Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by ludashi - unable to run ads removal


  • Please log in to reply
18 replies to this topic

#1 greekboy

greekboy

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 20 August 2016 - 01:17 PM

Hi,

I downloaded a game and somehow it managed to install spyware ludashi.

I managed to remove some of the ad installers but but when I run the ads cleaner it crashed during the process & I don't have a choice but to force start the laptop as it crashes every time.

Any help would be much appreciated


Edited by hamluis, 20 August 2016 - 01:57 PM.
Moved from MRL to Am I Infected, no logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:18 AM

Posted 20 August 2016 - 07:45 PM

First, look for 鲁大师 (HKLM\...\Ludashi_is1) (Version: 5.15.16.1050 - 鲁大师) in your list of installed programs and attempt to uninstall.

 

Use the programs below to clean, remove adware and remove malware. If you are unable to download and scan using these programs then

boot into Safe Mode With Networking and try again to scan with the programs.

If the add-on or program you are attempting use is actually named Ads Cleaner then first attempt to uninstall it.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Edited by buddy215, 20 August 2016 - 07:54 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 greekboy

greekboy
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 21 August 2016 - 07:59 AM

Hello,

 

Thank you for the informations

 

Fistly I remove-uninstall the Ludashi, then I run the ccleaner from the safe mode and the Malwarebytes (you can see it below), but after I run the adwcleaner I tried to clean, and my computer crashes and I couldn't do anything. What should I do?

 

here the text file:


OS: Windows 10
CPU: x64
File System: NTFS
User: andreas-eftyhia
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374965
Time Elapsed: 29 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
(end)

 



#4 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:18 AM

Posted 21 August 2016 - 08:22 AM

Try using Eset Online Scanner in Safe Mode With Networking. Have you tried running the Junkware Removal Tool? If not, try that, too.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 greekboy

greekboy
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 21 August 2016 - 11:58 AM

hello,

I've just finished with the 1) eset scan and 2)JRT. the reports are below. thank you

 

1)

C:\Program Files (x86)\7ntAA28\5i7AA38.dll a variant of Win32/Obfuscated.NHD trojan cleaned by deleting

C:\Program Files (x86)\r7pE8B7\akaE8D6.dll a variant of Win32/Obfuscated.NHD trojan cleaned by deleting
C:\Program Files (x86)\wmvF48B\ck4F48B.dll a variant of Win32/Obfuscated.NHD trojan cleaned by deleting
C:\Users\eutux_000\AppData\Local\Temp\Browser_V5.6.14087.902_r_4644_(Build1608021049).exe a variant of Win32/Taobao.B potentially unwanted application cleaned by deleting
C:\Users\eutux_000\AppData\Local\Temp\nsz3CA7.tmp a variant of Win32/Adware.ConvertAd.AIB application cleaned by deleting
C:\Users\eutux_000\AppData\Local\Temp\setup.exe a variant of Win32/HideBaid.L potentially unwanted application deleted
C:\Users\eutux_000\AppData\Local\Temp\29020875\ic-0.3d620950771df.exe a variant of Win32/HideBaid.L potentially unwanted application deleted
C:\Users\eutux_000\AppData\Roaming\kingsoft\office6\update\down\wpsupdate.exe a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting
C:\Users\eutux_000\Downloads\installers\YTDSetup.exe Win32/Toolbar.Widgi potentially unwanted application deleted
 
 
2)Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by andreas-eftyhia (Limited) on 21/08/2016 at 19:53:11.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Program Files (x86)\webshield (Folder) 
 
 
Registry: 0 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/08/2016 at 19:54:42.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
thank you


#6 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:18 AM

Posted 21 August 2016 - 01:10 PM

Okay....try running  AdwCleaner again.

 

Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it
  • This time, click on Logs
  • From there, go under the Quarantine Log tab, and click on the Export button
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply

After posting the results of the Emsisoft scan...do this:

 

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 21 August 2016 - 01:17 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 greekboy

greekboy
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 22 August 2016 - 09:43 AM

hello again

 

I had the same problem with AdwCleaner.

