Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm being redirected to random web pages


  • Please log in to reply
8 replies to this topic

#1 3ez5me

3ez5me

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 29 February 2016 - 02:11 AM

I am on Windows 7 and I use google chrome. Every once in a while, I will load a web page but it will either redirect me to a random page or open a new tab to a random page. Sometimes I can tell when it is about to happen as my cursor will not change when I hover over certain elements (text, links, etc.). When I try clicking on something, I get redirected. I have Malwarebytes (Premium free trial) and Spybot S&D and have run scans using both. Thank you for any help



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:00 AM

Posted 29 February 2016 - 10:42 AM

Did you allow MBAM to remove what it found? Use the settings below to scan again using MBAM.

 

Spybot S&D hasn't been recommended for use by the pros for several years. Best to uninstall it. It may interfere

with using one or more of the programs below.

 

  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 


Edited by buddy215, 29 February 2016 - 11:08 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 3ez5me

3ez5me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 29 February 2016 - 09:16 PM

MBAM Log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/29/2016
Scan Time: 2:09 PM
Logfile: log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.29.04
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dylan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 462635
Time Elapsed: 39 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AdWCleaner Log
 
# AdwCleaner v5.037 - Logfile created 29/02/2016 at 15:50:17
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dylan - DYLAN-PC
# Running from : C:\Users\Dylan\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : CouponPrinterService
[-] Service Deleted : YahooAUService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\Prompt Downloader
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\ProgramData\28341ff220e0446c9fff27c4493d622e
[-] Folder Deleted : C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[-] Folder Deleted : C:\ProgramData\Best Buy pc app
[-] Folder Deleted : C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[-] Folder Deleted : C:\ProgramData\Service1291
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Dylan\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Dylan\AppData\Local\Prompt Downloader
[-] Folder Deleted : C:\Users\Dylan\AppData\Local\Best Buy pc app
[-] Folder Deleted : C:\Users\Dylan\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Dylan\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Dylan\AppData\Roaming\SmartPCFix
[-] Folder Deleted : C:\Users\Dylan\AppData\Roaming\Yahoo!\Companion
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\Users\Dylan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Dylan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk
[-] Shortcut Disinfected : C:\Users\Dylan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : SmartPCFix Task
[-] Task Deleted : LHOFWCOXNKQSAVXW
[-] Task Deleted : LHOFWCOXNKQSAVXW
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
[-] Key Deleted : HKLM\SOFTWARE\d4136271-1493-55d4-1307-1338003fc709
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A1A857D-41B0-4122-9DB2-B5A9B21DE0B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A60671D2-CC17-4FDB-8CB7-87EFC561FB2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Condut
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\Imesh
[-] Key Deleted : HKCU\Software\NetNucleous
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\Prompt Downloader
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\SprgFiles
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\NetNucleous
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\NetNucleous
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SprgFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{00662E4A-17C5-4A4C-9858-BA4B45712FAE}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{22A079F2-2188-41EE-830B-87DCC64CAA58}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{CA7B51AA-8617-44A1-8427-0F763E54A317}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A0541F92-7908-4777-AA23-DFCFFE532C1B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B78B393D-98FF-4948-8D90-4753EF7FAF8E}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FA4BC07B-A1E7-4B1C-A928-1C7DC8A2CC97}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6BF1753D-DFEC-4CC0-AD43-945545B526AA}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4E20FB78-7BE7-42A3-867C-63ABBDC79000}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{1BC7BE12-06E0-4562-B3C2-778DE57FE912}C:\program files (x86)\itibiti soft phone\itibiti.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{1E354CAE-B1F8-4142-845F-7DD715F542B7}C:\program files (x86)\itibiti soft phone\itibiti.exe]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.yahoo.com
[-] [C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask
[-] [C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com
[-] [C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mhkaekfpcppmmioggniknbnbdbcigpkk
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [12486 bytes] - [29/02/2016 15:50:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [12647 bytes] - [29/02/2016 15:49:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12634 bytes] ##########
 

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Dylan (Administrator) on Mon 02/29/2016 at 16:06:13.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 63 
 
