Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspicious pop-up when resetting tripadvisor password


  • Please log in to reply
13 replies to this topic

#1 derekangel

derekangel

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 14 June 2016 - 11:16 AM

I needed to reset my Trip Advisor (.co.uk) password to log in and reply to some feedback about our farm.  Clicked forgot password button on the login page and entered my email address in the pop up window and hit Send Link.
 
The pop up changed to a 'Here's How to reset your password' with a couple of steps to follow ....  but then over the top comes a smaller pop-up window saying in red text "Did you mean seed.net.tw instead of <mydom.ain>? Please verify."    (the bit in between < > is correct but redacted).
seed.net.tw is Taiwan - What on earth is that doing here - is this some sort of silent/malware type of re-direct going on?
 
I have no idea what to do next, apart from the obvious burn my laptop.  I have Norton 360 and regularly do an online scan with F-secure as well.  Browser is Firefox with uBlock Origin.
 
Really don't want to hose the laptop unless it is the absolutely last resort so any help, ideas, pointer, thoughts or next steps are most welcome.
 
thanks in advance


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:07 AM

Posted 14 June 2016 - 12:18 PM

Welcome to BC...

 

Did you make more than one attempt to reset and have the same result?

 

Not sure of what triggered the unusual handling of resetting a password at that site. Possibly a typo on your part or some adware or other.

 

Use the programs below to find and remove both adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 derekangel

derekangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 14 June 2016 - 12:23 PM

thanks buddy215.  I will go do as you advise and revert.  Of interest however is that I only made one attempt to reset and the email promptly came from Tripadvisor with the reset password link in it so it worked first time.

 

I wanted to upload a screen grab of the offending window but cant see how to on this site.  Can you advise?

 

many thanks



#4 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:07 AM

Posted 14 June 2016 - 12:56 PM

You would need to host the screenshot at one of many sites such as PhotoBucket and Imgur.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 derekangel

derekangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 14 June 2016 - 05:48 PM

CCleaner run - cleaned out a whole host of stuff

 

MBAM run - log as follows:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/06/2016
Scan Time: 19:30
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.14.04
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: GCK

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 517512
Time Elapsed: 1 hr, 57 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

AdwCleaner run - log as follows:

 

# AdwCleaner v5.119 - Logfile created 14/06/2016 at 19:08:09
# Updated 30/05/2016 by Xplode
# Database : 2016-06-13.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X86)
# Username : GCK - E43100
# Running from : C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4FOADRG\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\GCK\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Users\JK\AppData\Local\VirtualStore\Program Files\Movies Toolbar
Folder Found : C:\Users\JK\AppData\Local\VirtualStore\Program Files\movies toolbar

***** [ Files ] *****

File Found : C:\Users\JK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
File Found : C:\Users\JK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Found : C:\Users\JK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKU\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\Freecorder extension
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\LinkSwift
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

[C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\EAK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\JK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\GK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [7735 bytes] - [08/03/2014 21:44:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [8044 bytes] - [08/03/2014 21:46:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [4530 bytes] - [14/06/2016 19:08:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4603 bytes] ##########

 

Junkware Removal Tool run - log as follows:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x86
Ran by GCK (Administrator) on 14/06/2016 at 21:50:19.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 164

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage (File)
Successfully deleted: C:\Users\GCK\AppData\Roaming\Mozilla\Firefox\Profiles\p0mmahph.default-1441770620883\searchplugins\norton-safe-search.xml (File)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DLRSWO8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L6SX447 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QQSEPP2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U9VH859 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FZ8RZMF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\200XZ1NN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2334CJCH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HUU1QQF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35DSSEGL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X1EVIHL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZDSVI3T (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GZZJHT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HKTZFPB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T478WRO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JNSE8PN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XW0SQ9X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65GRF465 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65IIO052 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66G50540 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WZW0HD4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7R9XZD5I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RXRRJR8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85AKZXPZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8I1ZAAPE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SDRVSS5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7RNZPLC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY8IVX8I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ4MLNVN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAGMJH4P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIDJ41L6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYFJBLSL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3KTNE4O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CC3NTE1P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJS0GQ0N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOYO34Y2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DU954JQG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENS2QF2I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPEMNRWD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ER9K59VF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F13KEFO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3KDPVAJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4FOADRG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEXQU3OA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3SNZAX2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFY3N6KF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKNNK5SJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGWW1YK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7NYNA6I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IVAN6PSV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIB8H900 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU7Z86IR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9MC9LX9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH3V3FMZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJRN3HY9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBAI8ERF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHN0R7R2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2J93TCH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRZ95IEP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVFGQ7A6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0VL3WCJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLOCQHHN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXYLT1Z1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S28IKSGJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S82ZWJSC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBXFI5XZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TU1UKU38 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VNJPHD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE27VZIQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V802BZHU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEOP246Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ7TCI0J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WF739JLS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRF6QVGL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX02MI8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4QT95RZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCP2D6V4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFE6O4L0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG31T7SS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJZFUCRP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT1B5ZUV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DLRSWO8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L6SX447 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QQSEPP2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U9VH859 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FZ8RZMF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\200XZ1NN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2334CJCH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HUU1QQF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35DSSEGL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X1EVIHL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZDSVI3T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GZZJHT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HKTZFPB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T478WRO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JNSE8PN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XW0SQ9X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65GRF465 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65IIO052 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66G50540 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WZW0HD4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7R9XZD5I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RXRRJR8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85AKZXPZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8I1ZAAPE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SDRVSS5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7RNZPLC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY8IVX8I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ4MLNVN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAGMJH4P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIDJ41L6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYFJBLSL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3KTNE4O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CC3NTE1P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJS0GQ0N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOYO34Y2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DU954JQG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENS2QF2I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPEMNRWD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ER9K59VF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F13KEFO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3KDPVAJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4FOADRG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEXQU3OA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3SNZAX2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFY3N6KF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKNNK5SJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGWW1YK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7NYNA6I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IVAN6PSV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIB8H900 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU7Z86IR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9MC9LX9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH3V3FMZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJRN3HY9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBAI8ERF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHN0R7R2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2J93TCH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRZ95IEP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVFGQ7A6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0VL3WCJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLOCQHHN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXYLT1Z1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S28IKSGJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S82ZWJSC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBXFI5XZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TU1UKU38 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VNJPHD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE27VZIQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V802BZHU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEOP246Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ7TCI0J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WF739JLS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRF6QVGL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX02MI8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4QT95RZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCP2D6V4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFE6O4L0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG31T7SS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJZFUCRP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT1B5ZUV (Temporary Internet Files Folder)

