Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange popups suddenly appeared


  • Please log in to reply
12 replies to this topic

#1 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:07:08 AM

Posted 01 April 2016 - 11:22 AM

Mod Edit:  Disabled links - Hamluis.
 
Hi,
 
I suddenly have strange divert popups all over my browser (Firefox),when clicked on a lot of them get stopped by Web of Trust.
 
System is Hewlet Packard Envy 6 - 6GB Ram - Windows 10 64 Bit
 
Security Software - AVG Antivirus  - Malwarebytes anti exploit - Cryptoprevent - Malwarebytes,varius scanners.
 
No sign of Malware for years but it looks like something got through.
 
Thanks in advance for any help.
 
Update - I just clicked on one of the links and it went to
 
hxxx://12gotravel.hodo.biz/]hxxx://12gotravel.hodo.biz/.
 
Some kind of promoter of something ?
 
Another one goes to
hxxx://app.trk12.com/click.php?pca=X9noxqA&partner=tesco_ph_pin_cx&x_synd_id=tesco_ph_pin_cx&transaction_id=769947113&aff_id=271381&aff_sub=]hxxx://app.trk12.com/click.php?pca=X9noxqA&partner=tesco_ph_pin_cx&x_synd_id=tesco_ph_pin _cx&transaction_id=769947113&aff_id=271381&aff_sub=
 
Prizehook.com weekly contest.
 
Thanks again for any help
 
W7


Edited by hamluis, 01 April 2016 - 11:57 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 AM

Posted 01 April 2016 - 11:49 AM

Post the results of the latest MBAM scan that identified and removed adware or malware.

  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:07:08 AM

Posted 01 April 2016 - 01:13 PM

Hi Buddy215,

 

Thanks for your help,much appreciated,Malwarebytes log follows,carying out your other instructions now.

 

Thanks again

 

W7

 

Logs below

 

Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/1/2016
Scan Time: 4:14 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.04.01.04
Rootkit Database: v2016.03.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Magi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419518
Time Elapsed: 40 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Quarantined, [c9df0a9fecad51e547343fe8cb383bc5],
PUP.Optional.ProductSetup, HKU\S-1-5-21-3009826098-3481335029-3959978222-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [bfe91990d7c2cb6b14229d937a8a0df3],

Registry Values: 3
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF, Quarantined, [c9df0a9fecad51e547343fe8cb383bc5]
PUP.Optional.NotChromeRun, HKU\S-1-5-21-3009826098-3481335029-3959978222-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_EA977365BF5B2185FA52414E130E9AF9, "C:\Users\User\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session, Quarantined, [90183a6f158489adf23b35f6fe06c23e]
PUP.Optional.ProductSetup, HKU\S-1-5-21-3009826098-3481335029-3959978222-1001\SOFTWARE\PRODUCTSETUP|tb, 0X1F1T1V1G1G, Quarantined, [bfe91990d7c2cb6b14229d937a8a0df3]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk, Quarantined, [4c5cabfef7a27abcda9f6f14d92b14ec],
PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\mrt.js, Quarantined, [edbbbdec871282b40fd51f710cf8d62a],
PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\components.manifest, Good: (), Bad: (component aab33809-6f9f-45f7-9065-2241f0998415 mrt.js), Replaced,[9b0da405a1f82b0b2f3e76e1699cb947]
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\Chromium\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_51&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCyB0BtD0FtBtB0FyCyCyCtN0D0Tzu0StCyEyEyCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzytByBtDzy0E0DtGyEzyyCtDtG0EyE0F0FtGyEzzyCyCtG0ByCzz0EtD0Czy0ByE0C0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCyEtDzz0B0B0DtG0BtDyCyCtGyEzy0BtAtG0A0ByDyDtGzztDtAyE0EyEzyyD0E0EyCzz2QtN0A0LzutB%26cr%3D656173723%26a%3Dwncy_ir_15_51%26os_ver%3D10.0%26os%3DWindowsReplaced,[6a3eeabf1d7c79bd6bfce67211f48f71]B10Replaced,[6a3eeabf1d7c79bd6bfce67211f48f71]BHome&uref=chmm"]}}), %5