Failed to delete: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6I12JV2 (Temporary Internet Files Folder) 
Successfully deleted: C:\ai_recyclebin (Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\{0FEA6CA6-342B-4773-815F-7B7FCAD344BF} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{238C2656-BCDA-4A75-8DC1-7BF50F0D280B} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{24D39AF5-C120-4202-9D87-337839B6F65F} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{251564A2-FBE5-498A-9445-40827C2A1EDE} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{31AC881A-6488-448D-A814-18E2EBE38D88} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{32B748C1-1FD7-4505-BD7A-D9DD6AFDC5A7} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{3D303933-0F57-4276-A5BF-BCF133D14CAF} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{462A9A1D-1848-4542-A38E-B9AD225B4DE6} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{4D2423A8-3A5B-4276-91C3-E213AEE249D5} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{4D905FDB-DFBD-4965-8BBC-E23BDC0B4E49} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{6F3FD3F1-5F87-4446-9F71-678696E60593} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{79FEB21C-2D9E-4402-99E3-6BE51272E9E0} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{922C05E5-64DA-4243-8F52-3565F8AF4817} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{97A06781-79C6-4A54-985E-1EF4064A96FE} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{CE4928F9-F30C-4949-8C29-A7B0CD70B906} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{CE9191A3-2FF1-43BF-9F65-D766FC037E9A} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{DCA8AF15-FBA0-4138-B417-6C3E8E9EBBE4} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{DDFDBABC-8BF6-413E-A4C6-46F7F0E055B6} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{E4CF5D25-80FD-48DE-A5D8-7FDB1E64BE0F} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{E6B4DCE2-F92C-4C8D-944B-F14DBEEBF08C} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{EC05C4C2-5023-42B5-BE4B-950A832B1C3C} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Local\{F4A2BC4C-2B72-4DF0-B8D0-612830A4DE1A} (Empty Folder)
Successfully deleted: C:\Users\Dylan\AppData\Roaming\fixcleaner (Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\ks3dfv6y.default\extensions\staged (Folder) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\Windows\couponprinter.ocx (File) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\fixcleaner (Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V49AHS0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMBPME30 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI9337WH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISIEBP3V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4I34QXY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSKVEMGE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0TSZUNI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O10ZZ7G4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAPUI7C4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98PDUYC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dylan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TB2YX3QP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\system32\REN6BE0.tmp (File) 
Successfully deleted: C:\Windows\system32\REN6BF1.tmp (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V49AHS0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMBPME30 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI9337WH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISIEBP3V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4I34QXY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSKVEMGE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0TSZUNI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O10ZZ7G4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAPUI7C4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98PDUYC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TB2YX3QP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6I12JV2 (Temporary Internet Files Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98068995-CA43-4c33-BE80-99E6694468A4} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98068995-CA43-4c33-BE80-99E6694468A4} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/29/2016 at 16:09:21.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET Log
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Windows\SysNative\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Dylan\Downloads\CouponPrinterCPS (1).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Dylan\Downloads\CouponPrinterCPS.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Dylan\Downloads\PowerISO6-x64 (1).exe a variant of Win32/FusionCore.C potentially unwanted application deleted
C:\Users\Dylan\Downloads\PowerISO6-x64.exe a variant of Win32/FusionCore.C potentially unwanted application deleted
C:\Users\Dylan\Downloads\starbound.glad.giraffe.update.3.2013.pc.repack.by.rg.alkad_downloader.exe a variant of Win32/ExpressDownloader.K potentially unwanted application cleaned by deleting
C:\Users\Dylan\H4CK5\Starbound v31.01.2016\Starbound v31.01.2016.exe NSIS/TrojanDownloader.Adload.R trojan cleaned by deleting
C:\Users\Dylan\H4CK5\Starbound v31.01.2016\crack\run_6a600.exe NSIS/TrojanDownloader.Adload.R trojan cleaned by deleting
C:\Users\Dylan\H4CK5\Stonehearth v0.1.0 dev.2513 [2015]\setup Stonehearth.exe multiple threats cleaned by deleting
 
Thank you for your help!


#4 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:00 AM

Posted 29 February 2016 - 10:12 PM

That got rid of a ton or more of adware. Eset removed two trojans. Best to run one more scan.