Deleted the following from C:\Users\GCK\AppData\Roaming\Mozilla\Firefox\Profiles\p0mmahph.default-1441770620883\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/06/2016 at 21:55:17.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:07 AM

Posted 14 June 2016 - 06:09 PM

Rerun AdwCleaner and be sure to choose Clean. It will probably ask you to reboot to complete the deletion of what it found.

Post the log after cleaning.

 

Reset Google Chrome

You can restore your browser settings in Chrome at any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

  1. Open Chrome.
  2. In the top right, click the icon you see: Menu  or More
  3. Click Settings.
  4. At the bottom, click Show advanced settings.
  5. Under the section "Reset settings,” click Reset settings.
  6. In the box that appears, click Reset. ​

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 14 June 2016 - 06:18 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 derekangel

derekangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 14 June 2016 - 06:36 PM

I re-ran ADWcleaner - logs below - but I looked down through the text files as at the top I could see the results from the first run, at 19:08:09.  I found the next run but realised I had run an older version.  I have no idea how but must have run it 2 years ago, don't remember.  Anyway, the logs from running it are as below.  I have re-downloaded the latest version and will run it one more time, then post the log files in a following post.

 

First Re-Run with older Version

# AdwCleaner v5.119 - Logfile created 14/06/2016 at 19:08:09
# Updated 30/05/2016 by Xplode
# Database : 2016-06-13.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X86)
# Username : GCK - E43100
# Running from : C:\Users\GCK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4FOADRG\AdwCleaner.exe
# Option : Scan
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\GCK\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Users\JK\AppData\Local\VirtualStore\Program Files\Movies Toolbar
Folder Found : C:\Users\JK\AppData\Local\VirtualStore\Program Files\movies toolbar

***** [ Files ] *****

File Found : C:\Users\JK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
File Found : C:\Users\JK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Found : C:\Users\JK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKU\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\Freecorder extension
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\LinkSwift
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-4234109291-2147560036-1728036309-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

[C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\EAK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\JK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\GK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [7735 bytes] - [08/03/2014 21:44:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [8044 bytes] - [08/03/2014 21:46:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [4530 bytes] - [14/06/2016 19:08:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4603 bytes] ##########
# AdwCleaner v3.020 - Report created 15/06/2016 at 00:12:57
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : GCK - E43100
# Running from : C:\Users\JK\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17937

-\\ Mozilla Firefox v47.0 (x86 en-GB)

[ File : C:\Users\GCK\AppData\Roaming\Mozilla\Firefox\Profiles\p0mmahph.default-1441770620883\prefs.js ]

[ File : C:\Users\JK\AppData\Roaming\Mozilla\Firefox\Profiles\9z6q960u.default\prefs.js ]

-\\ Google Chrome v51.0.2704.84

[ File : C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\EAK\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\JK\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\GK\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[C1].txt - [4624 octets] - [14/06/2016 19:23:59]
AdwCleaner[R0].txt - [7735 octets] - [08/03/2014 21:44:20]
AdwCleaner[R1].txt - [1890 octets] - [15/06/2016 00:11:25]
AdwCleaner[S0].txt - [8044 octets] - [08/03/2014 21:46:43]
AdwCleaner[S1].txt - [6443 octets] - [14/06/2016 19:08:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6503 octets] ##########

 

I will post the logs of the second re-run, with the latest version, when it has finished and the laptop has re-booted.



