Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safesurf Virus


  • Please log in to reply
13 replies to this topic

#1 littlelam16

littlelam16

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 January 2017 - 09:09 AM

Yes, I've seen the numerous other incidents of users being infected by the Safesurf browser hijacker virus. I need help. What should I do?



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:54 AM

Posted 03 January 2017 - 10:49 AM

Welcome to BC...

 

You don't mention using any programs to find and remove what ails your computer...so...start with these to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 littlelam16

littlelam16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 January 2017 - 09:20 PM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/3/17
Scan Time: 4:46 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.917
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: LAMPC\Lauryn Mandy
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377582
Time Elapsed: 6 min, 46 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 29
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1316], [327206],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1316], [332494],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1316], [332494],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1316], [332494],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1316], [327205],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [1316], [327205],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Quarantined, [1316], [327205],1.0.917
PUP.Optional.Reimage, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1316], [327205],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1316], [327193],1.0.917
PUP.Optional.Reimage, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1316], [327203],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1316], [327193],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1316], [336077],1.0.917
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Quarantined, [1669], [331708],1.0.917
PUP.Optional.Reimage, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\Reimage, Quarantined, [1316], [357494],1.0.917
PUP.Optional.SpringFiles, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\SrpnFiles, Quarantined, [3006], [182842],1.0.917
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [132], [-1],0.0.0
PUP.Optional.SpringFiles, HKLM\SOFTWARE\WOW6432NODE\SrpnFiles, Quarantined, [3006], [182876],1.0.917
HackTool.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [341], [320560],1.0.917
PUP.Optional.Reimage, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1316], [327204],1.0.917
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1316], [327193],1.0.917
 
Registry Value: 8
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|IMAGEPATH, Quarantined, [1669], [331708],1.0.917
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, [132], [320556],1.0.917
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, [132], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [132], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [132], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [132], [-1],0.0.0
PUP.Optional.Reimage, HKU\S-1-5-21-51989874-3759090169-2443731556-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1316], [327204],1.0.917
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{532C6974-B310-45A8-BFFC-17C6BB0270C9}|AUTOCONFIGURL, Quarantined, [132], [320554],1.0.917
 
Data Stream: 0
(No malicious items detected)
 
Folder: 1
PUP.Optional.SpringFiles, C:\USERS\LAURYN MANDY\APPDATA\ROAMING\SpringFiles, Quarantined, [3006], [181048],1.0.917
 
File: 6
PUP.Optional.SpyHunter, C:\USERS\LAURYN MANDY\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarantined, [1669], [331753],1.0.917
PUP.Optional.SpeedItUp, C:\WINDOWS\REIMAGE.INI, Quarantined, [1420], [329423],1.0.917
PUP.Optional.NewTabMedia, C:\USERS\LAURYN MANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtab-mediasearch.com_0.localstorage, Quarantined, [1934], [336407],1.0.917
PUP.Optional.SpyHunter, C:\USERS\LAURYN MANDY\DOWNLOADS\SPYHUNTER-INSTALLER (1).EXE, Quarantined, [1669], [331753],1.0.917
PUP.Optional.SpyHunter, C:\WINDOWS\SYSTEM32\DRIVERS\ESGSCANNER.SYS, Quarantined, [1669], [331708],1.0.917
PUP.Optional.InstallCore, C:\USERS\LAURYN MANDY\DOWNLOADS\HITMAN_ABSOLUTION_FREE.EXE, Quarantined, [8], [322336],1.0.917
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v6.041 - Logfile created 03/01/2017 at 17:11:38
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-03.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Lauryn Mandy - LAMPC
# Running from : C:\Users\Lauryn Mandy\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\Lauryn Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Lauryn Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Lauryn Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Lauryn Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Lauryn Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Value deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
[#] Value deleted on reboot: [x64] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Lauryn Mandy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Lauryn Mandy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2140 Bytes] - [03/01/2017 17:11:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [2989 Bytes] - [03/01/2017 17:09:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2286 Bytes] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by Lauryn Mandy (Administrator) on Tue 01/03/2017 at 17:25:34.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/03/2017 at 17:31:07.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
C:\Users\Lauryn Mandy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001cc9 Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Lauryn Mandy\Downloads\ccsetup525 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Lauryn Mandy\Downloads\ccsetup525 (2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Lauryn Mandy\Downloads\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Lauryn Mandy\Downloads\Hitman_Absolution-SKIDROW.iso a variant of Win32/ExpressDownloader.K potentially unwanted application deleted
 


#4 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:54 AM

Posted 04 January 2017 - 05:33 AM

Got rid of a lot of unwanted adware and a rogue program.

 

Do a search on your computer for Enigma....delete what is found.

