Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Websites Showing Overlay Ads & Being Forwarded to Other Websites! WIN7!


  • Please log in to reply
16 replies to this topic

#1 Viking Erik

Viking Erik

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 12:39 AM

I don't know what happened but some websites are usable but some entirely unusable.

For example I can't go to ebay.com w/out ads on the right side & bottom and then I'm transferred to another website that's unrelated.

Then I'll get a womens voice asking for me to call a # to give $ to "repair" the issue.

Some sites are fine.  I use this computer ONLY for simple browsing of mainstream sites & e-mail.

Nothing odd.  Even Bleeping Computer has ads on the right side.

Can anyone offer some suggestions on how to repair & prevent from happening in the future?

Thank you from Los Angeles!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:11 AM

Posted 16 April 2016 - 05:38 AM

Sometime just clearing the browser cache will get rid of the criminal's ad with phone #. Sometime it is adware

and/ or malware involved. Use the programs below to find and remove the cause(s).

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 09:58 AM

Hello BC Advisor!

Thank you for offering your assistance!

By the way, what does BC & FSM stand for?

 

Here is the log from MBAM:

(I hope it's the right one....)

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 4/16/2016 7:03 AM, SYSTEM, FAMILY-PC, Protection, Malware Protection, Starting, 
Protection, 4/16/2016 7:03 AM, SYSTEM, FAMILY-PC, Protection, Malware Protection, Started, 
Protection, 4/16/2016 7:03 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 4/16/2016 7:03 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Started, 
Update, 4/16/2016 7:03 AM, SYSTEM, FAMILY-PC, Manual, Remediation Database, 2016.2.12.1, 2016.4.12.1, 
Update, 4/16/2016 7:03 AM, SYSTEM, FAMILY-PC, Manual, Domain Database, 2016.2.16.8, 2016.4.15.6, 
Update, 4/16/2016 7:03 AM, SYSTEM, FAMILY-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.4.9.1, 
Update, 4/16/2016 7:03 AM, SYSTEM, FAMILY-PC, Manual, IP Database, 2016.2.8.1, 2016.4.7.1, 
Update, 4/16/2016 7:04 AM, SYSTEM, FAMILY-PC, Manual, Malware Database, 2016.2.16.6, 2016.4.16.3, 
Protection, 4/16/2016 7:04 AM, SYSTEM, FAMILY-PC, Protection, Refresh, Starting, 
Protection, 4/16/2016 7:04 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 4/16/2016 7:04 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 4/16/2016 7:04 AM, SYSTEM, FAMILY-PC, Protection, Refresh, Success, 
Protection, 4/16/2016 7:04 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 4/16/2016 7:04 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Started, 
Detection, 4/16/2016 7:44 AM, SYSTEM, FAMILY-PC, Protection, Malware Protection, File, Trojan.Agent, C:\Users\Erik\AppData\Roaming\Win Update\Win Update.exe, Quarantine Failed, 6, The handle is invalid.  , [770c6e41c6d32a0cd26145bced17fa06]
Detection, 4/16/2016 7:44 AM, SYSTEM, FAMILY-PC, Protection, Malware Protection, File, Trojan.Agent, C:\Users\Erik\AppData\Roaming\Win Update\Win Update.exe, Quarantine, [770c6e41c6d32a0cd26145bced17fa06]
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 146.148.46.20, www.liveadexchanger.com, 50102, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 146.148.46.20, www.liveadexchanger.com, 50102, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, IP, 8.34.112.226, qup.unconsideredcinnamon.com, 50137, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, IP, 8.34.112.226, qup.unconsideredcinnamon.com, 50137, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, ron.wildlifeafriq.com, 50144, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, ron.wildlifeafriq.com, 50144, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50231, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50231, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 146.148.46.20, www.liveadexchanger.com, 50258, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, ron.wildlifeafriq.com, 50267, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, IP, 8.34.112.227, qup.unconsideredcinnamon.com, 50268, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, IP, 8.34.112.227, qup.unconsideredcinnamon.com, 50268, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 52.20.158.227, land.pckeeper.software, 50287, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 52.20.158.227, land.pckeeper.software, 50287, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:45 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50290, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50433, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, ron.wildlifeafriq.com, 50512, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, IP, 8.34.112.227, qup.unconsideredcinnamon.com, 50514, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50544, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, ron.wildlifeafriq.com, 50603, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, IP, 8.34.112.227, qup.unconsideredcinnamon.com, 50604, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50623, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, IP, 8.34.112.227, qup.unconsideredcinnamon.com, 50665, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, ron.wildlifeafriq.com, 50669, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Detection, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Domain, 141.101.127.126, cdn.visadd.com, 50707, Outbound, C:\Program Files (x86)\Techsmart Computer\privoxy.exe, 
Scan, 4/16/2016 7:46 AM, SYSTEM, FAMILY-PC, Context, Start:4/16/2016 7:04 AM, Duration:22 min 50 sec, Threat Scan, Completed, 3 Malware Detections, 22 Non-Malware Detections, 
Protection, 4/16/2016 7:48 AM, SYSTEM, FAMILY-PC, Protection, Malware Protection, Starting, 
Protection, 4/16/2016 7:48 AM, SYSTEM, FAMILY-PC, Protection, Malware Protection, Started, 
Protection, 4/16/2016 7:48 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 4/16/2016 7:49 AM, SYSTEM, FAMILY-PC, Protection, Malicious Website Protection, Started, 
 
