KADEYQ0 (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10M37E61 (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IXIDXIW (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66O14FCG (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGBJ0D89 (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYD83X3D (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6UA9BC6 (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWNV9M5K (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HH5O51GA (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I00UNRR8 (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3S315WZ (Folder) 
Successfully deleted: C:\Users\workstation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGZJTPUC (Folder) 
Successfully deleted: C:\Windows\SysWOW64\REN5F00.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\REN7E77.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\RENEF6C.tmp (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 16-01-2016 at 20:12:02,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

And finally the three things you asked for from CCleaner.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No HKLM:Run Command Center C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
Yes HKLM:Run GamingMouse C:\Program Files (x86)\Drakonia Configurator\hid.exe
No HKLM:Run Live Update Micro-Star International C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
Yes HKLM:Run MSC Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run Super Charger C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes HKLM:Run VIAxHCUtl C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
 

 

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 Intel Corporation "C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" --automatic
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon Intel Corporation "C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" --automatic
No Task Start Corsair Link Corsair Components, Inc. "C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe"
 

 

7-Zip 9.20 (x64 edition) Igor Pavlov 19-10-2014 4,53 MB 9.20.00.0

Antichamber Alexander Bruce 16-6-2015
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 19-10-2014 2,42 MB 1.16.12.0
Audacity 2.0.6 Audacity Team 20-11-2014 47,2 MB 2.0.6
AviSynth 2.6 GPL Public release. 4-12-2014 2.6.0.4
Battle.net Blizzard Entertainment 25-11-2015
Call of Duty: Black Ops III Treyarch 16-11-2015
CCleaner Piriform 16-1-2016 5.13
Corsair Link Corsair 21-10-2014 12,8 MB 2.7.5361
Corsair Link™ USB Dongle (Driver Removal) Corsair Memory, Inc. 21-10-2014
CPUID CPU-Z 1.71 22-10-2014 3,63 MB
CPUID HWMonitor 1.25 22-10-2014 2,49 MB
DebugMode FrameServer 4-12-2014
Don't Starve Together Beta Klei Entertainment 25-6-2015
Drakonia Configurator 9-5-2015 11,9 MB
Dxtory version 2.0.127 ExKode Co. Ltd. 29-11-2014 23,7 MB 2.0.127
F1 2013 Codemasters Birmingham 6-12-2014
Fallout 3 Bethesda Game Studios 21-6-2015
FIFA 16 Electronic Arts 2-10-2015 13,2 GB 1.4.15952.12
FTL: Faster Than Light Subset Games 28-12-2014
Futuremark SystemInfo Futuremark 22-10-2014 8,24 MB 4.30.472.0
Google Chrome Google Inc. 19-10-2014 47.0.2526.111
Guns of Icarus Online Muse Games 18-4-2015
Hearthstone Blizzard Entertainment 25-11-2015
Heaven Benchmark version 4.0 Unigine Corp. 30-10-2014 274 MB 4.0
Intel® Management Engine Components Intel Corporation 19-10-2014 10.0.1.1000
Intel® Network Connections 19.3.141.0 Intel 20-10-2014 27,8 MB 19.3.141.0
Intel® Update Manager Intel Corporation 11-10-2015 22,4 MB 3.1.1228
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 20-10-2014 3.0.0.34
Java 8 Update 66 Oracle Corporation 20-11-2015 21,1 MB 8.0.660.18
Java 8 Update 66 (64-bit) Oracle Corporation 20-11-2015 23,2 MB 8.0.660.18
Lagarith Lossless Codec (1.3.27) 29-11-2014 1,02 MB
League of Legends Riot Games 24-2-2015 3.0.1
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 15-1-2016 66,0 MB 2.2.0.1024
Metro 2033 4A Games 19-10-2014
Microsoft .NET Framework 4.5.2 Microsoft Corporation 15-8-2015 38,8 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 15-1-2016 1,59 MB 4.0.40804.0
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 15-8-2015 32,5 MB 2.0.672.0
Microsoft Security Essentials Microsoft Corporation 5-7-2015 4.8.204.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20-10-2014 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 24-2-2015 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 16-6-2015 234 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19-10-2014 786 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19-10-2014 598 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 16-11-2015 13,8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 16-11-2015 41,6 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 2-10-2015 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 23-2-2015 20,5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 23-2-2015 17,3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 27-6-2015 20,5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 27-6-2015 17,1 MB 12.0.30501.0
Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft Corporation 25-10-2014 8,03 MB 4.0.30901.0
MSI Afterburner 4.0.0 MSI Co., LTD 19-10-2014 4.0.0
MSI Gaming APP MSI 19-10-2014 14,3 MB 3.0.0.05
MSI Live Update MSI 20-10-2014 41,2 MB 6.0.010
My Game Long Name Epic Games, Inc. 16-6-2015
Nexus Mod Manager Black Tree Gaming 15-8-2015 22,3 MB 0.56.1
NVIDIA 3D Vision Controller Driver 352.65 NVIDIA Corporation 17-11-2015 352.65
NVIDIA 3D Vision Driver 358.91 NVIDIA Corporation 17-11-2015 358.91
NVIDIA GeForce Experience 2.5.15.54 NVIDIA Corporation 17-11-2015 2.5.15.54
NVIDIA Graphics Driver 358.91 NVIDIA Corporation 17-11-2015 358.91
NVIDIA HD Audio Driver 1.3.34.4 NVIDIA Corporation 17-11-2015 1.3.34.4
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 17-11-2015 9.15.0428
Origin Electronic Arts, Inc. 28-9-2015 9.7.2.53208
Pro Cycling Manager 2015 Cyanide Studio 27-6-2015
qBittorrent 3.1.11 The qBittorrent project 3-11-2014 45,3 MB 3.1.11
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19-10-2014 6.0.1.7293
RivaTuner Statistics Server 6.2.0 Unwinder 19-10-2014 6.2.0
Skype™ 7.17 Skype Technologies S.A. 15-1-2016 79,2 MB 7.17.105
Steam Valve Corporation 19-10-2014 2.10.91.91
TeamSpeak 3 Client TeamSpeak Systems GmbH 3-1-2015 3.0.16
The Bridge Ty Taylor and Mario Castañeda 25-10-2014
TP-LINK TL-WN721N_TL-WN722N Driver TP-LINK 24-11-2014 1.3.1
Unigine Valley Benchmark version 1.0 Unigine Corp. 30-10-2014 455 MB 1.0
Vegas Pro 13.0 (64-bit) Sony 1-12-2014 787 MB 13.0.310
VIA Platform apparaatbeheer VIA Technologies, Inc. 19-10-2014 2,62 MB 1.42
VLC media player VideoLAN 22-10-2014 2.1.5
 