I continued i u said

1. here is the Emsisoft Emergency Kit report

Emsisoft Emergency Kit - Version 11.9

Quarantine log
 
Date Source Event Detection
22/08/2016 17:20:36 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader Moved to quarantine Application.AdStart (A)
22/08/2016 17:20:36 Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT Moved to quarantine Application.InstallAd (A)
 
 
2. from ccleaner
a. Windows Startups
 
Yes HKCU:Run AppleIEDAV Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run iCloudDrive Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Yes HKCU:Run iCloudPhotos Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Yes HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run RESTART_STICKY_NOTES Microsoft Corporation C:\Windows\System32\StikyNot.exe
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Viber Viber Media S.Ã  r.l. "C:\Users\eutux_000\AppData\Local\Viber\Viber.exe" StartMinimized
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Yes HKLM:Run ASUSPRP ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run DptfPolicyLpmServiceHelper Intel Corporation C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
Yes HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run WebStorage ASUS Cloud Corporation C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe
 
b.Scheduled Tasks
Yes Task ASUS USB Charger Plus ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
Yes Task ATK Package 36D18D69AFC3 ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" -CancelShutdown
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Coerwcult Center "C:\Program Files (x86)\Crecult\Coerwcultcntdnk.exe" {68672485-4D76-4CED-9DA0-0E0B6F62688C} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116}
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task Microsoft Corporation C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
No Task Optimize Start Menu Cache Files-S-1-5-21-1167248410-748786009-773808998-1001
Yes Task UCBrowserUpdater C:\Program Files (x86)\UCBrowser\Application\update_task.exe /update
 
