Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing annoying pop up ads and underlined words


  • Please log in to reply
10 replies to this topic

#1 stilgar

stilgar

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 15 May 2016 - 02:01 AM

Hello,

 

I was wondering if someone could help me.  I have had a persistent malware problem that involves words being underlined, ads popping up on the same window and in new windows.  It used to be occasional, and I'd run malware bytes and it would go away.  Recently it has become persistent, and since I am incapable of fixing it, I am almost ready to throw my laptop away.  It is driving me completely nuts, and making my computer unusable.

 

Can anyone help?

 

 

 

 



BC AdBot (Login to Remove)

 


#2 TulsaRose

TulsaRose

  • Members
  • 367 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa OK
  • Local time:07:56 PM

Posted 15 May 2016 - 05:25 AM

The spell checker app in your browser is probably the culprit in the underlined words problem.  It needs to be disabled.  AdBlock and AdBlock Plus apps will stop most ads from popping up.  Check your browser add-ons.


WinXP Pro sp3 \ Firefox, Panda, MBAM, SAS, SpywareBlaster


#3 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:56 PM

Posted 15 May 2016 - 06:50 AM

Welcome to BC....

 

I know you have MBAM but please run another scan using it and the instructions below.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 


  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 stilgar

stilgar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 15 May 2016 - 06:36 PM

Hi

 

Thanks for your help.  Here are the logs, it seems plenty of things were cleaned out?

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/05/2016
Scan Time: 21:12
Logfile: mbam-log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.15.05
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: abbie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336244
Time Elapsed: 22 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.InterStat, HKU\S-1-5-21-3878643321-3204187578-1773729868-1000_Classes\APPLICATIONS\interstat.exe, Quarantined, [67ca17bf62378da94d35963fee156b95],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Helper, C:\Users\abbie\AppData\Roaming\Mozilla\Firefox\Profiles\qt0h82kk.default-1446217727596\extensions\firefox@helper2, Quarantined, [f63bb71ff3a6092d7d00f7aa877b8b75],
PUP.Optional.Helper, C:\Users\abbie\AppData\Roaming\Mozilla\Firefox\Profiles\qt0h82kk.default-1446217727596\extensions\firefox@helper2\content, Quarantined, [f63bb71ff3a6092d7d00f7aa877b8b75],

Files: 5
PUP.Optional.Helper, C:\Users\abbie\AppData\Roaming\Mozilla\Firefox\Profiles\qt0h82kk.default-1446217727596\extensions\firefox@helper2\chrome.manifest, Quarantined, [f63bb71ff3a6092d7d00f7aa877b8b75],
PUP.Optional.Helper, C:\Users\abbie\AppData\Roaming\Mozilla\Firefox\Profiles\qt0h82kk.default-1446217727596\extensions\firefox@helper2\install.rdf, Quarantined, [f63bb71ff3a6092d7d00f7aa877b8b75],
PUP.Optional.Helper, C:\Users\abbie\AppData\Roaming\Mozilla\Firefox\Profiles\qt0h82kk.default-1446217727596\extensions\firefox@helper2\content\load.js, Quarantined, [f63bb71ff3a6092d7d00f7aa877b8b75],
PUP.Optional.Helper, C:\Users\abbie\AppData\Roaming\Mozilla\Firefox\Profiles\qt0h82kk.default-1446217727596\extensions\firefox@helper2\content\overlay.xul, Quarantined, [f63bb71ff3a6092d7d00f7aa877b8b75],
PUP.Optional.Helper, C:\Users\abbie\AppData\Roaming\Mozilla\Firefox\Profiles\qt0h82kk.default-1446217727596\extensions\firefox@helper2\content\style.css, Quarantined, [f63bb71ff3a6092d7d00f7aa877b8b75],

Physical Sectors: 0
(No malicious items detected)


(end)

 

# AdwCleaner v5.116 - Logfile created 13/05/2016 at 17:13:50
# Updated 09/05/2016 by Xplode
# Database : 2016-05-13.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : abbie - GINGKO
# Running from : C:\Users\abbie\Downloads\adwcleaner_5.116.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\abbie\AppData\Roaming\Mozilla\Firefox\Profiles\qt0h82kk.default-1446217727596\extensions\firefox@helper2

***** [ Files ] *****

[-] File Deleted : C:\Users\abbie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\abbie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\abbie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] File Deleted : C:\Users\abbie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\abbie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by abbie (Administrator) on 15/05/2016 at 21:55:58.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 24

Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\116R5QSO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81UOAKSQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1O3JDE3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTCKRM1D (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5190758 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5CWUXWL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFTNUPO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUO7S56A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN0WA7AX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJD3GA9E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU7B0J9N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\abbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2IO3MRH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\116R5QSO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81UOAKSQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1O3JDE3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTCKRM1D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5190758 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5CWUXWL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFTNUPO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUO7S56A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN0WA7AX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJD3GA9E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU7B0J9N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2IO3MRH (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2016 at 22:00:04.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ESETSCAN

 

C:\setup_terraria_2 0 0 1.exe    a variant of MSIL/TrojanDownloader.Small.XC trojan    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\IT Viewer\astask.exe.vir    a variant of Win32/Techsnab.AB potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IT Viewer\astask.exe.vir    a variant of Win32/Techsnab.AB potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IT Viewer\swchromium.exe.vir    a variant of Win32/Techsnab.N potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IT Viewer\swchromium64.exe.vir    a variant of Win64/Techsnab.B potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IT Viewer\tsnet.dll.vir    a variant of Win32/Techsnab.N potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IT Viewer\tsnet64.dll.vir    a variant of Win64/Techsnab.B potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Beta Protector\jswtask.exe    a variant of Win32/Techsnab.AB potentially unwanted application    cleaned by deleting
C:\Users\abbie\Downloads\bittorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting


Thank you.  Is there anything else that needs doing?  The annoying ads seem to be gone, but want to be sure it isn't coming back!



#5 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:56 PM

Posted 15 May 2016 - 07:21 PM

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 stilgar

stilgar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 17 May 2016 - 03:27 AM

Startup Windows

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\abbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes    HKCU:Run    F.lux    Flux Software LLC    "C:\Users\abbie\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
No    HKCU:Run    Skype    Skype Technologies S.A.    "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes    HKLM:Run    amd_dc_opt    AMD    C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
Yes    HKLM:Run    BLEServicesCtrl    Intel Corporation    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
Yes    HKLM:Run    BTMTrayAgent    Microsoft Corporation    rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
Yes    HKLM:Run    Fastboot    Lenovo    C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
No    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    Lenovo Registration    Lenovo, Inc.    C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
No    HKLM:Run    LENOVO.TPKNRRES    Lenovo Group Limited    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
No    HKLM:Run    PWMTRV        rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
No    HKLM:Run    RotateImage    Ricoh co.,Ltd.    C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    HKLM:Run    SynTPEnh    Synaptics Incorporated    %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes    HKLM:Run    TpShocks    Lenovo.    TpShocks.exe
Yes    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\abbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
No    Startup User    OpenOffice.org 3.4.1.lnk        C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
No    Startup User    Terraria 1.2.4.1 pc full download.lnk        C:\PROGRA~3\{E7746~1\TERRAR~1.EXE
 

Startup Scheduled tasks

 

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    Beta Protector Cleaner        C:\Program Files (x86)\Beta Protector\jswtask.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DiskUpdate        C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
Yes    Task    DropboxUpdateTaskUserS-1-5-21-3878643321-3204187578-1773729868-1000Core    Dropbox, Inc.    C:\Users\abbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-3878643321-3204187578-1773729868-1000UA    Dropbox, Inc.    C:\Users\abbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
No    Task    ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d    Intel Corporation    C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
No    Task    ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon    Intel Corporation    C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
Yes    Task    LSCHardwareScan    LENOVO    "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan
Yes    Task    Performance Defender Job    Backup Updater    C:\Program Files (x86)\Performance Defender\PerformanceDefender.exe
Yes    Task    PMTask    Lenovo Group Limited    C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
Yes    Task    SidebarExecute    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes    Task    System Updater        C:\Users\abbie\AppData\Roaming\System Updater\System Updater.exe
Yes    Task    {0625A2F6-FB1B-4604-85F5-ECFAC00FD272}        C:\Program Files (x86)\MVP Software\3D Dragon Castle\3D Dragon  Castle.exe
Yes    Task    {1A508283-5466-4027-965A-D7BEC6C0678B}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\Bullfrog\Theme Park World\Uninst.isu" -c"C:\Program Files (x86)\Bullfrog\Theme Park World\uninst.dll" -BFLANG=2057
Yes    Task    {1E6F1DE8-EC12-42C3-B853-7C4BCC84D802}        C:\Program Files (x86)\MVP Software\3D Dragon Castle\3D Dragon  Castle.exe
Yes    Task    {3C570755-7DCB-48D6-9DA2-2B2F9B92D767}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a D:\Setup.now.exe -d D:\
Yes    Task    {ED9EAD22-029D-4475-966B-6828CA7FAFBC}        D:\Patches\TPW_Patch_v2.0_SO.exe
 

