Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

websites getting redirected to reimageplus.com in Google Chrome


  • Please log in to reply
6 replies to this topic

#1 clefty123

clefty123

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 19 October 2016 - 05:44 AM

Hello,

 

This doesn't happen too often but numerous times during the past week when I've been browsing on the internet(with Google Chrome), the page will suddenly redirect to reimageplus.com.  The website advertises something about updating Windows drivers or something similar.  Each time I've just skimmed the page and closed the tab without clicking anything.  There might also be another website it redirects to but reimageplus.com was the website it redirected to most recently right before making this thread.

 

I think my laptop might be infected with malware.  I ran Malwarebytes Anti-Malware and Spybot Search and Destroy and neither program found anything.  I also ran a virus scan with ESET and it didn't find anything either.  But I believe I'm infected.

 

Please help, thank you.


Edited by clefty123, 19 October 2016 - 05:47 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:23 PM

Posted 19 October 2016 - 09:03 AM

Use the programs below to clean and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

After doing the above...please do this:

 

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 19 October 2016 - 04:38 PM

Use the programs below to clean and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

After doing the above...please do this:

 

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Thanks for your help.  There was a FREE CCleaner version and a Free Trial of Professional CCleaner.  You didn't specify which to download.  I downloaded the FREE version(not free trial).  I'm not sure if that matters.

 

Here are the lists you requested.  Again thanks.

 

AdwCleaner.txt

 

# AdwCleaner v6.030 - Logfile created 19/10/2016 at 17:20:58
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Derek - DEREK-PC
# Running from : C:\Users\Derek\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: CouponPrinterService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Program Files (x86)\Coupons
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: vlc-media-player.en.softonic.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1540 Bytes] - [19/10/2016 17:20:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [1733 Bytes] - [19/10/2016 17:20:33]
 

 

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1686 Bytes] ##########
 
 
 
JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64 
Ran by Derek (Administrator) on Wed 10/19/2016 at 17:25:26.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 17 
 
Successfully deleted: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\sdrlc9y3.default\extensions\shopearn@prodege.com.xpi (File) 
Successfully deleted: C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CHVCXJ5E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKGDZ9H1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQ6PMJX1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9EWB25E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CHVCXJ5E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKGDZ9H1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQ6PMJX1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9EWB25E (Temporary Internet Files Folder) 
 
Deleted the following from C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\sdrlc9y3.default\prefs.js
user_pref(browser.newtab.url, hxxp://search.swagbucks.com/?f=51);
user_pref(browser.startup.homepage, hxxp://search.swagbucks.com/?f=51);
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8F9FCD9F-1F88-486E-A847-0FE9BC0343F7} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/19/2016 at 17:27:13.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
Windows Startups
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run SpybotSD TeaTimer Safer-Networking Ltd. C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Apoint Alps Electric Co., Ltd. "C:\Program Files\Apoint2K\Apoint.exe"
Yes HKLM:Run BTMTrayAgent Microsoft Corporation rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
Yes HKLM:Run cAudioFilterAgent Conexant Systems, Inc. "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
Yes HKLM:Run Enhanced Performance Keyboard LITE-ON TECHNOLOGY CORP. C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
Yes HKLM:Run Integrated Camera_Monitor SunplusIT, Inc. "C:\Program Files (x86)\Integrated Camera\monitor.exe"
Yes HKLM:Run Lenovo Registration Lenovo, Inc. C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
Yes HKLM:Run LENOVO.TPKNRRES Lenovo Group Limited C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
Yes HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Yes HKLM:Run PWMTRV rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
Yes HKLM:Run SmartAudio Conexant Systems, Inc. "C:\Program Files\CONEXANT\SAII\SACpl.exe" /t
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TpShocks Lenovo. TpShocks.exe
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
 
 
Scheduled Tasks
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DiskUpdate C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 Intel Corporation C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon Intel Corporation "C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" --automatic
Yes Task klcp_update "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=14
Yes Task Maxthon Update Maxthon International ltd. "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" -RunScheduledUpdate
Yes Task PDVDServ12 Task CyberLink Corp. C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
Yes Task PMTask Lenovo Group Limited C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe
Yes Task StartPowerDVDService "C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
Yes Task {3E3B8795-FDB2-45BD-8358-FB767F33A723} Elgato Systems GmbH C:\Program Files (x86)\Elgato\GameCapture\GameCapture.exe
 
 
 