Looks like the trojans came bundled with pirated/ cracked games....tsk..tsk

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it
  • This time, click on Logs
  • From there, go under the Quarantine Log tab, and click on the Export button
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 29 February 2016 - 10:19 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 3ez5me

3ez5me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 01 March 2016 - 01:39 AM

Windows Startups

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run DAEMON Tools Ultra Agent Disc Soft Ltd "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
Yes HKCU:Run Easy Dock
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Dylan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKLM:Run BrHelp Brother Industries, Ltd. C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
Yes HKLM:Run BrStsMon00 Brother Industries, Ltd. C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
Yes HKLM:Run Easy Dock
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run LockStatusTray Logitech, Inc. C:\Windows\LockStatusTray.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
Scheduled Tasks
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Chromium C:\Users\Dylan\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE /Check
Yes Task FacebookUpdateTaskUserS-1-5-21-179338839-3724374810-2519838309-1002Core C:\Users\Dylan\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
Yes Task FacebookUpdateTaskUserS-1-5-21-179338839-3724374810-2519838309-1002UA C:\Users\Dylan\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task RealUpgradeLogonTaskS-1-5-21-179338839-3724374810-2519838309-1002 C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealUpgradeScheduledTaskS-1-5-21-179338839-3724374810-2519838309-1002 C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task {50ED38F3-1839-4E9E-B043-32FD96183D77} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Dylan\AppData\Local\Temp\$PowerISO$\install.exe -d C:\Users\Dylan\H4CK5\rzr-skrm
Yes Task {5AA074C3-869D-42CD-B329-F381DF9B9AA9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Dylan\Downloads\wmp6cdcs.EXE -d C:\Users\Dylan\Downloads
Yes Task {93F78988-E272-4BB3-8744-53972D551CE3} GOG.com                                                     C:\Users\Dylan\H4CK5\Starbound-GOG\setup_starbound_2.0.0.2.exe
Yes Task {B07DB091-EEB1-4D16-9081-913183C960D9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Dylan\Downloads\wmp6cdcs (1).EXE" -d C:\Users\Dylan\Downloads
Yes Task {D431212C-D3B5-4CA1-A5E5-F9ABA8F868D6} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Dylan\H4CK5\rzr-skrm\install.exe -d C:\Users\Dylan\H4CK5\rzr-skrm
Yes Task {F26B7108-8E4A-409E-881D-A37EDBFFFB2B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\Welcome.exe -d D:\
Yes Task {F7554C5F-6B20-449B-BB3C-8B44E2D39B4D} GOG.com                                                     C:\Users\Dylan\H4CK5\Starbound-GOG\setup_starbound_2.0.0.2.exe
 