 
c. list of programs installed
- Games App - WildTangent Games 06/01/2016 1.0.3.28
3D Builder Microsoft Corporation 20/07/2016 11.1.9.0
7-Zip 4.65 06/01/2016
Alarms & Clock Microsoft Corporation 23/07/2016 10.1607.1991.0
App connector Microsoft Corporation 06/01/2016 1.3.3.0
Apple Application Support (32-bit) Apple Inc. 15/07/2016 152 MB 4.3.1
Apple Application Support (64-bit) Apple Inc. 15/07/2016 170 MB 4.3.1
Apple Mobile Device Support Apple Inc. 15/07/2016 43.2 MB 9.3.0.15
Apple Software Update Apple Inc. 15/07/2016 4.91 MB 2.2.0.150
ASUS Screen Saver ASUS 20/10/2014 64.0 KB 1.0.3
ASUS Smart Gesture ASUS 21/02/2016 131 MB 4.0.12
ASUS Splendid Video Enhancement Technology ASUS 20/10/2014 14.7 MB 3.01.0003
ASUS USB Charger Plus ASUS 20/10/2014 18.9 MB 3.1.9
ASUS WebStorage ASUS Cloud Corporation 06/01/2016 1.0.24.190
ASUS Welcome ASUSTeK COMPUTER INC. 06/01/2016 1.0.1.0
ATK Package ASUS 20/10/2014 14.1 MB 1.0.0036
Bonjour Apple Inc. 09/03/2016 4.03 MB 3.1.0.1
BS.Player FREE Webteh, d.o.o. 06/01/2016 2.56.1043
Calculator Microsoft Corporation 28/06/2016 10.1605.1582.0
Camera Microsoft Corporation 15/07/2016 2016.404.190.0
Candy Crush Soda Saga king.com 22/06/2016 1.68.500.0
CCleaner Piriform 21/08/2016 5.21
Dropbox Dropbox, Inc. 20/08/2016 170 MB 8.4.19
ESET Online Scanner v3 21/08/2016
Films & TV Microsoft Corporation 22/07/2016 3.6.22511.0
Flipboard Flipboard 20/05/2016 2.1.1.0
Fresh Paint Microsoft Corporation 06/08/2016 3.1.10114.0
Game Explorer Categories - casual WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Game Explorer Categories - enthusiast WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Game Explorer Categories - family WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Game Explorer Categories - kids WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Game Explorer Categories - touch WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Get Office Microsoft Corporation 15/06/2016 17.7031.23501.0
Get Skype Skype 06/01/2016 3.2.1.0
Get Started Microsoft Corporation 23/07/2016 4.0.9.0
Google Chrome Google Inc. 21/08/2016 52.0.2743.116
Groove Music Microsoft Corporation 15/07/2016 3.6.23041.0
IBM SPSS Statistics 20 IBM Corp 16/11/2015 672 MB 20.0.0.0
iCloud Apple Inc. 15/07/2016 270 MB 5.2.1.69
Intel® Dynamic Platform and Thermal Framework Intel Corporation 13/01/2016 1.06 MB 7.1.0.2105
Intel® Management Engine Components Intel Corporation 20/10/2014 9.6.0.1038
Intel® Processor Graphics Intel Corporation 21/10/2014 10.18.10.3496
iTunes Apple Inc. 15/07/2016 282 MB 12.4.1.6
LINE LINE Corporation 03/08/2016 5.3.0.0
Mail and Calendar Microsoft Corporation 20/07/2016 17.6965.41051.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 20/08/2016 66.9 MB 2.2.1.1043
Maps Microsoft Corporation 21/06/2016 5.1606.1670.0
Messaging + Skype Microsoft Corporation 19/04/2016 2.15.20002.0
Microsoft Office Microsoft Corporation 14/05/2014 329 MB 15.0.4569.1506
Microsoft Office Professional Plus 2010 Microsoft Corporation 10/08/2016 40.3 MB 14.0.7015.1000
Microsoft Solitaire Collection Microsoft Studios 16/08/2016 3.11.7293.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16/11/2015 17.6 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16/11/2015 20.3 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 13/02/2015 27.7 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 13/02/2015 22.2 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 13/01/2016 17.3 MB 11.0.61030.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 19/04/2016 25.2 MB 10.0.50903
Microsoft WiFi Microsoft Corporation 04/05/2016 1.1604.4.0
MPC-HC 1.7.8 (64-bit) MPC-HC Team 08/02/2015 39.1 MB 1.7.8
MSN Food & Drink Microsoft Corporation 06/01/2016 3.0.4.336
MSN Health & Fitness Microsoft Corporation 06/01/2016 3.0.4.336
MSN Travel Microsoft Corporation 06/01/2016 3.0.4.336
Music Maker Jam MAGIX 27/04/2016 2.3.1050.0
Netflix Netflix, Inc. 20/07/2016 6.11.33.0
NVIDIA Graphics Driver 333.02 NVIDIA Corporation 20/10/2014 390 MB 333.02
NVIDIA PhysX System Software 9.13.1220 NVIDIA Corporation 20/10/2014 78.2 MB 9.13.1220
OneNote Microsoft Corporation 16/08/2016 17.7167.57861.0
People Microsoft Corporation 22/07/2016 10.0.11902.0
Phone Microsoft Corporation 03/06/2016 2.17.27003.0
Phone Companion Microsoft Corporation 23/07/2016 10.1607.1991.0
Photos Microsoft Corporation 16/08/2016 16.722.10060.0
Popcorn Time Popcorn Time 09/11/2015 178 MB 5.4.0.0
Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Communications 20/10/2014 189 MB 8.0.1.326
Qualcomm Atheros Client Installation Program Qualcomm Atheros 20/10/2014 41.1 MB 10.0
Reader Microsoft Corporation 09/08/2016 6.4.9926.18431
Realtek Card Reader Realtek Semiconductor Corp. 20/10/2014 43.1 MB 6.2.9200.39048
Realtek Ethernet Controller Driver Realtek 20/10/2014 15.4 MB 8.33.529.2014
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13/01/2016 36.8 MB 6.0.1.7224
Samsung Printer Live Update Samsung Electronics Co., Ltd. 06/01/2016 1.01.00:04(2013-04-22)
Skype Click to Call Microsoft Corporation 28/05/2016 32.0 MB 8.3.0.9150
Skype™ 7.25 Skype Technologies S.A. 06/08/2016 119 MB 7.25.106
Store Microsoft Corporation 04/05/2016 11602.1.26.0
Sway Microsoft Corporation 12/08/2016 17.7341.45171.0
TeamViewer 11 TeamViewer 10/08/2016 103 MB 11.0.55321
Twitter Twitter Inc. 06/08/2016 5.2.0.0
UoA OpenVPN 2.1_rc20 06/01/2016 2.1_rc20
Viber Viber Media Inc 06/01/2016 5.2.0.2529
VideoLAN VLC media player 0.8.6a VideoLAN Team 06/01/2016 0.8.6a
Voice Recorder Microsoft Corporation 22/07/2016 10.1607.1891.0
Weather Microsoft Corporation 30/06/2016 4.11.156.0
WebStorage ASUS Cloud Corporation 13/01/2016 30.9 MB 2.1.2.301
WildTangent Games App WildTangent 13/01/2016 6.12 MB 4.0.11.2
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) ASUS 21/02/2016 11/11/2015 1.0.0.262
Windows Reading List Microsoft Corporation 19/06/2016 6.3.9654.21234
Windows Scan Microsoft Corporation 06/01/2016 6.3.9654.17133
WinFlash ASUS 20/10/2014 1.68 MB 2.42.0
WinRAR archiver 06/01/2016
Xbox Microsoft Corporation 31/07/2016 19.19.28029.0
YTD Video Downloader 4.8.9 GreenTree Applications SRL 13/01/2016 28.9 MB 4.8.9
Zinio Reader Zinio LLC 06/01/2016 2.1.0.317
Zotero Standalone 4.0.28 (x86 en-US) Zotero 10/05/2016 83.2 MB 4.0.28
Αθλητισμός Microsoft Corporation 29/07/2016 4.12.207.0
Ειδήσεις Microsoft Corporation 30/06/2016 4.11.156.0
Οικονομία Microsoft Corporation 30/06/2016 4.11.156.0
 