(end)


#4 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 10:08 AM

Adw Cleaner log:

 

# AdwCleaner v5.018 - Logfile created 05/11/2015 at 21:24:59
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Erik - FAMILY-PC
# Running from : C:\Users\Erik\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : PrivoxyService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Techsmart Computer
[-] Folder Deleted : C:\Program Files (x86)\uniisalees
[-] Folder Deleted : C:\Program Files (x86)\unnisales
[-] Folder Deleted : C:\Program Files (x86)\uuniSaleas
[-] Folder Deleted : C:\ProgramData\73946251728a6edb
[-] Folder Deleted : C:\ProgramData\8328389712868437723
[-] Folder Deleted : C:\ProgramData\dmgkkkmaikpnodejknmljpepcmbhgkoj
[-] Folder Deleted : C:\ProgramData\lcfmpbffcblljhagjogepbmkjjecdhil
[-] Folder Deleted : C:\ProgramData\nmbangfeplibapkgkkdjnbjneeenmdlj
[-] Folder Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcjclaangpnjgfllaoodflclpdfcegb
[-] Folder Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc
[-] Folder Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\idijdgooojpepbnadlbkiagcmilndffa
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekhagklcjbdpajgpjgmbionohlpdbjgc_0.localstorage
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekhagklcjbdpajgpjgmbionohlpdbjgc_0.localstorage-journal
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idijdgooojpepbnadlbkiagcmilndffa_0.localstorage
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idijdgooojpepbnadlbkiagcmilndffa_0.localstorage-journal
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ja.reimageplus.com_0.localstorage
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ja.reimageplus.com_0.localstorage-journal
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
[-] File Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Techsmart Computer Task
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ROC_roc_ssl_v12]
[-] Key Deleted : HKLM\SOFTWARE\Classes\.
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796a939b-ab20-41ff-bbdd-3b1b136f42d0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D37BD00-E9FD-40D1-80E7-1795E510ECAA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{796a939b-ab20-41ff-bbdd-3b1b136f42d0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{796a939b-ab20-41ff-bbdd-3b1b136f42d0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{796a939b-ab20-41ff-bbdd-3b1b136f42d0}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{796a939b-ab20-41ff-bbdd-3b1b136f42d0}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{796a939b-ab20-41ff-bbdd-3b1b136f42d0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{796a939b-ab20-41ff-bbdd-3b1b136f42d0}
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\OutfoxTV
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\RrFilter
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\OutfoxTV
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[R1].txt - [10118 bytes] - [24/02/2013 14:22:18]
C:\AdwCleaner[R2].txt - [10179 bytes] - [24/02/2013 14:23:50]
C:\AdwCleaner[S1].txt - [7719 bytes] - [24/02/2013 14:52:58]
C:\AdwCleaner[S2].txt - [893 bytes] - [24/02/2013 14:56:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6187 bytes] ##########
# AdwCleaner v5.111 - Logfile created 16/04/2016 at 08:03:51
# Updated 14/04/2016 by Xplode
# Database : 2016-04-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Erik - FAMILY-PC
# Running from : C:\Users\Erik\Downloads\AdwCleaner (2).exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : PrivoxyService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Techsmart Computer
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] File Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
[-] File Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Techsmart Computer Task