Programs Installed
 
7-Zip 9.20 3/3/2014
Adobe AIR Adobe Systems Incorporated 10/24/2011 3.0.0.4080
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2/9/2016 7.84 MB 20.0.0.306
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2/9/2016 8.40 MB 20.0.0.306
Adobe Reader XI (11.0.09) Adobe Systems Incorporated 3/2/2015 183 MB 11.0.09
Adobe Shockwave Player 12.2 Adobe Systems, Inc. 9/13/2015 12.2.0.162
Age of Empires II: HD Edition Hidden Path Entertainment, Ensemble Studios 1/2/2016
Apple Application Support (32-bit) Apple Inc. 10/18/2015 114 MB 4.0.3
Apple Application Support (64-bit) Apple Inc. 10/18/2015 121 MB 4.0.3
Apple Mobile Device Support Apple Inc. 10/18/2015 28.0 MB 9.0.0.26
Apple Software Update Apple Inc. 10/18/2015 2.39 MB 2.1.4.131
ATI Catalyst Install Manager ATI Technologies, Inc. 7/26/2011 22.4 MB 3.0.808.0
Audacity 2.0.5 Audacity Team 3/3/2014 45.5 MB 2.0.5
Battle.net Blizzard Entertainment 12/20/2015
Best Buy pc app Best Buy 9/27/2011 3.1.0.0
BitTorrent BitTorrent Inc. 2/13/2016 7.9.5.41713
Bonjour Apple Inc. 10/18/2015 2.09 MB 3.1.0.1
Borderlands 2 Gearbox Software 8/22/2014
Brother MFC-465CN Brother 9/28/2011 1.00
Brother MFL-Pro Suite MFC-J470DW Brother Industries, Ltd. 10/27/2015 1.0.4.0
CCleaner Piriform 2/29/2016 5.15
Chromium Chromium 6/17/2015 45.0.2420.0
Crazy Machines FAKT Software GmbH 1/4/2014 54.9 MB 1.13
DAEMON Tools Ultra Disc Soft Ltd 8/18/2015 4.0.1.0425
Dell Getting Started Guide Dell Inc. 7/26/2011 1.00.0000
Dell MusicStage Fingertapps 9/27/2011 88.6 MB 1.5.402.0
Dell PhotoStage ArcSoft 7/26/2011 130 MB 1.5.0.65
Dell Product Registration Dell Inc. 7/26/2011 1.0.6
Dell Stage Fingertapps 9/27/2011 83.2 MB 1.5.420.0
Dell System Detect Dell 11/29/2014 5.12.0.3
Dell VideoStage CyberLink Corp. 7/26/2011 1.2.0.1712
denaf 7/26/2011
DW WLAN Card Dell Inc. 7/26/2011 5.60.48.35
ESET Online Scanner v3 2/29/2016
Everything 1.3.4.686 (x86) 7/26/2015
Fable The Lost Chapters R.G. Mechanics, Panky 2/29/2016 3.01 GB
Facebook Messenger 2.1.4814.0 Facebook 3/8/2013 33.4 MB 2.1.4814.0
Facebook Video Calling 3.1.0.521 Skype Limited 8/8/2014 12.4 MB 3.1.521
Fallout New Vegas Bethesda Softworks 6/17/2015 1.4.0.525
FFmpeg for Audacity on Windows 3/3/2014
File Uploader Nikon 9/28/2011 1.64 MB 1.2.0
Garry's Mod Facepunch Studios 4/13/2014
Glyph Trion Worlds, Inc. 12/24/2014 77.0 MB
Google Chrome Google Inc. 8/6/2012 48.0.2564.116
Google Earth Plug-in Google 12/14/2013 83.8 MB 7.1.2.2041
Google Toolbar for Internet Explorer Google Inc. 12/23/2015 7.5.7210.1528
Heroes of the Storm Blizzard Entertainment 12/20/2015
iCloud Apple Inc. 8/17/2015 91.6 MB 4.1.1.53
inSSIDer Home MetaGeek, LLC 2/10/2014 7.59 MB 3.1.2.1
Intel® Rapid Storage Technology Intel Corporation 7/26/2011 10.0.0.1046
iTunes Apple Inc. 10/18/2015 218 MB 12.3.0.44
Java 8 Update 73 Oracle Corporation 2/29/2016 20.8 MB 8.0.730.2
Java SE Development Kit 7 Update 40 (64-bit) Oracle 7/21/2013 182 MB 1.7.0.400
Java™ 6 Update 24 Oracle 7/26/2011 96.9 MB 6.0.240
Java™ 6 Update 24 (64-bit) Oracle 7/26/2011 90.7 MB 6.0.240
JavaFX 2.1.1 Oracle Corporation 7/10/2012 20.8 MB 2.1.1
Keyboard Lock Status Logitech 11/30/2014 1.00.0000
League of Legends Riot Games 11/28/2015 3.0.1
Logitech Vid HD Logitech Inc.. 9/28/2011 7.2 (7259)
Logitech Webcam Software Logitech Inc. 9/28/2011 44.4 MB 12.10.1113
Logitech Webcam Software Driver Package Logitech Inc. 9/28/2011 12.10.1110
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 2/27/2016 66.0 MB 2.2.0.1024
Microsoft .NET Framework 1.1 Microsoft 6/17/2015 34.8 MB 1.1.4322
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2/9/2016 38.8 MB 4.6.01055
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 6/17/2015 31.3 MB 3.5.92.0
Microsoft Games for Windows Marketplace Microsoft Corporation 6/17/2015 6.03 MB 3.5.67.0
Microsoft Mouse and Keyboard Center Microsoft Corporation 12/12/2014 2.3.188.0
Microsoft Office 2010 Microsoft Corporation 7/26/2011 6.31 MB 14.0.4763.1000