#8 derekangel

derekangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 14 June 2016 - 07:03 PM

here is the second re-run, this time with the latest version of Adwcleaner:

 

# AdwCleaner v5.200 - Logfile created 15/06/2016 at 00:37:35
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-14.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X86)
# Username : GCK - E43100
# Running from : C:\Users\GCK\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4624 bytes] - [14/06/2016 19:23:59]
C:\AdwCleaner\AdwCleaner[C2].txt - [912 bytes] - [15/06/2016 00:37:35]
C:\AdwCleaner\AdwCleaner[R0].txt - [7735 bytes] - [08/03/2014 21:44:20]
C:\AdwCleaner\AdwCleaner[R1].txt - [1890 bytes] - [15/06/2016 00:11:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [8044 bytes] - [08/03/2014 21:46:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [6583 bytes] - [14/06/2016 19:08:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [1414 bytes] - [15/06/2016 00:29:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1349 bytes] ##########

 

 

CCleaner Lists

 

CCleaner layout is slightly different to how you describe.  Selecting Tools on left, there is an inner left menu in which I select Startup which presents 3 tabs in the main part; Windows, scheduled Tasks and Context Menu.  to get to the three browsers, I have to select on the inner menu Browser Plugins, which is just below Startup.  Following are the logs from all these:

 

Tools -> Startup -> Windows

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run dattodrive  C:\Program Files\dattodrive\dattodrive.exe
No HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\GCK\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run iCloudServices Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
No HKCU:Run iCloudServices Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
No HKCU:Run NETGEARGenie  "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\GCK\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
Yes HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\DellTPad\Apoint.exe
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run CancelAutoPlay_df ZTE CORPORATION "C:\Program Files\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe" run
Yes HKLM:Run CheckNDISPortf0acf7 ZTE CORPORATION C:\Program Files\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe
No HKLM:Run Conime  %windir%\system32\conime.exe
Yes HKLM:Run DBRMTray Dell Computer Corporation C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
No HKLM:Run Dell Webcam Central Creative Technology Ltd "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
No HKLM:Run DellBtrEvent DeviceVM, Inc. D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
No HKLM:Run EKIJ5000StatusMonitor Eastman Kodak Company C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
No HKLM:Run EKStatusMonitor Eastman Kodak Company C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
No HKLM:Run FreeFallProtection STMicroelectronics C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
No HKLM:Run HP Software Update Hewlett-Packard C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
No HKLM:Run hpqSRMon Hewlett-Packard C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
No HKLM:Run IAStorIcon Intel Corporation C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
No HKLM:Run IMSS Intel Corporation "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run Kernel and Hardware Abstraction Layer  KHALMNPR.EXE
No HKLM:Run LWS Logitech Inc. C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
No HKLM:Run PDVDDXSrv CyberLink Corp. "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
No HKLM:Run PMBVolumeWatcher Sony Corporation C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
No HKLM:Run QuickTime Task  "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray.exe
No HKLM:Run USCService Broadcom Corporation C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
No HKLM:Run WavXMgr Wave Systems Corp. C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
Yes HKLM:RunOnce DBRMTray Microsoft C:\Dell\DBRM\Reminder\TrayApp.exe
No Startup Common Adobe Acrobat Speed Launcher.lnk  C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
No Startup Common Adobe Acrobat Synchronizer.lnk Adobe Systems, Incorporated C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
No Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
No Startup Common Dell System Manager.lnk Dell Inc. C:\PROGRA~1\Dell\DELLSY~1\DCPSYS~1.EXE
No Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
No Startup Common Logitech SetPoint.lnk Logitech, Inc. C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
No Startup Common TdmNotify.lnk Wave Systems Corp. C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\GCK\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User OneNote 2010 Screen Clipper and Launcher.lnk Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

 

Tools -> Startup -> Scheduled Tasks

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\System32\browserchoice.exe /launch
Yes Task DropboxUpdateTaskUserS-1-5-21-4234109291-2147560036-1728036309-1001Core Dropbox, Inc. C:\Users\GCK\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-4234109291-2147560036-1728036309-1001UA Dropbox, Inc. C:\Users\GCK\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HP Photo Creations Communicator  C:\ProgramData\HP Photo Creations\Communicator.exe --auto
 