Programs

 

7-Zip 9.20        30/07/2014        
Adobe AIR    Adobe Systems Incorporated    07/01/2014        3.9.0.1380
Adobe Color - Photoshop Specific        12/07/2012        
Adobe Flash Player 21 ActiveX    Adobe Systems Incorporated    14/05/2016    5.15 MB    21.0.0.242
Adobe Flash Player 21 NPAPI    Adobe Systems Incorporated    14/05/2016    5.71 MB    21.0.0.242
Adobe Photoshop CS3    Adobe Systems Incorporated    16/01/2014    1.10 GB    10.0
Adobe Reader X MUI    Adobe Systems Incorporated    12/07/2012    470 MB    10.0.0
Adobe Setup    Adobe Systems Incorporated    02/04/2014    859 MB    1.0
Apple Mobile Device Support    Apple Inc.    01/05/2013    25.2 MB    6.1.0.13
Apple Software Update    Apple Inc.    10/01/2013    2.38 MB    2.1.3.127
AVG 2013    AVG Technologies    09/03/2013        2013.0.2904
Bonjour    Apple Inc.    10/01/2013    2.00 MB    3.0.0.10
CCleaner    Piriform    06/04/2015        5.04
Corel Burn.Now Lenovo Edition    Corel Corporation    12/07/2012    80.9 MB    4.5.0
Corel DVD MovieFactory Lenovo Edition    Corel Corporation    12/07/2012    318 MB    7.0.0
Corel WinDVD    Corel Inc.    12/07/2012    302 MB    10.0.6.334
Create Recovery Media    Lenovo Group Limited    12/07/2012    8.08 MB    1.20.0.00
CSI-3 Dimensions of Murder 1.0    Ubisoft    28/05/2013        1.0
DisplayLink Core Software    DisplayLink Corp.    12/07/2012    20.3 MB    6.1.35392.0
Dropbox    Dropbox, Inc.    11/05/2016        3.20.1
Dual-Core Optimizer    AMD    25/05/2013    86.0 KB    1.1.4.0169
EPSON Scan        24/10/2013        
ESET Online Scanner v3        15/05/2016        
Evernote v. 4.2.3    Evernote Corp.    12/07/2012    139 MB    4.2.3.15
f.lux        16/10/2013        
Free M4a to MP3 Converter 8.4    ManiacTools.com    04/06/2015    8.77 MB    
Integrated Camera Driver Installer Package Ver.1.2.1.16    RICOH    12/07/2012        1.2.1.16
Intel® Control Center    Intel Corporation    13/07/2012        1.2.1.1007
Intel® Manageability Engine Firmware Recovery Agent    Intel Corporation    12/07/2012    54.8 MB    1.0.0.35342
Intel® Management Engine Components    Intel Corporation    13/07/2012        8.0.4.1441
Intel® OpenCL CPU Runtime    Intel Corporation    13/07/2012        
Intel® Processor Graphics    Intel Corporation    13/07/2012        8.15.10.2639
Intel® PROSet/Wireless for Bluetooth® + High Speed    Intel Corporation    12/07/2012    5.30 MB    15.1.0.0096
Intel® PROSet/Wireless Software for Bluetooth® Technology    Intel Corporation    12/07/2012    95.2 MB    2.1.0.0140
Intel® USB 3.0 eXtensible Host Controller Driver    Intel Corporation    13/07/2012        1.0.1.209
Intel® PROSet/Wireless WiFi Software    Intel Corporation    12/07/2012    181 MB    15.01.0000.0830
Intel® Trusted Connect Service Client    Intel Corporation    12/07/2012    10.6 MB    1.23.605.1
iTunes    Apple Inc.    01/05/2013    187 MB    11.0.2.26
Java 8 Update 91    Oracle Corporation    15/05/2016    21.3 MB    8.0.910.14
Lenovo Auto Scroll Utility        13/07/2012        1.11
Lenovo Graphics Software    Lenovo    12/07/2012    4.00 KB    6.1.35401.0
Lenovo Registration    Lenovo Inc.    12/07/2012    4.13 MB    1.0.4
Lenovo Solution Center    Lenovo Group Limited    16/03/2015    29.5 MB    2.7.003.00
Lenovo System Update    Lenovo    16/06/2014    15.3 MB    5.05.0009
Lenovo User Guide    Lenovo Group Limited    12/07/2012    606 KB    1.0.0009.00
Lenovo Warranty Information    Lenovo    12/07/2012    861 KB    1.0.0005.00
Malwarebytes Anti-Malware version 2.2.1.1043    Malwarebytes    17/04/2016    66.8 MB    2.2.1.1043
Message Center Plus    Lenovo Group Limited    12/07/2012    3.81 MB    3.0.0012.00
Microsoft .NET Framework 4.6.1    Microsoft Corporation    26/02/2016    38.8 MB    4.6.01055



