Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTPS link Re-direct


  • Please log in to reply
12 replies to this topic

#1 Jena054

Jena054

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 08 February 2016 - 09:51 AM

I had a bad redirect virus a week or so ago. Ran all the correct software and got rid of it. I am now having problems with opening links. When I click on a link in my email (I have windows 10) instead of opening them, I get a pop up that says I need a new app to open HTTPS. When I click on the store to find a new app these are the options I get: Loadkit Download Manager, Turn off lights, Sidekick private browser, Webaccess and No trace left behind. I did try a system restore but it still continued to do this. I use Chrome as my main browswer but this morning when I clicked on my microsoft edge icon on my task bar it was redirecting me to my document folder. I don't think it's the virus but I am not entirely sure. That's why I posted here instead of the Web Browsing/Email. Any help would be appreciated. I am sure it is something simple but I am at a loss. (Specs: HP15 laptop, touch screen, windows 10)

 

-I have also discovered that I cannot set a default browser without it saying to download a new app to do that. It also says to find a new app when I attempt to connect to a Wi-Fi that is not my home network.


Edited by Jena054, 08 February 2016 - 07:33 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:25 PM

Posted 09 February 2016 - 05:55 AM

Use the programs below to find and remove adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Jena054

Jena054
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 09 February 2016 - 08:43 PM

Thanks for the reply! ESET found nothing, so there is no report for that. 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/9/2016

Scan Time: 3:13 PM

Logfile:

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.02.09.04

Rootkit Database: v2016.02.08.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: crissa

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 352388

Time Elapsed: 41 min, 14 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

Trojan.Agent.Generic, C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WAX3A13.tmp, Quarantined, [00a80a540198ed49d4bf9c4d728fb848],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

AdwCleaner

# AdwCleaner v5.033 - Logfile created 09/02/2016 at 16:02:03

# Updated 07/02/2016 by Xplode

# Database : 2016-02-07.2 [Server]

# Operating system : Windows 10 Home  (x64)

# Username : crissa - RAE

# Running from : C:\Users\crissa\Downloads\AdwCleaner.exe

# Option : Scan

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games

 

***** [ Files ] *****

 

File Found : C:\WINDOWS\SysNative\drivers\sdfhgdf.sys

 

***** [ DLL ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

Task Found : RunAsStdUser Task

 

***** [ Registry ] *****

 

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\SearchModule

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : [x64] HKLM\SOFTWARE\SearchModule

 

***** [ Web browsers ] *****

 

[C:\Users\crissa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jlcgehabolcakkjhgmgpkagpolbjlhfa

[C:\Users\crissa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www-searching.com/?pid=s&s=G1Ozliubl0fg1,dfa1cd40-384d-4ee6-91ff-806d943405fc,&vp=ch&prd=set_ch

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2838 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.2 (01.06.2016)

Operating System: Windows 10 Home x64

Ran by crissa (Administrator) on Tue 02/09/2016 at 16:13:40.58

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 2

 

Successfully deleted: C:\Users\crissa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)

Successfully deleted: C:\WINDOWS\wininit.ini (File)

 

 

 

Registry: 4

 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_74195BB619C33F44532FE20A4C7C1FD4 (Registry Value)

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\sdfhgdf (Registry Key)

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52AEAA15-F9A7-48E2-9DAE-E3EF6B4D06B9} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{52AEAA15-F9A7-48E2-9DAE-E3EF6B4D06B9} (Registry Key)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 02/09/2016 at 16:20:39.51

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:25 PM

Posted 09 February 2016 - 08:47 PM

Rerun AdwCleaner and BE SURE to click on CLEAN when scan finishes.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Jena054

Jena054
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 09 February 2016 - 09:13 PM

# AdwCleaner v5.033 - Logfile created 09/02/2016 at 21:04:01
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : crissa - RAE
# Running from : C:\Users\crissa\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [652 bytes] ##########


#6 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:25 PM

Posted 09 February 2016 - 09:21 PM

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Jena054

Jena054
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 09 February 2016 - 09:51 PM

Startups-
Yes HKCU:Run Akamai NetSession Interface Akamai Technologies, Inc. "C:\Users\crissa\AppData\Local\Akamai\netsession_win.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Power2GoExpress8 CyberLink Corp. "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
Yes HKCU:RunOnce Uninstall C:\Users\crissa\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\crissa\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
Yes HKLM:Run CanonQuickMenu CANON INC. C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IJNetworkScannerSelectorEX CANON INC. C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
Yes HKLM:Run Platinum Trend Micro Inc. "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" -StartUp
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
 