Tools -> Startup -> Context Menu

Yes Directory 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes Directory Add to VLC media player's Playlist VideoLAN "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Yes Directory Browse with FastStone FastStone Soft "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1"
Yes Directory DropboxExt Dropbox, Inc. C:\Users\GCK\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
Yes Directory EncryptDocMgr Wave Systems Corp. C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
Yes Directory Play with VLC media player VideoLAN "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Yes Directory RecuvaShellExt Piriform Ltd C:\Program Files\Recuva\RecuvaShell.dll
Yes Directory WinZip WinZip Computing, S.L. C:\Program Files\WinZip\wzshlstb.dll
Yes Drive Browse with FastStone FastStone Soft "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1"
Yes Drive EncryptDocMgr Wave Systems Corp. C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
Yes Drive Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files\Norton 360\Engine\22.6.0.142\NavShExt.dll"
Yes File 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes File AcShellExtension.AcContextMenuHandler Autodesk C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
Yes File Adobe.Acrobat.ContextMenu Adobe Systems Inc. C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
Yes File ANotepad++  C:\Program Files\Notepad++\NppShell_06.dll
Yes File BUContextMenu Symantec Corporation C:\Program Files\Norton 360\Engine\22.6.0.142\buShell.dll
Yes File DropboxExt Dropbox, Inc. C:\Users\GCK\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
Yes File EncryptDocMgr Wave Systems Corp. C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
Yes File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll
Yes File OCContextMenuHandler ownCloud Inc. C:\Program Files\dattodrive\shellext\OCContextMenu_x86.dll
Yes File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll
Yes File Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files\Norton 360\Engine\22.6.0.142\NavShExt.dll"
Yes File WinZip WinZip Computing, S.L. C:\Program Files\WinZip\wzshlstb.dll
Yes Folder Adobe.Acrobat.ContextMenu Adobe Systems Inc. C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
Yes Folder Browse with Paint Shop Pro Jasc Software, Inc. "C:\PROGRA~1\PAINTS~1\PSP.EXE" "%L"
Yes Folder BUContextMenu Symantec Corporation C:\Program Files\Norton 360\Engine\22.6.0.142\buShell.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder RecuvaShellExt Piriform Ltd C:\Program Files\Recuva\RecuvaShell.dll
Yes Folder Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files\Norton 360\Engine\22.6.0.142\NavShExt.dll"
Yes Folder TreeSize Professional 4 JAM Software "C:\Program Files\JAM Software\TreeSize Professional\tsizepro.exe" /CONTEXT "%1"
Yes Folder WinZip WinZip Computing, S.L. C:\Program Files\WinZip\wzshlstb.dll

 

 

Tools -> Startup -> Internet Explorer

No Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
No Extension Research Microsoft Corporation C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
No Extension Send To Bluetooth  C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
No Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
No Extension Show or hide HP Smart Web Printing Hewlett-Packard Co. C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
No Helper Adobe PDF Conversion Toolbar Helper Adobe Systems Incorporated C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
No Helper Adobe PDF Reader Link Helper Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
No Helper HP Print Enhancer Hewlett-Packard Co. C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
No Helper HP Smart BHO Class Hewlett-Packard Co. C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Yes Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll
Yes Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll
No Helper McAfee Phishing Filter  c:\progra~1\mcafee\msk\mskapbho.dll
Yes Helper Norton Identity Protection Symantec Corporation C:\Program Files\Norton 360\Engine\22.6.0.142\coIEPlg.dll
No Helper Norton Vulnerability Protection  C:\Program Files\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL
No Helper Office Document Cache Handler Microsoft Corporation C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
No Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
No Toolbar Adobe PDF Adobe Systems Incorporated C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
Yes Toolbar Norton Toolbar Symantec Corporation C:\Program Files\Norton 360\Engine\22.6.0.142\coIEPlg.dll

 

Tools -> Startup -> Firefox

Yes Extension Firefox Hello 1.3.2 Mozilla default-1441770620883 Firefox 47.0 C:\Program Files\Mozilla Firefox\browser\features\loop@mozilla.org.xpi
No Extension HP Smart Web Printing 4.51 hp.com default-1441770620883 Firefox 47.0 C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Yes Extension Multi-process staged rollout 1.0  default-1441770620883 Firefox 47.0 C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
No Extension Norton Identity Safe 2016.6.0.66 Symantec Corporation default-1441770620883 Firefox 47.0 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon
Yes Extension Pocket 1.0.2  default-1441770620883 Firefox 47.0 C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Yes Extension uBlock Origin 1.7.0 All uBlock Origin contributors default-1441770620883 Firefox 47.0 C:\Users\GCK\AppData\Roaming\Mozilla\Firefox\Profiles\p0mmahph.default-1441770620883\extensions\uBlock0@raymondhill.net.xpi
Yes Plugin  1.4.8.866 Google Inc. default-1441770620883 Firefox 47.0 C:\Users\GCK\AppData\Roaming\Mozilla\Firefox\Profiles\p0mmahph.default-1441770620883\gmp-widevinecdm\1.4.8.866\widevinecdm.dll
Yes Plugin Adobe Acrobat 15.16.20045.57024 Adobe Systems Inc. default-1441770620883 Firefox 47.0 C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Yes Plugin Citrix Online Web Deployment Plugin 1.0.0.104 1.0.0.104 Citrix Online default-1441770620883 Firefox 47.0 C:\Users\GCK\AppData\Local\Citrix\Plugins\104\npappdetector.dll
Yes Plugin Google Earth Plugin 7.1.5.1557 Google default-1441770620883 Firefox 47.0 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Yes Plugin Google Update 1.3.30.3 Google Inc. default-1441770620883 Firefox 47.0 C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll
Yes Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default-1441770620883 Firefox 47.0 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
Yes Plugin Java Deployment Toolkit 8.0.910.14 11.91.2.14 Oracle Corporation default-1441770620883 Firefox 47.0 C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
Yes Plugin Java™ Platform SE 8 U91 11.91.2.14 Oracle Corporation default-1441770620883 Firefox 47.0 C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
Yes Plugin Microsoft Office 2010 14.0.4730.1010 Microsoft Corporation default-1441770620883 Firefox 47.0 C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
Yes Plugin Microsoft Office 2010 14.0.4761.1000 Microsoft Corporation default-1441770620883 Firefox 47.0 C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
Yes Plugin Microsoft Office 2016 16.0.6925.1016 Microsoft Corporation default-1441770620883 Firefox 47.0 C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL
Yes Plugin OpenH264 Video Codec 1.5.3 Mozilla Corporation default-1441770620883 Firefox 47.0 C:\Users\GCK\AppData\Roaming\Mozilla\Firefox\Profiles\p0mmahph.default-1441770620883\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
Yes Plugin Photo Gallery 16.4.3528.331 Microsoft Corporation default-1441770620883 Firefox 47.0 C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Yes Plugin Primetime Content Decryption Module provided by Adobe Systems, Incorporated 17 Adobe Systems Inc default-1441770620883 Firefox 47.0 C:\Users\GCK\AppData\Roaming\Mozilla\Firefox\Profiles\p0mmahph.default-1441770620883\gmp-eme-adobe\17\eme-adobe.dll
Yes Plugin RocketLife Secure Plug-In Layer 1.0.5.0 RocketLife, LLP default-1441770620883 Firefox 47.0 C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
Yes Plugin Shockwave Flash 21.0.0.242 Adobe Systems Incorporated default-1441770620883 Firefox 47.0 C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll
Yes Plugin Shockwave for Director 12.1.5.155 Adobe Systems, Inc. default-1441770620883 Firefox 47.0 C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll
Yes Plugin Silverlight Plug-In 5.1.41212.0  Microsoft Corporation default-1441770620883 Firefox 47.0 c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll
Yes Plugin VLC Web Plugin 2.2.1.0 VideoLAN default-1441770620883 Firefox 47.0 C:\Program Files\VideoLAN\VLC\npvlc.dll