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Data Restored : HKU\S-1-5-21-2509289748-956863051-239331069-1004\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-2509289748-956863051-239331069-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C2].txt - [8909 bytes] - [05/11/2015 22:24:59]
C:\AdwCleaner\AdwCleaner[C3].txt - [1794 bytes] - [16/11/2015 07:23:25]
C:\AdwCleaner\AdwCleaner[C4].txt - [2418 bytes] - [23/11/2015 12:29:58]
C:\AdwCleaner\AdwCleaner[C5].txt - [2366 bytes] - [25/11/2015 20:41:20]
C:\AdwCleaner\AdwCleaner[C6].txt - [2037 bytes] - [26/11/2015 13:32:09]
C:\AdwCleaner\AdwCleaner[C7].txt - [2996 bytes] - [21/12/2015 07:11:56]
C:\AdwCleaner\AdwCleaner[C8].txt - [1791 bytes] - [21/01/2016 22:01:46]
C:\AdwCleaner\AdwCleaner[C9].txt - [1376 bytes] - [29/01/2016 23:20:18]
C:\AdwCleaner\AdwCleaner[R0].txt - [6086 bytes] - [10/01/2015 14:31:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [5791 bytes] - [10/01/2015 14:34:19]
C:\AdwCleaner\AdwCleaner[S10].txt - [3040 bytes] - [20/12/2015 19:45:55]
C:\AdwCleaner\AdwCleaner[S11].txt - [3069 bytes] - [21/12/2015 07:04:37]
C:\AdwCleaner\AdwCleaner[S12].txt - [3069 bytes] - [21/12/2015 07:09:55]
C:\AdwCleaner\AdwCleaner[S13].txt - [1646 bytes] - [21/01/2016 21:58:47]
C:\AdwCleaner\AdwCleaner[S14].txt - [1267 bytes] - [29/01/2016 23:16:20]
C:\AdwCleaner\AdwCleaner[S2].txt - [5854 bytes] - [05/11/2015 21:47:26]
C:\AdwCleaner\AdwCleaner[S3].txt - [5699 bytes] - [07/11/2015 21:00:55]
C:\AdwCleaner\AdwCleaner[S4].txt - [6402 bytes] - [16/11/2015 07:20:28]
C:\AdwCleaner\AdwCleaner[S5].txt - [2514 bytes] - [23/11/2015 10:03:21]
C:\AdwCleaner\AdwCleaner[S6].txt - [2190 bytes] - [25/11/2015 20:37:06]
C:\AdwCleaner\AdwCleaner[S7].txt - [2190 bytes] - [25/11/2015 20:39:53]
C:\AdwCleaner\AdwCleaner[S8].txt - [2055 bytes] - [26/11/2015 13:28:17]
C:\AdwCleaner\AdwCleaner[S9].txt - [3068 bytes] - [20/12/2015 19:40:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [10593 bytes] ##########


#5 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 10:27 AM

Here is JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Erik (Administrator) on Sat 04/16/2016 at  8:20:39.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 24 
 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HENZ5FJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JKIWEBT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P7HUNXV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8X7TIOYO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\977QSG40 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD1ZNWTA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J4HTHRH2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LG5DUFUN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPO6NLNB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NLDK7ZK8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TES4CQGQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VX5X0I5M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HENZ5FJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JKIWEBT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P7HUNXV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8X7TIOYO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\977QSG40 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD1ZNWTA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J4HTHRH2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LG5DUFUN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPO6NLNB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NLDK7ZK8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TES4CQGQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VX5X0I5M (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/16/2016 at  8:25:34.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:11 AM