Installed Programs
Adobe AIR Adobe Systems Incorporated 5/1/2016 21.0.0.198
Adobe Flash Player 23 NPAPI Adobe Systems Incorporated 10/12/2016 5.89 MB 23.0.0.185
Adobe Reader XI (11.0.07)  MUI Adobe Systems Incorporated 2/11/2015 632 MB 11.0.07
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2/11/2015 26.6 MB 8.0.916.0
Audacity 2.1.2 Audacity Team 9/4/2016 56.5 MB 2.1.2
CCleaner Piriform 10/19/2016 5.23
Conexant HD Audio Conexant 8/16/2016 8.65.55.62
Coupon Printer for Windows Coupons.com Incorporated 4/1/2016 5.0.1.8
Create Recovery Media Lenovo Group Limited 2/11/2015 8.09 MB 1.20.0.00
CyberLink PowerDVD 12 CyberLink Corp. 2/11/2015 246 MB 12.0.3824.55
DisplayLink Core Software DisplayLink Corp. 2/11/2015 26.8 MB 7.5.54609.0
Dolby Advanced Audio v2 Dolby Laboratories Inc 8/16/2016 2.20 MB 7.2.8000.17
Elgato Game Capture HD Elgato Systems GmbH 8/16/2016 128 MB 2.20.6.1063
ESET Smart Security ESET, spol. s r.o. 4/3/2016 126 MB 9.0.375.0
Game Capture HD v2.3.3.38 Elgato Systems 8/16/2016 2.3.3.38
Game Capture HD60 Pro v1.1.0.149 Elgato Systems 8/16/2016 1.1.0.149
Game Capture HD60 v2.1.1.3 Elgato Systems 8/16/2016 2.1.1.3
Google Chrome Google Inc. 4/1/2016 54.0.2840.59
Integrated Camera SunplusIT 2/11/2015 7.00 MB 3.4.7.36
Intel® Management Engine Components Intel Corporation 2/11/2015 10.0.30.1072
Intel® Processor Graphics Intel Corporation 8/16/2016 10.18.14.4432
Intel® Update Manager Intel Corporation 9/28/2016 23.1 MB 3.4.1942
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 5/19/2015 3.0.1.41
Intel® WiDi Intel Corporation 2/11/2015 77.6 MB 5.0.32.0
Intel® Wireless Bluetooth®(patch version 17.1.1434.2) Intel Corporation 2/11/2015 40.7 MB 17.1.1407.0480
Intel® PROSet/Wireless Software Intel Corporation 2/11/2015 251 MB 17.13.2
Java 8 Update 101 Oracle Corporation 7/24/2016 93.2 MB 8.0.1010.13
K-Lite Codec Pack 12.4.7 Standard KLCP 10/13/2016 77.4 MB 12.4.7
Lenovo Auto Scroll Utility 2/11/2015 2.12
Lenovo Communications Utility Lenovo 2/11/2015 18.0 MB 3.1.16.0
Lenovo Fingerprint Manager Synaptics 4/1/2016 15.4 MB 4.5.327.0
Lenovo Peer Connect SDK Lenovo 2/11/2015 9.69 MB 1.0.0.7
Lenovo QuickControl Lenovo Group Limited 2/11/2015 11.2 MB 2.31
Lenovo QuickDisplay Lenovo Group Limited 2/11/2015 8.01 MB 1.2.11.0
Lenovo Reach Stoneware, Inc. 2/11/2015 56.7 MB 1.1.3.7
Lenovo Registration Lenovo Inc. 2/11/2015 4.09 MB 1.0.3
Lenovo Solution Center Lenovo 6/20/2016 139 MB 3.3.003.00
Lenovo System Update Lenovo 10/19/2016 18.1 MB 5.07.0037
Lenovo USB Graphics Lenovo 2/11/2015 24.0 KB 7.5.54614.0
Lenovo USB3.0 to DVI VGA Monitor Adapter Lenovo 2/11/2015 1.07.17
Lenovo User Guide Lenovo Group Limited 2/11/2015 606 KB 1.0.0009.00
Lenovo Warranty Information Lenovo 2/11/2015 2.23 MB 1.0.0011.00
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 10/6/2016 66.8 MB 2.2.1.1043
Maxthon Cloud Browser Maxthon International Limited 2/11/2015 4.4.2.2000
Message Center Plus Lenovo Group Limited 4/2/2016 2.50 MB 3.3.0004.00
Microsoft .NET Framework 4.6.1 Microsoft Corporation 4/1/2016 38.8 MB 4.6.01055
Microsoft Office Microsoft Corporation 2/11/2015 318 MB 15.0.4569.1506
Microsoft Silverlight Microsoft Corporation 10/12/2016 199 MB 5.1.50901.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2/11/2015 300 KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2/11/2015 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2/11/2015 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 4/30/2016 598 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 Microsoft Corporation 4/30/2016 5.85 MB 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 Microsoft Corporation 4/30/2016 5.11 MB 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 2/11/2015 20.5 MB 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 2/11/2015 17.3 MB 11.0.60610.1
Mozilla Firefox 47.0.1 (x86 en-US) Mozilla 9/8/2016 91.8 MB 47.0.1
Mozilla Maintenance Service Mozilla 9/8/2016 231 KB 47.0.1.6018
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 4/2/2016 1.54 MB 4.30.2117.0
Nitro Pro 9 Nitro 2/11/2015 575 MB 9.5.1.5
On Screen Display 2/11/2015 8.43.00
Power Manager Lenovo Group Limited 4/22/2016 6.68.10
PowerDVD Create CyberLink Corp. 2/11/2015 762 MB 10.0
Realtek Card Reader Realtek Semiconductor Corp. 2/11/2015 6.3.9600.21247
SHAREit Lenovo 4/1/2016 12.6 MB 3.2.0.543
Spybot - Search & Destroy Safer Networking Limited 6/23/2016 1.6.2
ThinkPad OneLink Dock Lenovo 2/11/2015 1.08.30
ThinkPad UltraNav Driver ALPS ELECTRIC CO., LTD. 2/11/2015 25.7 MB 8.216.1616.114
Thinkpad USB 3.0 Ethernet Adapter Driver Lenovo 2/11/2015 7.4.911.2013
ThinkVantage Active Protection System Lenovo 2/11/2015 9.06 MB 1.79.01.03
USB Enhanced Performance Keyboard Lenovo 2/11/2015 11.6 MB 2.0.1.9
Vegas Pro 11.0 Sony 6/23/2016 415 MB 11.0.700
VLC media player VideoLAN 4/7/2016 2.2.1
WaveEditor CyberLink Corp. 2/11/2015 23.8 MB 1.0.1.4514
Windows Driver Package - Intel (e1dexpress) Net  (07/15/2014 12.12.50.7202) Intel 2/11/2015 07/15/2014 12.12.50.7202
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/22/2014 13.5.0.1056) Intel Corporation 2/11/2015 08/22/2014 13.5.0.1056
Windows Driver Package - Lenovo 1.67.08.05 (08/06/2014 1.67.08.05) Lenovo 2/11/2015 08/06/2014 1.67.08.05
WinRAR 5.31 (64-bit) win.rar GmbH 4/3/2016 5.31.0
 