SCheduled-
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForcrissa Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForcrissa (null)
Yes Task HPCeeScheduleForRAE$ Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForRAE$ (null)
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3785596973-130617387-672752690-1002
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3785596973-130617387-672752690-500
Yes Task Start OPBHOBroker Hewlett-Packard "C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
Yes Task Start OPBHOBrokerDesktop Hewlett-Packard "C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
Yes Task Start SimplePass Hewlett-Packard "C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe" /hideui
Yes Task Trend Micro Inspect of Platinum Trend Micro Inc. "C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe" -id "0ef95682-97bb-45f9-8689-3f7a64b393bc" -usertoken "62A300BFFA21435DAF7C090A8AA43290a3ff4feb42181dbf70fc77421dd5842901b83644" -runonce 0 -pid c32t3201v2.1.1190l1p5889r1o21 -lguid 62A300BFFA21435DAF7C090A8AA43290 -hashedsn a3ff4feb42181dbf70fc77421dd5842901b83644 -vid EUT3007001 -lpid TE80
Yes Task {1A80900B-B2A3-46AE-B5DA-90E14A5D0EDB} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
 
Programs-
- Games App - WildTangent Games 1/6/2016 1.0.3.28
3D Builder Microsoft Corporation 1/6/2016 10.10.38.0
7-Zip 9.20 (x64 edition) Igor Pavlov 7/11/2014 4.87 MB 9.20.00.0
Adobe Acrobat Reader DC Adobe Systems Incorporated 1/12/2016 390 MB 15.010.20056
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2/9/2016 8.40 MB 20.0.0.306
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 1/13/2016 31.3 MB 12.0.4.144
Akamai NetSession Interface Akamai Technologies, Inc 1/27/2016
Alarms & Clock Microsoft Corporation 1/6/2016 10.1512.58020.0
Amazon Amazon.com 1/6/2016 3.1.2.8
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 7/31/2014 43.4 MB 8.0.916.0
App connector Microsoft Corporation 1/6/2016 1.3.3.0
Baldur's Gate II: Enhanced Edition Beamdog 1/13/2016 2.42 GB
Bonjour Apple Inc. 7/31/2014 3.23 MB 3.0.0.10
Calculator Microsoft Corporation 1/20/2016 10.1601.49020.0
Camera Microsoft Corporation 2/4/2016 2016.128.10.0
Canon Easy-WebPrint EX Canon Inc. 1/13/2016 18.5 MB 1.5.0.0
Canon IJ Network Scanner Selector EX Canon Inc. 1/13/2016 2.66 MB 1.5.2.3
Canon IJ Network Tool Canon Inc. 1/6/2016 3.5.0
Canon IJ Scan Utility Canon Inc. 1/13/2016 18.4 MB 1.1.10.15
Canon Inkjet Print Utility Canon Inc. 1/6/2016 2.5.0.6
Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon Inc. 1/6/2016 4.2.0
Canon MG2900 series MP Drivers Canon Inc. 1/6/2016 1.00
Canon MG2900 series On-screen Manual Canon Inc. 1/6/2016 7.7.0
Canon MG2900 series User Registration ‭Canon Inc. 1/6/2016
Canon My Image Garden Canon Inc. 1/13/2016 346 MB 3.0.0
Canon My Image Garden Design Files Canon Inc. 1/13/2016 346 MB 3.0.0
Canon My Printer Canon Inc. 1/13/2016 11.6 MB 3.2.1
Canon Quick Menu Canon Inc. 1/13/2016 20.0 MB 2.4.0
CardRecovery 6.10 WinRecovery Software 8/26/2015 2.87 MB
CCleaner Piriform 2/9/2016 5.14
Cisco EAP-FAST Module Cisco Systems, Inc. 7/31/2014 1.54 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 7/31/2014 845 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 7/31/2014 1.28 MB 1.1.6
CyberLink Media Suite 10 CyberLink Corp. 6/11/2015 32.5 MB 10.0.9.4928
Cyberlink PhotoDirector CyberLink Corp. 1/13/2016 218 MB 5.0.4.6303
CyberLink Power2Go 8 CyberLink Corp. 6/11/2015 262 MB 8.0.9.5009
CyberLink PowerDirector 12 CyberLink Corp. 1/13/2016 444 MB 12.0.2.3324
CyberLink PowerDVD 12 CyberLink Corp. 7/31/2014 211 MB 12.0.4.4223
CyberLink YouCam CyberLink Corp. 7/31/2014 217 MB 5.0.4.4218
DummyInstaller Microsoft 12/20/2014 368 KB 1.0.0
Echo of Soul Nvius 1/13/2016 8.61 GB
Energy Star Hewlett-Packard Company 7/31/2014 6.79 MB 1.0.9
Evernote v. 5.3 Evernote Corp. 7/11/2014 188 MB 5.3.0.3360
Family Guy : The Quest for Stuff TinyCo, Inc. 1/6/2016 1.3.3.0
Foxit PhantomPDF Foxit Corporation 12/20/2014 1.10 GB 6.0.33.715
Fresh Paint Microsoft Corporation 1/13/2016 3.0.15356.0
Get Office Microsoft Corporation 2/2/2016 17.6628.23511.0
Get Skype Skype 1/6/2016 3.2.1.0
Get Started Microsoft Corporation 1/7/2016 2.6.12.0
Getting Started with Windows 8 Hewlett-Packard Company 1/6/2016 1.6.0.0
Google Chrome Google Inc. 1/4/2015 471 MB 48.0.2564.109
Groove Music Microsoft Corporation 1/6/2016 3.6.15131.0
Happy Cloud Client Happy Cloud, Inc. 1/27/2016 15.5 MB 4.28
HP Connected Drive HP Inc. 1/6/2016 4.4.32.190
HP Connected Music Hewlett-Packard Company 1/6/2016 1.5.0.253