 
I realised another problem when the ludashi appears....
When i open my google chrome i have a error message  (failed to load the extention from a file), and then google chrome opens like www.9o0gle.com
 
I have tried to uninstall chrome and install it again but nothing happens.
 
thank you 


#8 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:18 AM

Posted 22 August 2016 - 10:14 AM

When you say you have tried to uninstall Google Chrome and nothing happens...do you mean it doesn't uninstall or after reinstall you still see the problem?

 

Uninstall AdwCleaner by opening it and choosing Uninstall. Reboot and install AdwCleaner. Sometimes a bad download could be the cause.

 

Use Download Revo Uninstaller Freeware to uninstall Chrome and allow it to uninstall all of it including your Chrome profile.

 

While you are doing the above I will review the items in your last post.

 

A quick glance I see these:

Αθλητισμός Microsoft Corporation 29/07/2016 4.12.207.0
Ειδήσεις Microsoft Corporation 30/06/2016 4.11.156.0
Οικονομία Microsoft Corporation 30/06/2016 4.11.156.0
 
If you did not download those intentionally from Microsoft then uninstall them.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 greekboy

greekboy
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 22 August 2016 - 10:53 AM

hi,

I meen that  after reinstall I had still saw the problem. 

ok i'll try to Download Revo Uninstaller Freeware.

thnx



#10 greekboy

greekboy
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 22 August 2016 - 11:05 AM

hi, 

i am trying to uninstall chrome and i am asked (on found leftovers registry items) to select and delete some items (linked with chrome). what should i do?



#11 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:18 AM

Posted 22 August 2016 - 11:19 AM

Allow them to be deleted.

 

Also UC Browser and Candy Crush.....delete/ uninstall those if they are listed in Revo.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 greekboy

greekboy
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 22 August 2016 - 11:29 AM

now, where from i'll download chrome??


Edited by greekboy, 22 August 2016 - 11:29 AM.


#13 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:18 AM

Posted 22 August 2016 - 11:32 AM

Chrome Browser


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:18 AM

Posted 22 August 2016 - 11:49 AM

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run AppleIEDAV Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run iCloudDrive Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Yes HKCU:Run iCloudPhotos Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Yes HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run RESTART_STICKY_NOTES Microsoft Corporation C:\Windows\System32\StikyNot.exe
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Yes HKLM:Run ASUSPRP ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
Yes HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run WebStorage ASUS Cloud Corporation C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe
 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task Coerwcult Center "C:\Program Files (x86)\Crecult\Coerwcultcntdnk.exe" {68672485-4D76-4CED-9DA0-0E0B6F62688C} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116}
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task OneDrive Standalone Update Task Microsoft Corporation C:\Users\eutux_000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Yes Task UCBrowserUpdater C:\Program Files (x86)\UCBrowser\Application\update_task.exe /update
 
Uninstall these programs:
- Games App - WildTangent Games 06/01/2016 1.0.3.28
BS.Player FREE Webteh, d.o.o. 06/01/2016 2.56.1043
Candy Crush Soda Saga king.com 22/06/2016 1.68.500.0
ESET Online Scanner v3 21/08/2016
Game Explorer Categories - casual WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Game Explorer Categories - enthusiast WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Game Explorer Categories - family WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Game Explorer Categories - kids WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Game Explorer Categories - touch WildTangent, Inc. 13/01/2016 3.96 MB 3.2.0.6
Popcorn Time Popcorn Time 09/11/2015 178 MB 5.4.0.0
Skype Click to Call Microsoft Corporation 28/05/2016 32.0 MB 8.3.0.9150
TeamViewer 11 TeamViewer 10/08/2016 103 MB 11.0.55321 (Keep if you installed it and use it)
Viber Viber Media Inc 06/01/2016 5.2.0.2529 (you have Skype...)
WildTangent Games App WildTangent 13/01/2016 6.12 MB 4.0.11.2
YTD Video Downloader 4.8.9 GreenTree Applications SRL 13/01/2016 28.9 MB 4.8.9

Edited by buddy215, 22 August 2016 - 11:50 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 greekboy

greekboy
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 22 August 2016 - 12:21 PM

ok. thank you. Is anything else that i have to do?

 

there is the same error on google chrome after the restart.


Edited by greekboy, 22 August 2016 - 12:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users