Microsoft Office File Validation Add-In Microsoft Corporation 5/14/2014 10.9 MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 2/20/2012 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 1/12/2016 547 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 7/26/2011 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 1/23/2012 252 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10/10/2011 300 KB 8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 10/21/2014 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 3/28/2013 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 3/30/2013 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 7/22/2013 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/22/2013 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 8/8/2014 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 8/9/2014 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/2/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 1/2/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 1/2/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 1/2/2016 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 Microsoft Corporation 1/2/2016 24.3 MB 14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 Microsoft Corporation 1/2/2016 20.6 MB 14.0.23026.0
Microsoft Works 6-9 Converter Microsoft Corporation 12/15/2012 1.17 MB 14.0.6120.5002
Microsoft Xbox 360 Accessories 1.2 Microsoft 4/13/2013 7.78 MB 1.20.146.0
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 1/6/2014 9.17 MB 4.0.20823.0
Minecraft Mojang 1/31/2015 1.22 MB 1.0.3.0
Mozilla Firefox 38.0.1 (x86 en-US) Mozilla 6/1/2015 82.3 MB 38.0.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 9/28/2011 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 9/28/2011 1.33 MB 4.20.9876.0
Multimedia Card Reader Fitipower 7/26/2011 1.7.915.93
MuseScore 2 Werner Schweer and Others 5/31/2015 162 MB 2.0.1
My Dell PC-Doctor, Inc. 11/19/2013 128 MB 3.4.6308.28
Nikon Message Center Nikon 9/28/2011 204 KB 0.92.000
Nikon RAW Codec Nikon 9/28/2011 1.00.0000
Nikon Transfer Nikon 9/28/2011 48.1 MB 1.4.0
Norton Security Suite Symantec Corporation 8/5/2015 22.5.5.15
Picture Control Utility Nikon 9/28/2011 20.0 MB 1.1.5
Pixel Piracy Vitali Kirpu 4/6/2014
PowerISO Power Software Ltd 6/17/2015 6.3
QuickTime 7 Apple Inc. 9/13/2015 70.3 MB 7.78.80.95
Realm of the Mad God Wild Shadow Studios 6/8/2015
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 7/26/2011 6.0.1.6141
RIFT™ Trion Worlds 9/28/2014
ROBLOX Player for Dylan ROBLOX Corporation 7/23/2015
Robocraft Freejam 5/6/2015
SAMSUNG Mobile Modem Driver Set 4/26/2015
Samsung Mobile phone USB driver Drive Software 4/26/2015
SAMSUNG Mobile USB Modem 1.0 Software 4/26/2015
SAMSUNG Mobile USB Modem Software 4/26/2015
Samsung PC Studio 3 USB Driver Installer Samsung Electronics Co., Ltd. 4/27/2015 3.2.0.70701
SimCity 4 Deluxe 9/13/2015
SketchUp 8 Trimble Navigation Limited 10/12/2012 69.4 MB 3.0.15158
Skype Click to Call Microsoft Corporation 1/14/2016 19.0 MB 8.0.0.9103
Skype™ 7.18 Skype Technologies S.A. 2/29/2016 140 MB 7.18.112
Skyrim Script Extender (SKSE) The SKSE Team 9/19/2015
Spotify Spotify AB 2/22/2016 1.0.23.90.g42187855
Steam Valve Corporation 1/6/2014
Stonehearth Radiant Entertainment 8/5/2015 330 MB 0.1.0.dev.2513
TeamSpeak 3 Client TeamSpeak Systems GmbH 8/2/2014 3.0.15
TERA En Masse Entertainment 6/8/2015
Terraria Re-Logic 1/6/2014
Thumbnail Selector Nikon 9/28/2011 18.7 MB 1.1.0
THX TruStudio PC Creative Technology Limited 7/26/2011 1.0
Trove Trion Worlds, Inc. 12/23/2014
TSEV Skyrim LE 8/18/2015 13.0 GB 2.0.0.0
TuxGuitar Herac 9/3/2015 10.6 MB 1.2
UMPlayer 0.98 [P4] Ori Rejwan 8/6/2012 0.98
Unity Web Player Unity Technologies ApS 11/10/2012 12.0 MB
Unturned Nelson Sexton 8/8/2014
ViewNX Nikon 9/28/2011 30.4 MB 1.3.0
Villagers and Heroes Mad Otter Games 7/7/2014
VLC media player 2.1.3 VideoLAN 3/5/2014 2.1.3
Windows Live Essentials Microsoft Corporation 10/18/2011 15.4.3538.0513
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 7/26/2011 5.57 MB 15.4.5722.2
WinRAR 4.20 (32-bit) win.rar GmbH 7/28/2013 4.20.0
WinRAR 4.20 (64-bit) win.rar GmbH 3/5/2014 4.20.0
World of Warplanes Wargaming.net 7/22/2013 14.4 MB
Yahoo! BrowserPlus 2.9.8 Yahoo! Inc. 9/28/2011
Yahoo! Messenger Yahoo! Inc. 9/28/2011
Yahoo! Software Update 9/28/2011
 