Physical Sectors: 0
(No malicious items detected)


(end)

 

---

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/1/2016
Scan Time: 4:14 PM
Logfile: Mbytes scan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.04.01.04
Rootkit Database: v2016.03.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Magi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419518
Time Elapsed: 40 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Quarantined, [c9df0a9fecad51e547343fe8cb383bc5],
PUP.Optional.ProductSetup, HKU\S-1-5-21-3009826098-3481335029-3959978222-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [bfe91990d7c2cb6b14229d937a8a0df3],

Registry Values: 3
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF, Quarantined, [c9df0a9fecad51e547343fe8cb383bc5]
PUP.Optional.NotChromeRun, HKU\S-1-5-21-3009826098-3481335029-3959978222-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_EA977365BF5B2185FA52414E130E9AF9, "C:\Users\User\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session, Quarantined, [90183a6f158489adf23b35f6fe06c23e]
PUP.Optional.ProductSetup, HKU\S-1-5-21-3009826098-3481335029-3959978222-1001\SOFTWARE\PRODUCTSETUP|tb, 0X1F1T1V1G1G, Quarantined, [bfe91990d7c2cb6b14229d937a8a0df3]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk, Quarantined, [4c5cabfef7a27abcda9f6f14d92b14ec],
PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\mrt.js, Quarantined, [edbbbdec871282b40fd51f710cf8d62a],
PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\components.manifest, Good: (), Bad: (component aab33809-6f9f-45f7-9065-2241f0998415 mrt.js), Replaced,[9b0da405a1f82b0b2f3e76e1699cb947]
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\Chromium\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_51&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCyB0BtD0FtBtB0FyCyCyCtN0D0Tzu0StCyEyEyCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzytByBtDzy0E0DtGyEzyyCtDtG0EyE0F0FtGyEzzyCyCtG0ByCzz0EtD0Czy0ByE0C0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCyEtDzz0B0B0DtG0BtDyCyCtGyEzy0BtAtG0A0ByDyDtGzztDtAyE0EyEzyyD0E0EyCzz2QtN0A0LzutB%26cr%3D656173723%26a%3Dwncy_ir_15_51%26os_ver%3D10.0%26os%3DWindowsReplaced,[6a3eeabf1d7c79bd6bfce67211f48f71]B10Replaced,[6a3eeabf1d7c79bd6bfce67211f48f71]BHome&uref=chmm"]}}), %5

Physical Sectors: 0
(No malicious items detected)


(end)

 

---

 

# AdwCleaner v5.108 - Logfile created 01/04/2016 at 19:22:08
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Magi - USER-HP
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : torchcrashhandler

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\BetterDesktopTool
[-] Folder Deleted : C:\ProgramData\torchcrashhandler
[-] Folder Deleted : C:\ProgramData\Avg_Update_0116avz
[-] Folder Deleted : C:\ProgramData\Avg_Update_0316avz
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetterDesktopTool
[-] Folder Deleted : C:\Users\User\AppData\Local\BetterDesktopTool
[-] Folder Deleted : C:\Users\User\AppData\Local\torch
[-] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil

***** [ Files ] *****

[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[-] File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Torch.lnk
[-] File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : updateTask

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\MozillaPlugins\TorchVLC
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKCU\Software\yahooprovidedsearch
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{5E709D3B-4BC2-42F1-B883-051A11F4094E}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{CFDF8902-2ED5-47B0-A0F5-F27753068718}]
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=winstep+nexus+dock&form=WNSGPH&qs=AS&cvid=515800b8dc2345959e80280d1f7d18e7&pq=winstep&nclid=C958E62386C17DD52D8DEA718E90D847&ts=1445345014801&nclidts=1445345014&tsms=801