 

Tools -> Startup -> Firefox

Yes App Gmail 8.1 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
Yes App Google Drive 14.1 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
Yes App YouTube 4.2.8 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
No Extension AdBlock 2.59 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.59_0
No Extension Google Docs 0.9 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
No Extension Google Docs Offline 1.4 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1
No Extension Google Sheets 1.1 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0
No Extension Google Slides 0.9 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0
No Extension The Great Suspender 6.21 Person 1 C:\Users\GCK\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg\6.21_0

 

Tools -> Uninstall

3G Hostless Modem ZTE Corporation 03/06/2016  1.0.0.2
7-Zip 9.20  22/06/2012  
AccelerometerP11 STMicroelectronics 14/01/2016  2.00.10.34
Adobe Acrobat 8 Professional Adobe Systems 11/02/2013  8.0.0
Adobe Acrobat Reader DC Adobe Systems Incorporated 02/06/2016 195 MB 15.016.20045
Adobe AIR Adobe Systems Incorporated 30/07/2015  18.0.0.180
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 04/04/2016 18.4 MB 21.0.0.197
Adobe Flash Player 21 NPAPI Adobe Systems Incorporated 18/05/2016 19.0 MB 21.0.0.242
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 17/12/2014  12.1.5.155
Akamai NetSession Interface Akamai Technologies, Inc 11/09/2012  
Amazon MP3 Downloader 1.0.15 Amazon Services LLC 31/07/2012  1.0.15
Apple Application Support (32-bit) Apple Inc. 03/05/2016 117 MB 4.3.1
Apple Mobile Device Support Apple Inc. 22/03/2016 23.0 MB 9.3.0.15
Apple Software Update Apple Inc. 16/03/2016 2.69 MB 2.2.0.150
Applian Director Applian Technologies Inc. 27/07/2012  2.1
Audacity 2.0.5 Audacity Team 20/08/2014 45.5 MB 2.0.5
Avidemux 2.6 (32-bit)  02/04/2014  2.6.8.9046
AVS Video Editor 6.5 Online Media Technologies Ltd. 27/06/2014  6.5.1.246
Bandicam Bandisoft.com 02/08/2013 19.6 MB 1.8.7.347
Bandisoft MPEG-1 Decoder Bandisoft.com 02/08/2013  
BBC iPlayer Downloads BBC 10/08/2014 47.2 MB 1.8.0
Belarc Advisor 8.3 Belarc Inc. 18/09/2013  8.3.2.0
Bonjour Apple Inc. 17/05/2016 1.02 MB 3.1.0.1
Canon Inkjet Printer Driver Add-On Module  11/08/2012  
CCleaner Piriform 14/06/2016  5.18
Citrix Online Launcher Citrix 28/08/2014 290 KB 1.0.209
Core FTP LE  02/06/2012  
Datto Drive Datto Inc. 05/06/2016  2.1.1.623
Debugging Tools for Windows (x86) Microsoft Corporation 05/07/2012 41.6 MB 6.12.2.633
Dell Backup and Recovery Manager Dell Inc. 02/11/2011  1.3.1
Dell ControlPoint Security Manager Dell Inc. 02/11/2011  1.6.468.86
Dell Security Device Driver Pack Dell Inc. 02/11/2011  1.4.055
Dell System Detect Dell 17/03/2016  6.12.0.5
Dell System Manager Dell Inc. 02/11/2011  1.5.00000
Dell Touchpad ALPS ELECTRIC CO., LTD. 14/01/2016  8.1200.101.127
Dell Webcam Central Creative Technology Ltd 02/11/2011  1.40.28
devolo Cockpit devolo AG 09/12/2014  4.2.3.0
Diskeeper 2009 Professional Diskeeper Corporation 06/10/2013 22.7 MB 13.0.842.32
Dropbox Dropbox, Inc. 03/06/2016  4.4.29
DVD Flick 1.3.0.7 Dennis Meuwissen 18/04/2016  1.3.0.7
DWG TrueView 2013 Autodesk 11/09/2012  19.0.55.0
FastStone Image Viewer 5.3 FastStone Soft 02/05/2015  5.3
Fraps  02/08/2014  
Freecorder 8 Applications (8.0.1.19) Applian Technologies 13/11/2013  8.0.1.19
FreeFileSync 5.16 Zenju 17/06/2013  5.16