Posted 16 April 2016 - 10:42 AM

After Eset completes its scan...often more than an hour or two....post its results and do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 02:04 PM

ESET Log:

 

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Techsmart Computer\ittask.exe.vir a variant of Win32/Techsnab.AB potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsmart Computer\amnet.dll.vir a variant of Win32/Techsnab.V potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsmart Computer\amnet64.dll.vir a variant of Win64/Techsnab.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsmart Computer\ittask.exe.vir a variant of Win32/Techsnab.AB potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsmart Computer\jswchromium.exe.vir a variant of Win32/Techsnab.AB potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsmart Computer\jswchromium64.exe.vir a variant of Win64/Techsnab.B potentially unwanted application cleaned by deleting
C:\Users\Erik\AppData\Roaming\Qualcomm\Eudora\attach\CCE29032016_00052.rar JS/TrojanDownloader.Nemucod.NF trojan deleted
C:\Users\Erik\AppData\Roaming\Qualcomm\Eudora\attach\hofu@earthlink.net_6615001_89841979.zip JS/TrojanDownloader.Nemucod.IT trojan deleted
C:\Users\Erik\Downloads\The Complete Ashley Madison Dump from the Impact Team (1).zip a variant of Win32/Techsnab.AC potentially unwanted application deleted
C:\Users\Erik\Downloads\The Complete Ashley Madison Dump from the Impact Team.zip a variant of Win32/Techsnab.AC potentially unwanted application deleted


#8 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 02:07 PM

Scheduled Tasks from CCleaner Free:

 

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Adobe online update program Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Java Update Scheduler Oracle Corporation C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Yes Task Omega Viewer Schedualer C:\Program Files (x86)\Omega Viewer\msnworker.exe
Yes Task PC Software Task Backup Updater C:\Program Files (x86)\PC Software\PCSoftware.exe
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes Task Win Update C:\Users\Erik\AppData\Roaming\Win Update\Win Update.exe
Yes Task Win Update Logon C:\Users\Erik\AppData\Roaming\Win Update\Win Update.exe login

Edited by Viking Erik, 16 April 2016 - 02:10 PM.


#9 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 02:10 PM

Windows from CCleaner Free:
 
Yes HKCU:Run BMUpdate C:\Windows\system32\BMUpdate.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run Brdefprn C:\Program Files (x86)\Brother\BRHL2140\Brdefprn.exe -d
Yes HKLM:Run BrStsWnd brother C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run MSC Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Yes Startup Common Malwarebytes Anti-Ransomware.lnk Malwarebytes C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe


#10 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 02:12 PM

Installed from CCleaner Free:

 