***** [ Web browsers ] *****

[-] [C:\Users\User\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\qsnp7th7.default\prefs.js] [Preference] Deleted : user_pref("network.proxy.autoconfig_url", "data:text/javascript,%2F*ZenMate*%2F%0Afunction%20FindProxyForURL(url%2C%20host)%20%7B%0A%0A%20%20var%20e%20%3D%20%7B%20data%3A%20%7B%22localDomains%22%3A%5B[...]
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3303 bytes] - [01/04/2016 19:22:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [3498 bytes] - [01/04/2016 19:19:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3449 bytes] ##########
 

---

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64
Ran by Magi (Administrator) on Fri 04/01/2016 at 19:28:16.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\ProgramData\1447892543.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1447892549.2588.bin (File)
Successfully deleted: C:\ProgramData\1447892549.5684.bin (File)
Successfully deleted: C:\ProgramData\1447892549.6364.bin (File)
Successfully deleted: C:\ProgramData\1447892549.6708.bin (File)
Successfully deleted: C:\Users\User\AppData\Local\{3C553613-160E-4A3A-955D-87F6A3581C6B} (Empty Folder)
Successfully deleted: C:\Users\User\AppData\Local\{E8A510BA-6ABA-46A5-B3FF-5CF5C36868AC} (Empty Folder)
Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cu8tt8z4.default\user.js (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/01/2016 at 19:32:56.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

---

 

ESET LOG

 

C:\Users\User\Documents\Inbox_Feb_2015\FlashDel.exe    a variant of Win32/Packed.AutoIt.BlueLife.A trojan    cleaned by deleting
 

---

 

Hope these are ok

 

System seems clean as far as i can tell so far.

 

Still cant suss where this may have come from,i watcheda movie on Putlocker the other day and someone told me that could get you a virus,which suprised me,but thats all i can think of.

 

Anyway thanks again for your assistance,very much appreciated.

 

W7


Edited by Wolverine 7, 01 April 2016 - 03:43 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 AM

Posted 01 April 2016 - 03:51 PM

Putlocker streams from different domains. So, it could be a the domain you were streaming from did

infect the computer with what appears to be adware....nothing really malicious.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:07:08 AM

Posted 01 April 2016 - 04:13 PM

Putlocker streams from different domains. So, it could be a the domain you were streaming from did

infect the computer with what appears to be adware....nothing really malicious.

 

Yes that would be me not being carefull after a long day..wont steam their again.

 

System seems clean now,nothing appears in taskmanager or Systam Explorer that shouldnt be there.

 

Here are Ccleaner logs,thanks again.

 

Cclaner Startup

 

Yes    HKCU:Run    Digital Clock    Nick Korotysh    C:\Program Files\Nick Korotysh\Digital Clock\digital_clock.exe
Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
Yes    HKLM:Run    AvgUi    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
Yes    HKLM:Run    Classic Start Menu    IvoSoft    "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
Yes    HKLM:Run    HP CoolSense    Hewlett-Packard Development Company, L.P.    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
No    HKLM:Run    HP Quick Launch    Hewlett-Packard Development Company, L.P.    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Yes    HKLM:Run    Malwarebytes Anti-Exploit    Malwarebytes Corporation    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Yes    HKLM:Run    RAMDiskForWorkstations    SoftPerfect    "C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe" /hide
Yes    HKLM:Run    SetDefault        C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
Yes    HKLM:Run    StartCCC    Advanced Micro Devices, Inc.    "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes    HKLM:Run    SysTrayApp    IDT, Inc.    C:\Program Files\IDT\WDM\sttray64.exe

 

---

 

Ccleaner scheduled tasks

 

Yes    HKCU:Run    Digital Clock    Nick Korotysh    C:\Program Files\Nick Korotysh\Digital Clock\digital_clock.exe
Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
Yes    HKLM:Run    AvgUi    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
Yes    HKLM:Run    Classic Start Menu    IvoSoft    "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
Yes    HKLM:Run    HP CoolSense    Hewlett-Packard Development Company, L.P.    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
No    HKLM:Run    HP Quick Launch    Hewlett-Packard Development Company, L.P.    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Yes    HKLM:Run    Malwarebytes Anti-Exploit    Malwarebytes Corporation    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Yes    HKLM:Run    RAMDiskForWorkstations    SoftPerfect    "C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe" /hide
Yes    HKLM:Run    SetDefault        C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
Yes    HKLM:Run    StartCCC    Advanced Micro Devices, Inc.    "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes    HKLM:Run    SysTrayApp    IDT, Inc.    C:\Program Files\IDT\WDM\sttray64.exe