 


Edited by clefty123, 19 October 2016 - 04:40 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:23 PM

Posted 19 October 2016 - 06:15 PM

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run SpybotSD TeaTimer Safer-Networking Ltd. C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Integrated Camera_Monitor SunplusIT, Inc. "C:\Program Files (x86)\Integrated Camera\monitor.exe"
Yes HKLM:Run Lenovo Registration Lenovo, Inc. C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

Yes HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

 

Uninstall these programs:

Adobe AIR Adobe Systems Incorporated 5/1/2016 21.0.0.198 (Uninstall or Update...your choice)

Adobe Reader XI (11.0.07)  MUI Adobe Systems Incorporated 2/11/2015 632 MB 11.0.07 (Uninstall or Update...your choice)
Coupon Printer for Windows Coupons.com Incorporated 4/1/2016 5.0.1.8
Mozilla Firefox 47.0.1 (x86 en-US) Mozilla 9/8/2016 91.8 MB 47.0.1 (Uninstall or Update...your choice)
Mozilla Maintenance Service Mozilla 9/8/2016 231 KB 47.0.1.6018
Spybot - Search & Destroy Safer Networking Limited 6/23/2016 1.6.2 (Lost the favor of security pros long ago)
 
 
You have Eset Smart Security installed but it is not in your Windows Startups....why not?
 
Do you need all three of these?
Game Capture HD v2.3.3.38 Elgato Systems 8/16/2016 2.3.3.38
Game Capture HD60 Pro v1.1.0.149 Elgato Systems 8/16/2016 1.1.0.149
Game Capture HD60 v2.1.1.3 Elgato Systems 8/16/2016 2.1.1.3
 
After completing the above and rebooting....does the Reimage crap still appear? If so, you will need to do a clean uninstall of Chrome. Suggest you
backup your bookmarks first. See instructions for complete uninstall of Chrome which will include uninstalling your Chrome profile, too.
 