#7 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:56 PM

Posted 17 May 2016 - 05:36 AM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\abbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

Yes    HKLM:Run    Fastboot    Lenovo    C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

Yes    HKLM:Run    Lenovo Registration    Lenovo, Inc.    C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\abbie\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes    Task    DropboxUpdateTaskUserS-1-5-21-3878643321-3204187578-1773729868-1000Core    Dropbox, Inc.    C:\Users\abbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-3878643321-3204187578-1773729868-1000UA    Dropbox, Inc.    C:\Users\abbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes    Task    LSCHardwareScan    LENOVO    "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan

Yes    Task    Performance Defender Job    Backup Updater    C:\Program Files (x86)\Performance Defender\PerformanceDefender.exe (Do you know what this is?)

Yes    Task    SidebarExecute    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /addGadget

Yes    Task    System Updater        C:\Users\abbie\AppData\Roaming\System Updater\System Updater.exe
Yes    Task    {0625A2F6-FB1B-4604-85F5-ECFAC00FD272}        C:\Program Files (x86)\MVP Software\3D Dragon Castle\3D Dragon  Castle.exe
Yes    Task    {1A508283-5466-4027-965A-D7BEC6C0678B}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\Bullfrog\Theme Park World\Uninst.isu" -c"C:\Program Files (x86)\Bullfrog\Theme Park World\uninst.dll" -BFLANG=2057
Yes    Task    {1E6F1DE8-EC12-42C3-B853-7C4BCC84D802}        C:\Program Files (x86)\MVP Software\3D Dragon Castle\3D Dragon  Castle.exe
Yes    Task    {3C570755-7DCB-48D6-9DA2-2B2F9B92D767}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a D:\Setup.now.exe -d D:\
Yes    Task    {ED9EAD22-029D-4475-966B-6828CA7FAFBC}        D:\Patches\TPW_Patch_v2.0_SO.exe

 

Delete This Scheduled Task: Use CCleaner by clicking on it and choosing Delete on the right.

Yes    Task    Beta Protector Cleaner        C:\Program Files (x86)\Beta Protector\jswtask.exe

 

Uninstall these programs:

Adobe AIR    Adobe Systems Incorporated    07/01/2014        3.9.0.1380

Update or Uninstall all old Adobe products. Adobe products missing security updates are often targets of malware.

AVG 2013    AVG Technologies    09/03/2013        2013.0.2904 (uninstall or update)

ESET Online Scanner v3        15/05/2016  


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 stilgar

stilgar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 18 May 2016 - 06:01 PM

Thank you, I have had not had time to do this yet, but will do tomorrow.  Is that everything I need to do?  Thank you so much, because the annoying ads etc have completely gone - so I am so grateful.



#9 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:56 PM

Posted 18 May 2016 - 07:36 PM

Should be the last step. You're Welcome...happy surfin'

 

After further searching I found what Yes    Task    Performance Defender Job    Backup Updater    C:\Program Files (x86)\Performance Defender\PerformanceDefender.exe

is part of. It is part of a now defunct (since 2009) business named MediaDefender.

 

The sooner you complete those uninstalls, updates, Disabling and Deletions the better. Especially if you are using the computer.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 stilgar

stilgar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 19 May 2016 - 05:57 PM

I deleted everything/disabled as you suggested, except

 

Yes    Task    LSCHardwareScan    LENOVO    "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan

 

This couldn't be disabled.  It said "no mapping between account names and security IDs was done".  Any idea what this means?

 

I also couldn't uninstall the free trial of AVG, because I didn't want to update it.  It said the uninstall failed because of a general internal error and error code: 0xC0070643.  Any idea how to get past this?

 

Otherwise all done, thanks!



#11 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:56 PM

Posted 19 May 2016 - 06:13 PM

AVG | Download tools and utilities 

AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc. AVG Remover is the last option to be used in case the AVG uninstall / repair installation process has failed repeatedly.

 

You can uninstall Lenovo Solution Center    Lenovo Group Limited    16/03/2015    29.5 MB    2.7.003.00

Cert has recommended uninstalling to avoid its vulnerabilities being used by malware.

Vulnerability Note VU#294607 - Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users