 

---

 

7-Zip 15.09 beta (x64)    Igor Pavlov    11/7/2015    4.69 MB    15.09
AbstractCurves x64    AbstractCurves Software    1/2/2016        1.190
AC3Filter 2.6.0b    Alexander Vigovsky    1/9/2016    3.71 MB    2.6.0b
Adobe Flash Player 19 NPAPI    Adobe Systems Incorporated    11/12/2015    17.9 MB    19.0.0.245
Adobe Reader X (10.1.16) MUI    Adobe Systems Incorporated    10/20/2015    479 MB    10.1.16
Adobe Shockwave Player 12.2    Adobe Systems, Inc.    11/6/2015        12.2.1.171
AIR Software Astro Clock    AIR Software    10/12/2015        3.00
AMD Catalyst Install Manager    Advanced Micro Devices, Inc.    1/4/2016    33.5 MB    8.0.916.0
AOMEI Partition Assistant Pro Edition 5.8    AOMEI Technology Co., Ltd.    11/28/2015    58.6 MB    
AstroWin v3.67    Allen Edwall/AstroWin    10/12/2015        
Atlantis Word Processor        12/4/2015        
AutoHotkey 1.1.22.07    Lexikos    10/30/2015        1.1.22.07
AVG    AVG Technologies    2/20/2016        1.41.1.56922
AVG Protection    AVG Technologies    3/15/2016        2016.51.7497
Bass Audio Decoder (remove only)        1/9/2016        
Batch Picture Resizer 7.0    SoftOrbits    10/29/2015    8.34 MB    7.0
BetterDesktopTool version 1.90    Florian Schwarz    12/14/2015    2.00 MB    1.90
Blio    K-NFB Reading Technology, Inc.    5/11/2012    93.7 MB    3.0.9391
Broadcom 802.11 Wireless LAN Adapter    Broadcom Corporation    10/27/2015        
Broadcom Bluetooth Software    Broadcom Corporation    6/28/2012    287 MB    6.5.1.2300
BurnAware Premium 8.7 GAOTD    Burnaware    12/29/2015    44.8 MB    
calibre    Kovid Goyal    12/26/2015    173 MB    2.47.0
CCleaner    Piriform    10/30/2015        5.10
Celestia 1.6.1    Shatters Software    10/15/2015    66.5 MB    
Chromium    Chromium    12/17/2015        46.0.2480.0
Classic Shell    IvoSoft    12/11/2015    12.3 MB    4.2.5
Cyberfox Web Browser    8pecxstudios    10/27/2015    108 MB    41.0.3.0
CyberLink YouCam    CyberLink Corp.    6/28/2012    220 MB    3.5.3.5018
Daum PotPlayer 1.6.54915 x64 Edition    Daum Kakao Corp.    10/27/2015        
DCoder Image Source (remove only)        1/9/2016        
Desktop Ticker 1.10.1    Mike Batt    10/20/2015    1.04 MB    
Digital Clock    Nick Korotysh    10/12/2015    53.5 MB    4.4.1
DirectVobSub (remove only)        1/9/2016        
Driver Magician 4.8    GoldSolution Software, Inc.    1/4/2016    10.6 MB    
EasySync CryptoMonitor    EasySync Solutions    11/1/2015        2.0.503.0
Evernote v. 5.9.1    Evernote Corp.    10/17/2015    232 MB    5.9.1.8742
ffdshow v1.3.4533 [2014-09-29]        1/9/2016    13.3 MB    1.3.4533.0
FFMPEG Core Files (remove only)        1/9/2016        
Firefox Booster 1.1.2    beginnerpage.wordpress.com    11/25/2015        
FreeMeter        10/22/2015        
GIMP 2.8.14    The GIMP Team    10/16/2015    268 MB    2.8.14
Google Chrome    Google Inc.    5/20/2015        49.0.2623.110
gpedt.msc 1.0    Richard    11/12/2015    5.24 MB    
GreatNews 1.0 (Build 386)    Curio Studio    10/27/2015    3.62 MB    
Haali Media Splitter        1/9/2016        
HandBrake 0.10.2        10/18/2015        0.10.2
HP 3D DriveGuard    Hewlett-Packard Company    6/28/2012    7.00 MB    4.1.12.1
HP CoolSense    Hewlett-Packard Company    5/11/2012    1.29 MB    2.10.3
HP Documentation    Hewlett-Packard    6/28/2012    213 MB    1.1.0.0
HP Power Manager        11/2/2015        
HP Quick Launch    Hewlett-Packard Company    5/11/2012    7.24 MB    2.7.2
HP Setup    Hewlett-Packard Company    5/11/2012    50.9 MB    9.1.15430.4033
HP SimplePass PE    Hewlett-Packard    6/28/2012    80.7 MB    5.4.0.402
HP Software Framework    Hewlett-Packard Company    5/11/2012    4.72 MB    4.5.10.1
HP Support Assistant    Hewlett-Packard Company    5/11/2012    75.9 MB    6.1.12.1
IDT Audio    IDT    6/28/2012        1.0.6392.0
Krita Desktop (x64) 2.9.9.0    Krita Foundation    11/21/2015    290 MB    2.9.9.0