  1. On your computer, close all Chrome windows and tabs.
  2. Open the Control Panel:
    • Windows 7 & Vista: Click the Start menu > Control Panel.
    • Windows 8: Point to the top right of your screen. Click Settings > Control Panel.
  3. Click Uninstall a program or Programs and Features.
  4. Double-click Google Chrome.
  5. To delete your profile information, like bookmarks and history, check "Also delete your browsing data."
  6. Click Uninstall.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 19 October 2016 - 06:56 PM

 

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run SpybotSD TeaTimer Safer-Networking Ltd. C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Integrated Camera_Monitor SunplusIT, Inc. "C:\Program Files (x86)\Integrated Camera\monitor.exe"
Yes HKLM:Run Lenovo Registration Lenovo, Inc. C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

Yes HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

 

Uninstall these programs:

Adobe AIR Adobe Systems Incorporated 5/1/2016 21.0.0.198 (Uninstall or Update...your choice)

Adobe Reader XI (11.0.07)  MUI Adobe Systems Incorporated 2/11/2015 632 MB 11.0.07 (Uninstall or Update...your choice)
Coupon Printer for Windows Coupons.com Incorporated 4/1/2016 5.0.1.8
Mozilla Firefox 47.0.1 (x86 en-US) Mozilla 9/8/2016 91.8 MB 47.0.1 (Uninstall or Update...your choice)
Mozilla Maintenance Service Mozilla 9/8/2016 231 KB 47.0.1.6018
Spybot - Search & Destroy Safer Networking Limited 6/23/2016 1.6.2 (Lost the favor of security pros long ago)
 
 
You have Eset Smart Security installed but it is not in your Windows Startups....why not?
 
Do you need all three of these?
Game Capture HD v2.3.3.38 Elgato Systems 8/16/2016 2.3.3.38
Game Capture HD60 Pro v1.1.0.149 Elgato Systems 8/16/2016 1.1.0.149
Game Capture HD60 v2.1.1.3 Elgato Systems 8/16/2016 2.1.1.3
 
After completing the above and rebooting....does the Reimage crap still appear? If so, you will need to do a clean uninstall of Chrome. Suggest you
backup your bookmarks first. See instructions for complete uninstall of Chrome which will include uninstalling your Chrome profile, too.
 
  1. On your computer, close all Chrome windows and tabs.
  2. Open the Control Panel:
    • Windows 7 & Vista: Click the Start menu > Control Panel.
    • Windows 8: Point to the top right of your screen. Click Settings > Control Panel.
  3. Click Uninstall a program or Programs and Features.
  4. Double-click Google Chrome.
  5. To delete your profile information, like bookmarks and history, check "Also delete your browsing data."
  6. Click Uninstall.

 

 

I disabled all the startups you suggested.

 

I'm not sure if I did the Adobe update/uninstall correctly.  I opened Adobe Reader XI program and updated it within the program.  I then uninstalled Adobe AIR Adobe Systems Incorporated program from CCleaner.

 

When I tried to uninstall Coupon Printer it said it could not find the program.  Maybe running CCleaner earlier or the other two programs already uninstalled it?

 

I updated Firefox and uninstalled the Firefox Maintenance Service.  I uninstalled Spybot Search and Destroy.  A popup said "Some elements could not be removed.  These can be manually removed."

 

I uninstalled one of the three Game Capture programs.

 

 

I don't know why ESET is not listed in my startup programs.  ESET does always automatically start every time I turn on my computer.

 

Do you suggest I keep CCleaner installed on my computer?

 

 

I haven't been redirected to that website yet today.  I will update this thread if it happens again.  It wasn't happening often, maybe once per day or once every other day.

 

 

 

 

 

EDIT: I did disable "Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR" from Startups, but when I reopened CCleaner and looked at Startups, I noticed there was a second "Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR", that appeared above the one I distabled, that was enabled.


Edited by clefty123, 19 October 2016 - 06:59 PM.


#6 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:23 PM

Posted 19 October 2016 - 07:21 PM

AdwCleaner removed some Coupon Printer files. So it is dead.

 

Yes, keep CCleaner. Use it often to clean the computer.

 

Perhaps you disabled Eset before running the other scans. Check to be sure it's real time monitoring is enabled.

 

Sounds good...don't hesitate to do a clean uninstall of Chrome if that shows up again.

 

I suggest you install an ad blocker if you haven't done so. I recommend Adblock Plus - Chrome Web Store

Adblock Plus :: Add-ons for Firefox

 

I suggest you block 3rd Party cookies...aka ad/ tracking cookies...from installing. Once blocked, run CCleaner again to remove the ones already installed.

How to disable third-party cookies in all major web browsers


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 boooliyooo

boooliyooo

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 19 October 2016 - 10:19 PM

Hello..

 

Just for your knowledge, you were previously infected by adware. AdwCleaner did the job for you...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users