GIMP 2.8.2 The GIMP Team 14/09/2012 212 MB 2.8.2
Google Chrome Google Inc. 25/04/2016  51.0.2704.84
Google Earth Google 01/06/2015 179 MB 7.1.5.1557
GWX Control Panel UltimateOutsider 18/03/2016  
HandBrake 0.9.9.1  23/08/2013  0.9.9.1
HP Imaging Device Functions 13.0 HP 17/06/2014  13.0
HP Officejet 7500 E910 Basic Device Software Hewlett-Packard Co. 10/12/2012 143 MB 22.50.231.0
HP Officejet 7500 E910 Help Hewlett Packard 10/12/2012 21.8 MB 140.0.93.93
HP Photo Creations HP 28/01/2013 40.0 MB 1.0.0.11182
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 HP 28/10/2014  13.0
HP Photosmart Essential 3.5 HP 17/06/2014  3.5
HP Smart Web Printing 4.51 HP 17/06/2014  4.51
HP Solution Center 13.0 HP 17/06/2014  13.0
HP Update Hewlett-Packard 02/09/2014 3.99 MB 5.005.002.002
I.R.I.S. OCR HP 28/09/2012 68.9 MB 12.3.4.0
iCloud Apple Inc. 03/05/2016 98.9 MB 5.2.1.69
iExplorer 3.8.3.0 Macroplant LLC 18/09/2015 16.4 MB 
inSSIDer 3 MetaGeek, LLC 15/12/2013 10.7 MB 3.0.7.48
Intel Processor Diagnostic Tool Intel Corporation 09/01/2016 7.77 MB 2.11.0.0
Intel® Control Center Intel Corporation 01/07/2015  1.2.1.1007
Intel® Management Engine Components Intel Corporation 01/07/2015  6.0.0.1179
Intel® Network Connections 15.2.89.0 Dell 02/11/2011  15.2.89.0
Intel® Processor Graphics Intel Corporation 14/01/2016  8.15.10.2993
Intel® Rapid Storage Technology Intel Corporation 01/07/2015  9.6.0.1014
Intel® PROSet/Wireless Software Intel Corporation 18/05/2014 327 MB 16.11.0
iTunes Apple Inc. 14/06/2016 202 MB 12.4.1.6
Java 8 Update 91 Oracle Corporation 22/04/2016 21.3 MB 8.0.910.14
JavaFX 2.1.1 Oracle Corporation 14/06/2012 20.8 MB 2.1.1
join.me LogMeIn, Inc. 02/06/2012  1.3.1.431
KODAK AiO Software Eastman Kodak Company 30/08/2014  7.8.5.2
KompoZer 0.8b3 KompoZer 03/04/2015 22.6 MB 
KX-TEA308 Maintenance Console  09/06/2012  3.001
LAME v3.99.3 (for Windows)  14/12/2012 1.52 MB 
Logitech SetPoint Logitech 21/05/2012 17.0 KB 4.80
Logitech Webcam Software Logitech Inc. 09/12/2015  2.51
MakeMKV v1.8.13 GuinpinSoft inc 03/10/2014  v1.8.13
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 14/06/2016 66.8 MB 2.2.1.1043
MediaInfo 0.7.69 MediaArea.net 10/08/2014 7.87 MB 0.7.69
Microsoft .NET Framework 4.5.2 Microsoft Corporation 20/01/2015 38.8 MB 4.5.51209
Microsoft Office FrontPage 2003 Microsoft Corporation 12/12/2013 682 MB 11.0.8173.0
Microsoft Office Home and Business 2010 Microsoft Corporation 24/10/2013  14.0.7015.1000
Microsoft OneNote Home and Student 2016 - en-us Microsoft Corporation 13/06/2016  16.0.6965.2053
Microsoft PVK Import (Remove only)  05/07/2012  
Microsoft Silverlight Microsoft Corporation 09/02/2016 222 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18/08/2013 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24/01/2012 250 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13/12/2011 300 KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22/02/2015 236 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11/09/2012 588 KB 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 13/02/2015 5.13 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 05/06/2016 17.1 MB 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Corporation 13/02/2015  10.0.50903
Microsoft Windows Performance Toolkit Microsoft Corporation 05/07/2012 23.9 MB 4.8.0
Microsoft Windows SDK for Windows 7 (7.1) Microsoft Corporation 05/07/2012  7.1.7600.0.30514