HP Documentation Hewlett-Packard 7/31/2014 201 MB 1.1.0.0
HP Registration Hewlett-Packard Company 1/6/2016 1.2.1.166
HP Registration Service Hewlett-Packard 7/31/2014 45.3 MB 1.2.7745.4851
HP SimplePass Hewlett-Packard 10/17/2015 8.01.46
HP SimplePass Softex Inc. 10/17/2015 21.2 MB 8.01.46
HP Support Assistant Hewlett-Packard Company 9/23/2015 47.5 MB 8.1.40.3
HP Support Solutions Framework Hewlett-Packard Company 9/23/2015 10.9 MB 12.0.30.219
HP System Event Utility Hewlett-Packard Company 10/17/2015 7.18 MB 1.4.1
HP Utility Center Hewlett-Packard Company 7/31/2014 14.4 MB 2.5.2
HP Wireless Button Driver Hewlett-Packard 9/22/2015 2.27 MB 1.1.5.1
Java 8 Update 45 Oracle Corporation 4/26/2015 9.76 MB 8.0.450
Mail and Calendar Microsoft Corporation 2/5/2016 17.6568.16731.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 1/24/2016 55.8 MB 2.2.0.1024
Maps Microsoft Corporation 1/19/2016 4.1601.10150.0
McAfee® Central for HP .-McAfee Inc-. 1/6/2016 4.5.153.1
Messaging + Skype Microsoft Corporation 1/21/2016 2.13.20000.0
Microsoft Mahjong Microsoft Studios 1/6/2016 2.5.1508.1801
Microsoft Office 365 - en-us Microsoft Corporation 1/28/2016 1.26 GB 15.0.4787.1002
Microsoft Office Professional Plus 2013 - en-us Microsoft Corporation 1/28/2016 1.26 GB 15.0.4787.1002
Microsoft Silverlight Microsoft Corporation 1/12/2016 143 MB 5.1.41212.0
Microsoft Solitaire Collection Microsoft Studios 1/13/2016 3.7.1041.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 7/31/2014 7.37 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 7/31/2014 1.63 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 1/31/2015 830 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 7/31/2014 5.59 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 7/31/2014 5.58 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 1/31/2015 4.94 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/15/2015 18.0 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/15/2015 19.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/6/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 1/6/2016 17.3 MB 11.0.61030.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 1/13/2016 2.42 MB 10.0.50903
Microsoft Wi-Fi Microsoft Corporation 1/6/2016 1.1511.2.0
Money Microsoft Corporation 1/27/2016 4.8.239.0
Movies & TV Microsoft Corporation 1/29/2016 3.6.16941.0
MSN Food & Drink Microsoft Corporation 1/6/2016 3.0.4.336
MSN Health & Fitness Microsoft Corporation 1/6/2016 3.0.4.336
MSN Travel Microsoft Corporation 1/6/2016 3.0.4.336
mysms - Text from Computer, Messaging Up to Eleven Digital Solutions GmbH 1/6/2016 3.0.3.0
Netflix Netflix, Inc. 1/29/2016 6.5.32.0
News Microsoft Corporation 1/26/2016 4.8.239.0
OneNote Microsoft Corporation 2/3/2016 17.6568.15721.0
OpenAL 1/6/2016
People Microsoft Corporation 2/4/2016 10.0.10220.0
Phone Microsoft Corporation 1/7/2016 2.12.14001.0
Phone Companion Microsoft Corporation 2/4/2016 10.1602.3010.0
PhotoDirector CyberLink Corp. 6/11/2015 218 MB 5.0.4.6303
Photos Microsoft Corporation 2/5/2016 16.201.11370.0
PowerDirector CyberLink Corp. 12/19/2014 446 MB 12.0.2.3324
Reader Microsoft Corporation 2/10/2016 6.4.9926.18190
Realtek Card Reader Realtek Semiconductor Corp. 9/22/2015 47.2 MB 6.3.370.87
Realtek Ethernet Controller Driver Realtek 9/22/2015 24.1 MB 10.1.505.2015
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 1/13/2016 33.5 MB 6.0.1.7553
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 12/20/2014 82.5 MB 1.0.0.41
Secure Download Manager Kivuto Solutions Inc. 1/4/2015 1.83 MB 3.1.60
Snapfish HP Inc. 2/10/2016 6.0.365.0
Sports Microsoft Corporation 1/26/2016 4.8.239.0
Steam Valve Corporation 1/6/2016 2.10.91.91
Store Microsoft Corporation 1/28/2016 2015.25.24.0
Sway Microsoft Corporation 2/2/2016 17.6629.20261.0
Synaptics Pointing Device Driver Synaptics Incorporated 1/6/2016 46.4 MB 19.0.12.95
The Elder Scrolls III: Morrowind Bethesda Game Studios® 1/13/2016 1.06 GB
The Weather Channel for HP The Weather Channel. 1/6/2016 2015.1108.1.0
Translator Microsoft Corporation 1/6/2016 4.1.2.0
Trend Micro Maximum Security Trend Micro Inc. 9/22/2015 611 MB 8.0
TripAdvisor TripAdvisor LLC 1/6/2016 1.4.3.0
Voice Recorder Microsoft Corporation 1/6/2016 10.1512.21110.0
Weather Microsoft Corporation 1/26/2016 4.8.239.0
WildTangent Games WildTangent 1/13/2016 5.22 MB 1.0.4.0
Windows Reading List Microsoft Corporation 1/6/2016 6.3.9654.20947
Windows Scan Microsoft Corporation 1/6/2016 6.3.9654.17133
Xbox Microsoft Corporation 1/8/2016 11.13.6008.0
ZTE Handset USB Driver ZTE Corporation 1/9/2016 5.96 MB 5.2104.1.02B05