Acrobat.com Adobe Systems Incorporated 8/14/2009 1.60 MB 1.6.65
Adobe AIR Adobe Systems Inc. 8/14/2009 1.5.0.7220
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 4/8/2016 5.09 MB 21.0.0.213
Adobe Reader 9.5.5 MUI Adobe Systems Incorporated 9/17/2013 690 MB 9.5.5
Apple Application Support Apple Inc. 8/30/2014 93.4 MB 3.0.6
Apple Mobile Device Support Apple Inc. 8/30/2014 21.3 MB 7.1.2.6
Apple Software Update Apple Inc. 11/1/2011 2.38 MB 2.1.3.127
Bonjour Apple Inc. 1/1/2012 2.00 MB 3.0.0.10
Brother HL-2140 Brother 9/17/2013 1.00
CCleaner Piriform 4/16/2016 5.16
eBay Worldwide OEM 1/7/2010 100 KB 2.1.0703
eMachines Games WildTangent 11/2/2009 1.0.0.71
eMachines Recovery Management Acer Incorporated 8/14/2009 4.05.3002
eMachines Registration Acer Incorporated 11/2/2009 1.02.3004
eMachines ScreenSaver eMachines Incorporated 11/2/2009 1.1.0812
ESET Online Scanner v3 2/24/2013
Eudora 4/10/2011 7.0
FileZilla Client 3.12.0.2 Tim Kosse 7/25/2015 21.9 MB 3.12.0.2
Google Chrome Google Inc. 1/22/2015 49.0.2623.112
iSEEK AnswerWorks English Runtime Vantage Linguistics 2/19/2010 4.76 MB 009.000.0002
iTunes Apple Inc. 8/30/2014 220 MB 11.3.1.2
Java 8 Update 40 Oracle Corporation 3/21/2015 76.9 MB 8.0.400
LSI PCI-SV92PP Soft Modem LSI Corporation 8/14/2009 16.0 KB 2.2.95
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 4/16/2016 66.8 MB 2.2.1.1043
Malwarebytes Anti-Ransomware version 0.9.15.416 Malwarebytes 4/9/2016 63.3 MB 0.9.15.416
Microsoft .NET Framework 4.5.2 Microsoft Corporation 10/24/2015 38.8 MB 4.5.51209
Microsoft Office File Validation Add-In Microsoft Corporation 5/14/2014 10.9 MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 2/19/2012 12.0.6612.1000
Microsoft Office Suite Activation Assistant Microsoft Corporation 8/14/2009 8.36 MB 2.9
Microsoft Security Essentials Microsoft Corporation 2/24/2016 4.9.218.0
Microsoft Silverlight Microsoft Corporation 1/13/2016 447 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11/1/2009 1.72 MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 1/9/2010 260 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/20/2011 298 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 8/14/2009 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 3/9/2014 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 3/11/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/23/2012 12.2 MB 10.0.40219
Microsoft Works Microsoft Corporation 10/10/2012 1.36 GB 9.7.0621
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 1/9/2010 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 1/9/2010 1.33 MB 4.20.9876.0
Nero 9 Essentials Nero AG 8/14/2009
NVIDIA Display Control Panel NVIDIA Corporation 11/4/2012 6.14.12.5896
NVIDIA Graphics Driver 309.08 NVIDIA Corporation 10/24/2015 309.08
NVIDIA Update 1.10.8 NVIDIA Corporation 4/13/2013 1.10.8
Picasa 3 Google, Inc. 10/30/2013 3.9
QuickTime Apple Inc. 11/1/2011 73.2 MB 7.71.80.42
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8/14/2009 6.0.1.5898
TurboTax 2009 Intuit, Inc 2/19/2010
TurboTax 2010 Intuit, Inc 4/5/2011
TurboTax 2011 Intuit, Inc 4/1/2012
TurboTax 2012 Intuit, Inc 4/5/2013 2012.0
TurboTax 2013 Intuit, Inc 4/13/2014 2013.0
TurboTax 2014 Intuit, Inc 4/9/2015 2014.0
TurboTax Business 2011 Intuit, Inc 4/1/2012
Visual Studio 2010 x64 Redistributables AVG Technologies 10/22/2012 12.4 MB 13.0.0.1
VLC media player VideoLAN 12/25/2014 2.1.5
Welcome Center Acer Incorporated 11/2/2009 1.00.3004
Windows Live Essentials Microsoft Corporation 11/2/2009 14.0.8064.0206
Windows Live Sign-in Assistant Microsoft Corporation 10/23/2010 1.93 MB 5.000.818.5
Windows Live Sync Microsoft Corporation 11/1/2009 2.79 MB 14.0.8064.206
Windows Live Upload Tool Microsoft Corporation 11/1/2009 224 KB 14.0.8014.1029
WinRAR 4.00 (32-bit) win.rar GmbH 5/1/2011 4.00.0


#11 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:11 AM

Posted 16 April 2016 - 03:04 PM

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Adobe online update program Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Java Update Scheduler Oracle Corporation C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
 