 
Thank you for taking the time to look into this with me.

 

 



#7 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 PM

Posted 16 January 2016 - 06:49 PM

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
 
VERY risky to use p2p programs such as qBittorrent 3.1.11 The qBittorrent project 3-11-2014 45,3 MB 3.1.11 to download free stuff such
as music, movies and pirated games and programs....possibly illegal, too.
 
If you haven't checked for updates to your Firefox browser's add-ons...do that....both extensions and plug-ins. Tools > Add-ons > check for updates
in both....listed in side panel. Did you block the ads as I suggested to do in Adblock Plus? Otherwise, there are tons of ads being allowed and more
everyday as the ad purveyors are paying Adblock Plus to allow their ads by default.
 
Did Eset Online Scanner eventually finish its scan? The item it found was bundled with CCleaner installer...a Google toolbar.
 
Rerun MBAM in normal mode and let me know if it is still having problems....

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 TimvdO

TimvdO
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 January 2016 - 11:21 PM

Okay, I disabled the two scheduled tasks you mentioned in CCleaner. Should I never run these files in the future?

I also know the risks associated with peer2peer downloads but I try and steer clear from all the dodgy illegal stuff, and I do believe qbittorrent is meant to be a lot safer in comparison to other torrent suites such as utorrent.

 

I am not sure what I'm meant to do for the next step, as I've never used Firefox. I did uncheck the box that you mentioned in adblock plus. I thought that Adblock plus is meant to be a lot better in this regard than AdBlock, which is known for allowing ads to go through for payments. I do more and more run into sites that are basically unable to use unless you disable your adblocker. In a few cases I have done so for seemingly trustworthy sites, such as news sites. Do you advise against doing so?

 

As I mentioned in my original post, ESET scan did finish eventually, after 3 hours 10 minutes. This is the file that was removed:

 

 

C:\Users\workstation\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
I just ran MBAM once more and the scan finished without any threats being identified in 6 minutes 10 seconds scanning 335.647 items. Is there anything else that you would like me to run through or do you think it's al right now?


#9 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 PM

Posted 17 January 2016 - 07:40 AM

Oooops...I was a bit distracted when I was posting the instructions for Firefox....football....

 

Like you, I occassionally reach a site that insists on me watching the ads. I decide at that point if what I'm seeking is worth it or not or if what I'm

seeking can be found on another site that doesn't insist on showing me ads. Usually, as long as you don't click on ads...that's safe.

 

Up to you as to whether to reenable the Google tasks.

 

If the computer is performing up to par then I think you are good to go. Happy surfin'....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users