LAV Filters 0.67    Hendrik Leppkes    1/9/2016    32.4 MB    0.67
MadVR (remove only)        1/9/2016        
Malwarebytes Anti-Exploit version 1.07.1.1015    Malwarebytes    10/24/2015    9.95 MB    1.07.1.1015
Malwarebytes Anti-Exploit version 1.8.1.1189    Malwarebytes    2/2/2016    6.45 MB    1.8.1.1189
Malwarebytes Anti-Malware version 2.2.0.1024    Malwarebytes    10/21/2015    66.1 MB    2.2.0.1024
Microsoft .NET Framework 4 Client Profile        5/11/2012        
Microsoft .NET Framework 4 Extended        5/11/2012        
Microsoft Office 2010    Microsoft Corporation    5/11/2012    6.31 MB    14.0.4763.1000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    10/12/2015    4.84 MB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    5/11/2012    788 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    6/28/2012    784 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    10/12/2015    13.2 MB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    6/28/2012    592 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    10/12/2015    10.1 MB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    11/14/2015    7.11 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    1/4/2016    6.17 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727    Microsoft Corporation    1/4/2016    20.4 MB    11.0.50727.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727    Microsoft Corporation    1/4/2016    17.3 MB    11.0.50727.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501    Microsoft Corporation    10/26/2015    20.5 MB    12.0.30501.0
Mozilla Firefox 44.0.2 (x86 en-GB)    Mozilla    2/21/2016    98.8 MB    44.0.2
Mozilla Maintenance Service    Mozilla    2/21/2016    394 KB    44.0.2.5884
OpenOffice 4.1.2    Apache Software Foundation    11/8/2015    337 MB    4.12.9782
Oracle VM VirtualBox 5.0.14    Oracle Corporation    1/23/2016    162 MB    5.0.14
PDF Shaper 4.1    Glorylogic    12/29/2015    24.1 MB    
Pegtop PStart    Pegtop Software    12/4/2015        
PlayReady PC Runtime x86    Microsoft Corporation    5/11/2012    1.65 MB    1.3.0
Portable Start Menu 3.3    www.aignes.com    10/30/2015    2.21 MB    3.3
QuiteRSS version 0.18.2    QuiteRSS Team    10/31/2015    100 MB    0.18.2
Rainlendar2 (remove only)        11/26/2015        
RAMDisk    Dataram, Inc.    11/28/2015    10.1 MB    4.4.0.34
Realtek Ethernet Controller Driver    Realtek    6/28/2012        7.54.309.2012
Realtek PCIE Card Reader    Realtek Semiconductor Corp.    6/28/2012        6.1.7601.27016
RegAlyzer    Safer-Networking Ltd.    10/23/2015        1.6.2.16
Restore Point Creator version 3.4        12/15/2015    1.31 MB    3.4
Revo Uninstaller 1.95    VS Revo Group    12/15/2015        1.95
RocketDock 1.3.5    Punk Software    11/3/2015        
Sandboxie 5.06 (64-bit)    Sandboxie Holdings, LLC    11/18/2015        5.06
ShareX    ShareX Team    11/11/2015    12.3 MB    10.3.0
SimpleSndVol    
Skype™ 5.6    Skype Technologies S.A.    5/11/2012    19.4 MB    5.6.110
SoftPerfect RAM Disk 3.4.7    SoftPerfect    11/28/2015    6.24 MB    
Speccy    Piriform    10/31/2015        1.28
SpeedFan (remove only)        12/19/2015        
Synaptics Pointing Device Driver    Synaptics Incorporated    10/27/2015    46.4 MB    16.2.10.12
Transits v1.01    Allen Edwall/AstroWin    10/12/2015        
Unity Web Player    Unity Technologies ApS    1/13/2016    12.0 MB    5.3.1f1
Visual Studio 2012 x64 Redistributables    AVG Technologies    12/29/2015    12.9 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    12/29/2015    10.5 MB    14.0.0.1
VLC media player    VideoLAN    10/15/2015        2.2.1
Windows Desktop Gadgets    
WinPcap 4.1.3    Riverbed Technology, Inc.    10/29/2015        4.1.0.2980
Wireshark 1.12.8 (64-bit)    The Wireshark developer community,
Zoom Player (remove only)    Inmatrix LTD    1/9/2016        11.1.0