MiniTool Partition Wizard Home Edition 8.1.1 MiniTool Solution Ltd. 23/11/2013 57.2 MB 
Mobile Broadband HL Service Huawei Technologies Co.,Ltd 25/08/2014  22.001.16.00.03
Mozilla Firefox 47.0 (x86 en-GB) Mozilla 10/06/2016 91.3 MB 47.0
Mozilla Maintenance Service Mozilla 10/06/2016 246 KB 47.0.0.5999
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 09/12/2011 35.0 KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 09/12/2011 1.33 MB 4.20.9876.0
MSXML 4.0 SP3 Parser Microsoft Corporation 07/04/2012 1.47 MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 12/07/2012 1.53 MB 4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 10/01/2013 1.54 MB 4.30.2117.0
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 08/04/2012 1.53 MB 4.30.2107.0
Muvizu:Play Digimania Ltd 07/06/2014 594 MB 2014.03.19.01R
Muvizu:Play - Heroes and villains Digimania Ltd 07/06/2014  
Muvizu:Play - Heroes and villains Lairs Digimania Ltd 07/06/2014  
Muvizu:Play - Lighting Presets Digimania Ltd 07/06/2014  
Muvizu:Play - Prisons Digimania Ltd 07/06/2014  
Muvizu:Play - Rosie Digimania Ltd 07/06/2014  
Muvizu:Play - Trains Digimania Ltd 07/06/2014  
Norton 360 Symantec Corporation 10/01/2016  22.6.0.142
Norton Management Symantec Corporation 20/03/2013  3.2.2.12
Notepad++ Notepad++ Team 18/01/2016  6.8.8
Outreach Form Filler Toplevel Computing Ltd 28/01/2013 13.1 MB 11.0.1.0
Paint Shop Pro 5.01  28/02/2012  
PFPortChecker 1.0.39 Portforward.com 21/11/2012  1.0.39
PlayMemories Home Sony Corporation 04/12/2015  5.0.03.11020
PowerDVD DX CyberLink Corp. 02/11/2011  8.3.6029
PrintProjects RocketLife Inc. 26/10/2012 14.6 MB 1.0.0.9282
PS3 Media Server PS3 Media Server 02/04/2014 184 MB 1.90.1
QuickTime 7 Apple Inc. 27/01/2016 69.1 MB 7.79.80.95
Radioplayer UK Radioplayer Ltd 15/03/2012  1.2.386
Reader 2.1 Dell Inc. 02/11/2011 96.6 MB 2.1.2.1143
Recuva Piriform 30/09/2014  1.51
Replay Video Capture 6 Applian Technologies Inc. 27/07/2012  6.0.6
Roxio Creator DE 10.3 Roxio 02/11/2011 96.6 MB 10.3
SetFileDate 2.0 No Nonsense Software 14/11/2013  
Shop for HP Supplies HP 17/06/2014  13.0
SketchUp 8 Trimble Navigation Limited 01/02/2013 70.0 MB 3.0.16846
Skype™ 7.0 Skype Technologies S.A. 12/01/2015 47.8 MB 7.0.102
Sony Pictures Download Manager ultraviolet.sonypictures.com 19/01/2013  
Spotify Spotify AB 09/11/2014  0.9.14.13.gba5645ad
Synology Assistant (remove only)  17/07/2012  
System Requirements Lab for Intel Husdawg, LLC 18/05/2014 1.12 MB 4.5.22.0
TeamViewer 11 TeamViewer 18/05/2016  11.0.59518
TreeSize Professional 4.3 JAM Software 17/06/2013  
Trusteer Endpoint Protection Trusteer 05/06/2016  3.5.1609.65
Vitamin D Video r5646 Vitamin D, Inc. 02/07/2015  
VIVOTEK Installation Wizard 2  28/11/2012  
VLC media player VideoLAN 04/12/2015  2.2.1
WhoCrashed 3.04 Resplendence Software Projects Sp. 10/05/2012 6.00 MB 
WIDCOMM Bluetooth Software Broadcom Corporation 02/11/2011 118 MB 6.3.0.6900
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) Dell Inc. 02/11/2011  09/11/2009 1.0.1.6
Windows Live Essentials Microsoft Corporation 06/08/2014  16.4.3528.0331
WinHTTrack Website Copier 3.47-27 HTTrack 10/01/2014 11.4 MB 3.47.27
WinZip 14.5 WinZip Computing, S.L.  06/04/2012 19.2 MB 14.5.9095
WinZip Command Line Support Add-On 3.2 WinZip Computing, S.L. 30/09/2014  
Wondershare Dr.Fone for iOS(Build 5.1.0.10) Wondershare Software Co.,Ltd. 23/09/2014 50.5 MB 5.1.0.10
XlsTable15 GstarCad 12/07/2015 869 KB 1.0.0