Yeah, I had this coming for downloading pirated software. Thanks again



#6 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:00 AM

Posted 01 March 2016 - 07:46 AM

Did you run the Emsisoft scan? If so, what were the results?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:00 AM

Posted 01 March 2016 - 08:19 AM

Disable these Windows Startups: Use CCleaner by clicking on each item and then choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run Easy Dock

Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Dylan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKLM:Run BrHelp Brother Industries, Ltd. C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
Yes HKLM:Run BrStsMon00 Brother Industries, Ltd. C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
Yes HKLM:Run Easy Dock
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
Disable ALL Scheduled Tasks using CCleaner by clicking on each item and then choose Disable
 
Uninstall these programs:
Best Buy pc app Best Buy 9/27/2011 3.1.0.0
BitTorrent BitTorrent Inc. 2/13/2016 7.9.5.41713 (you can keep it...but it is VERY RISKY to download free stuff...maybe even illegal)
Chromium Chromium 6/17/2015 45.0.2420.0 (use  Download Revo Uninstaller Freeware in Advanced Mode to uninstall)
ESET Online Scanner v3 2/29/2016
Google Toolbar for Internet Explorer Google Inc. 12/23/2015 7.5.7210.1528
Java SE Development Kit 7 Update 40 (64-bit) Oracle 7/21/2013 182 MB 1.7.0.400
Java™ 6 Update 24 Oracle 7/26/2011 96.9 MB 6.0.240
Java™ 6 Update 24 (64-bit) Oracle 7/26/2011 90.7 MB 6.0.240
JavaFX 2.1.1 Oracle Corporation 7/10/2012 20.8 MB 2.1.1

Mozilla Firefox 38.0.1 (x86 en-US) Mozilla 6/1/2015 82.3 MB 38.0.1 (Or update rather then uninstall)

My Dell PC-Doctor, Inc. 11/19/2013 128 MB 3.4.6308.28

Skype Click to Call Microsoft Corporation 1/14/2016 19.0 MB 8.0.0.9103 (unless you actually click phone #s in ads)

Windows Live Essentials Microsoft Corporation 10/18/2011 15.4.3538.0513
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 7/26/2011 5.57 MB 15.4.5722.2
Yahoo! BrowserPlus 2.9.8 Yahoo! Inc. 9/28/2011
Yahoo! Messenger Yahoo! Inc. 9/28/2011

Yahoo! Software Update 9/28/2011

 

Norton Security Suite Symantec Corporation 8/5/2015 22.5.5.15 Is this program up to date? I don't see it in

Windows Startups...if it has been abandoned then uninstall


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 3ez5me

3ez5me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 01 March 2016 - 10:05 PM

Done. I forgot that I turned auto-updates for Norton off. I updated it. I think I'm good now, thanks for all of your help!



#9 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:00 AM

Posted 02 March 2016 - 06:13 AM

You're welcome...enjoyed working with you..happy surfin'

 

If you still see ads after doing all of the above...reset your Google Chrome browser.

 

You can reset your browser settings in Chrome any time. You might need to do this if apps or extensions you installed

changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

  1. Open Chrome.
  2. In the top right, click the Chrome menu
  3. Click Settings.
  4. At the bottom, click Show advanced settings.
  5. Under the section "Reset settings,” click Reset settings.
  6. In the box that appears, click Reset.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users