--


 



#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 AM

Posted 01 April 2016 - 05:13 PM

You posted the Windows Startups twice instead of Scheduled Tasks....

 

Suggest you uninstall the Unity Web Player...could be source of ads....and you have VLC

 

Update Flash player. Old flash player is a malware magnet. Check to be sure it is updated in your Firefox browsers, too.

 

If you are satisfied the Scheduled Tasks are okay....then I think you are good to go....happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:07:08 AM

Posted 01 April 2016 - 05:16 PM

Quick update it appears some popups left,although the links when clicked go nowhere and disapear.

 

Popups only appear in Firefox not Chrome.

 

Thanks again for your help.


Edited by Wolverine 7, 01 April 2016 - 05:42 PM.


#8 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 AM

Posted 01 April 2016 - 06:00 PM

Reset Firefox. If that doesn't work then you will need to save your bookmarks and then do a clean uninstall of Firefox...which means

deleting your Firefox profile, too.

Refresh Firefox - reset add-ons and settings | Firefox Help

 

If you need to do a clean uninstall then run the uninstaller for Firefox. After that, do a search for Mozilla Firefox and delete files.

I see you have two Firefox Browsers...hopefully you will be able to determine for sure which profile you are removing.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:07:08 AM

Posted 01 April 2016 - 06:16 PM

Ok thats Firefox reset and all popups gone,so guess im good to go?



#10 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 AM

Posted 01 April 2016 - 06:34 PM

Yes...sounds good to me....happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:07:08 AM

Posted 01 April 2016 - 06:54 PM

Thanks so much,would probably worked it all out in the end but might have taken me days...didnt remember the Ff reset option,tried a clean install and that didnt work.

 

Time for a little brush up on security :-)

 

Anyway,thanks again,you are a gentleman. :thumbsup2:

 

W7


Edited by Wolverine 7, 01 April 2016 - 06:55 PM.


#12 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 AM

Posted 01 April 2016 - 07:17 PM

You're welcome...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Wolverine 7

Wolverine 7
  • Topic Starter

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:07:08 AM

Posted 01 April 2016 - 07:30 PM

Well thanks v much again,..hadnt come across Mr Krauss before,interesting stuff Quantum physics..but whats this...Somethings in star trek are impossible?Oh no dont tell me that...Off to research Grand Unified Theory...:-)

 

Take Care

 

W7






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users