Delete these Scheduled Tasks using CCleaner by clicking on each item and choosing Delete on the right.
Yes Task Omega Viewer Schedualer C:\Program Files (x86)\Omega Viewer\msnworker.exe
Yes Task Win Update C:\Users\Erik\AppData\Roaming\Win Update\Win Update.exe
Yes Task Win Update Logon C:\Users\Erik\AppData\Roaming\Win Update\Win Update.exe login

Yes Task PC Software Task Backup Updater C:\Program Files (x86)\PC Software\PCSoftware.exe

 

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run BMUpdate C:\Windows\system32\BMUpdate.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run Brdefprn C:\Program Files (x86)\Brother\BRHL2140\Brdefprn.exe -d
Yes HKLM:Run BrStsWnd brother C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
Uninstall these programs:
Acrobat.com Adobe Systems Incorporated 8/14/2009 1.60 MB 1.6.65 (Or Update)
Adobe AIR Adobe Systems Inc. 8/14/2009 1.5.0.7220
Adobe Reader 9.5.5 MUI Adobe Systems Incorporated 9/17/2013 690 MB 9.5.5 (Or Update)
Bonjour Apple Inc. 1/1/2012 2.00 MB 3.0.0.10
eBay Worldwide OEM 1/7/2010 100 KB 2.1.0703
eMachines Games WildTangent 11/2/2009 1.0.0.71
ESET Online Scanner v3 2/24/2013
Eudora 4/10/2011 7.0
iSEEK AnswerWorks English Runtime Vantage Linguistics 2/19/2010 4.76 MB 009.000.0002
Java 8 Update 40 Oracle Corporation 3/21/2015 76.9 MB 8.0.400
QuickTime Apple Inc. 11/1/2011 73.2 MB 7.71.80.42
Visual Studio 2010 x64 Redistributables AVG Technologies 10/22/2012 12.4 MB 13.0.0.1
Windows Live Essentials Microsoft Corporation 11/2/2009 14.0.8064.0206
 
 
BC....Bleeping Computer
FSM....Flying Spaghetti Monster
 

Edited by buddy215, 16 April 2016 - 03:16 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 April 2016 - 03:48 PM

BC Advisor,

 

I deleted all but:

eMachines Games WildTangent 11/2/2009 1.0.0.71 (this gives a list of all the games that come pre-loaded.  I play some of them rarely.  Should I delete all?)

Eudora 4/10/2011 7.0 (Eudora is my default e-mail program)  I've used it forever....

 

What do you think?

Thank you very much!!!

Erik



#13 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:11 AM

Posted 16 April 2016 - 05:20 PM

So....is the computer functioning up to par after a reboot?

 

Wild Tangent may not be a problem. It is considered spyware and possibly adware. If you can play the games while offline...then that would

likely solve any issue with it.

 

I was assuming you didn't use Eudora...keep it.

 

If you need a good pdf reader....I suggest Free PDF Reader - Sumatra PDF

Since you uninstalled the Adobe one. It's much smaller and not prone to being susceptible to malware.


Edited by buddy215, 16 April 2016 - 05:26 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Viking Erik

Viking Erik
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 17 April 2016 - 09:16 AM

BC Advisor,

 

YES!  Everything seems to be working great now!

All systems are GO!

 

It seems we did some extra clean-up that was probably long over due on this old machine.

I ONLY use it for e-mail & browser.  No games or engineering or other stuff.

 

Question, which item specifically do you thing was the cause of the ad overlay & auto forwarding of websites?

 

Thank you very, very much!

Erik



#15 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:11 AM

Posted 17 April 2016 - 11:56 AM

Techsmart computer file was responsible for the criminal voice asking to call a number. Eset removed

trojan downloaders that may have downloaded that file. There was an infected email attachment removed.

There were more than one browser hijacker sources removed.

 

The rules are NEVER to open an email from an unknown sender. NEVER open a link in an email before

you are sure where it will take you. NEVER open an unexpected attachment without confirming with the known sender

what is in it.

 

You're welcome....happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users