 

 

you have my soul now!!

Many thanks in advance for your continued help here.
 



#9 derekangel

derekangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 14 June 2016 - 07:11 PM

just scanned through my last post and have made errors in titling the CCleaner lists.

 

The three browser sections should be titled:

Tools -> Browser Plugins  -> xx where xx is the relevant browser.

 

Also, I have title two sections as Firefox - this is wrong. The second Firefox section is Google (as you probably deduced)

 

Late at night and I'm tired!



#10 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:07 AM

Posted 15 June 2016 - 07:26 AM

Handling souls is always done with care and then returned...:)

After doing below and rebooting...please let me know of any problems.

 

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

Yes HKCU:Run iCloudServices Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

Yes HKLM:Run DBRMTray Dell Computer Corporation C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe

Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

Yes HKLM:RunOnce DBRMTray Microsoft C:\Dell\DBRM\Reminder\TrayApp.exe

Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\GCK\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User OneNote 2010 Screen Clipper and Launcher.lnk Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\System32\browserchoice.exe /launch
Yes Task DropboxUpdateTaskUserS-1-5-21-4234109291-2147560036-1728036309-1001Core Dropbox, Inc. C:\Users\GCK\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-4234109291-2147560036-1728036309-1001UA Dropbox, Inc. C:\Users\GCK\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HP Photo Creations Communicator  C:\ProgramData\HP Photo Creations\Communicator.exe --auto

 

Disable these IE Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll
Yes Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll

Yes Toolbar Norton Toolbar Symantec Corporation C:\Program Files\Norton 360\Engine\22.6.0.142\coIEPlg.dll

 

Suggest Disabling these Add-ons in Firefox: Use Firefox Tools to Disable....Tools > Add-ons > Extensions and Plug-ins

Yes Plugin Adobe Acrobat 15.16.20045.57024 Adobe Systems Inc. default-1441770620883 Firefox 47.0 C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Yes Plugin Citrix Online Web Deployment Plugin 1.0.0.104 1.0.0.104 Citrix Online default-1441770620883 Firefox 47.0 C:\Users\GCK\AppData\Local\Citrix\Plugins\104\npappdetector.dll
Yes Plugin Google Earth Plugin 7.1.5.1557 Google default-1441770620883 Firefox 47.0 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Yes Plugin Google Update 1.3.30.3 Google Inc. default-1441770620883 Firefox 47.0 C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll
Yes Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default-1441770620883 Firefox 47.0 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
Yes Plugin Java Deployment Toolkit 8.0.910.14 11.91.2.14 Oracle Corporation default-1441770620883 Firefox 47.0 C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
Yes Plugin Java™ Platform SE 8 U91 11.91.2.14 Oracle Corporation default-1441770620883 Firefox 47.0 C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
Yes Plugin Microsoft Office 2010 14.0.4730.1010 Microsoft Corporation default-1441770620883 Firefox 47.0 C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
Yes Plugin Microsoft Office 2010 14.0.4761.1000 Microsoft Corporation default-1441770620883 Firefox 47.0 C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

Yes Plugin Microsoft Office 2016 16.0.6925.1016 Microsoft Corporation default-1441770620883 Firefox 47.0 C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL

Yes Plugin Photo Gallery 16.4.3528.331 Microsoft Corporation default-1441770620883 Firefox 47.0 C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

Yes Plugin Silverlight Plug-In 5.1.41212.0  Microsoft Corporation default-1441770620883 Firefox 47.0 c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

 

Suggest uninstalling these programs:

Akamai NetSession Interface Akamai Technologies, Inc 11/09/2012

QuickTime 7 Apple Inc. 27/01/2016 69.1 MB 7.79.80.95


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 derekangel

derekangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 15 June 2016 - 01:53 PM

OK - I've done all as above and re-booted.  Of note is even before doing the above, the machine was noticeably faster (thanks).  However, rather irritatingly the original issue happened again to me logging into https://www.tripadvisor.co.uk, whereby at the pop up window, when I typed my email address in, another pop-up window came up and in red states: Did you mean seed.net.tw instead of <mydomain>.<xyz>? Please verify. (where mydomain.xyz is my proper email domain).

 

It happened in both Google Chrome and Firefox.  Of note however is if I type in a different email address it does not pop up.  So something in my machine appears to be monitoring when I enter my proper email address.  Grrrr.



#12 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:07 AM

Posted 15 June 2016 - 02:37 PM

Yeah...did get rid of some adware and clean up the many caches/ temporary files...I really don't know what or why such a popup would appear. But if that is all there is to it

and it is possible it is site generated...not something on your computer...I think it is okay to just ignore.

 

Just a suggestion...when I need to use an email address on a new site I always create a new email address for that. That way

I don't have to be concerned about getting spammed on a couple of email addresses I use most often and will know if the new

site is responsible for spam or not. My favorite is Outlook online email...easy to block domains from sending spam. Though I do have

Gmail and Yahoo addresses, too.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:07 AM

Posted 15 June 2016 - 02:45 PM

You do have the option to get a professional opinion by starting a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 derekangel

derekangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 29 June 2016 - 09:40 AM

OK - thanks Buddy215.  I have now done this and will wait to hear if anyone has any thoughts and/or next steps.  The link to the thread is http://www.bleepingcomputer.com/forums/t/618568/wierd-login-prompt-asking-me-to-change-to-taiwan-email-address/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users