#8 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:25 PM

Posted 10 February 2016 - 06:23 AM

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes HKCU:Run Akamai NetSession Interface Akamai Technologies, Inc. "C:\Users\crissa\AppData\Local\Akamai\netsession_win.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:RunOnce Uninstall C:\Users\crissa\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\crissa\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
Yes HKLM:Run IJNetworkScannerSelectorEX CANON INC. C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
 
Disable these Scheduled Tasks:

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForcrissa Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForcrissa (null)
Yes Task HPCeeScheduleForRAE$ Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForRAE$ (null)
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3785596973-130617387-672752690-1002
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3785596973-130617387-672752690-500
Yes Task Start OPBHOBroker Hewlett-Packard "C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
Yes Task Start OPBHOBrokerDesktop Hewlett-Packard "C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
Yes Task {1A80900B-B2A3-46AE-B5DA-90E14A5D0EDB} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
 
Uninstall these programs:
- Games App - WildTangent Games 1/6/2016 1.0.3.28
Java 8 Update 45 Oracle Corporation 4/26/2015 9.76 MB 8.0.450
McAfee® Central for HP .-McAfee Inc-. 1/6/2016 4.5.153.1
Secure Download Manager Kivuto Solutions Inc. 1/4/2015 1.83 MB 3.1.60
WildTangent Games WildTangent 1/13/2016 5.22 MB 1.0.4.0

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Jena054

Jena054
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 10 February 2016 - 08:06 AM

Every thing has been disabled or uninstalled. Do you need the logs again for those? 



#10 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:25 PM

Posted 10 February 2016 - 08:23 AM

After rebooting the computer....what problems still exist? Is the computer performing up to par?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Jena054

Jena054
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 10 February 2016 - 08:55 AM

computer is running fine, but I still cannot open links. Or set my default browser. The computer just asks me to go to the app store to download a new app to open https/http.



#12 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:25 PM

Posted 10 February 2016 - 09:14 AM

Weird...Start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Jena054

Jena054
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 10 February 2016 - 09:56 AM

Here is the link to my new topic:

http://www.bleepingcomputer.com/forums/t/605049/new-app-is-needed-to-open-httphttps/?p=3931444

 

Thank you for all your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users