Desktop > Start > enter Enigma in Search Box

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 littlelam16

littlelam16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 04 January 2017 - 08:18 AM

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run GoogleDriveSync Google "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Yes HKCU:Run iCloudServices Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Lauryn Mandy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:RunOnce Uninstall C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Malwarebytes TrayApp Malwarebytes C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run QLBController Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
Yes HKLM:Run WindowsDefender "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
 
 
3D Builder Microsoft Corporation 12/2/2016 12.0.3131.0
7-Zip 16.02 (x64) Igor Pavlov 16.02
Adobe Acrobat Reader DC Adobe Systems Incorporated 11/4/2016 387 MB 15.020.20042
Adobe Flash Player 24 NPAPI Adobe Systems Incorporated 24.0.0.186
Adobe Photoshop Express Adobe Systems Incorporated 9/28/2016 1.3.1.19
Alarms & Clock Microsoft Corporation 12/13/2016 10.1612.3343.0
App Installer Microsoft Corporation 8/27/2016 1.0.2181.0
Apple Application Support (32-bit) Apple Inc. 12/14/2016 159 MB 5.2
Apple Application Support (64-bit) Apple Inc. 12/14/2016 178 MB 5.2
Apple Mobile Device Support Apple Inc. 11/2/2016 41.6 MB 10.0.1.3
Apple Software Update Apple Inc. 8/26/2016 4.91 MB 2.2.0.150
Audacity 2.1.2 Audacity Team 8/27/2016 2.1.2
Bonjour Apple Inc. 8/26/2016 3.28 MB 3.1.0.1
Calculator Microsoft Corporation 12/14/2016 10.1612.3341.0
Camera Microsoft Corporation 12/13/2016 2016.1101.20.0
Candy Crush Soda Saga king.com 12/22/2016 1.80.600.0
CCleaner Piriform 5.25
ESET Online Scanner v3
FarmVille 2: Country Escape Zynga Inc. 12/13/2016 6.2.1186.0
Feedback Hub Microsoft Corporation 11/17/2016 1.1610.3143.0
Finale NotePad 2012 MakeMusic 12/31/1969 2012..r1.5
Get Office Microsoft Corporation 11/16/2016 17.7608.23501.0
Get Started Microsoft Corporation 12/14/2016 4.2.29.0
Google Chrome Google Inc. 8/26/2016 55.0.2883.87
Google Drive Google, Inc. 12/17/2016 69.2 MB 1.32.4066.7445
Groove Music Microsoft Corporation 12/17/2016 10.16112.10211.0
HP AiO Printer Remote HP Inc. 11/17/2016 65.1.190.0
HP HD Webcam [Fixed] SunplusIT 3.5.8.2
HP Hotkey Support Hewlett-Packard Company 12/31/2014 36.2 MB 5.0.20.1
HP Scan and Capture Hewlett-Packard Company 9/29/2016 40.0.245.0
iCloud Apple Inc. 12/14/2016 166 MB 6.1.0.30
Intel® Control Center Intel Corporation 1.2.1.1010
Intel® Management Engine Components Intel Corporation 8.1.30.1349
Intel® Network Connections Drivers Intel 16.8
iTunes Apple Inc. 12/14/2016 310 MB 12.5.4.42
LSI HDA Modem LSI Corporation 2.2.100
Lurking (v1.0.3) Runneraway 11/16/2016
Mail and Calendar Microsoft Corporation 12/17/2016 17.7714.42037.0
Malwarebytes version 3.0.5.1299 Malwarebytes 1/3/2017 3.0.5.1299
Maps Microsoft Corporation 12/14/2016 5.1611.3342.0
Messaging Microsoft Corporation 8/27/2016 3.19.1001.0
Microsoft Office Microsoft Corporation 6/30/2016 331 MB 15.0.4454.1510
Microsoft Office Excel Viewer Microsoft Corporation 9/11/2016 145 MB 12.0.6219.1000
Microsoft OneDrive Microsoft Corporation 17.3.6720.1207
Microsoft Solitaire Collection Microsoft Studios 12/13/2016 3.12.12120.0
Microsoft Sticky Notes Microsoft Corporation 12/15/2016 1.3.0.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 12/31/2014 1.10 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12/31/2014 1.16 MB 9.0.30729
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/31/2014 18.3 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/31/2014 22.2 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 12.0.21005.1
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 Microsoft Corporation 14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 Microsoft Corporation 14.0.23026.0
Movies & TV Microsoft Corporation 12/14/2016 10.16112.10221.0
Mozilla Firefox 50.1.0 (x86 en-US) Mozilla 50.1.0
Mozilla Maintenance Service Mozilla 50.1.0.6186
Netflix Netflix, Inc. 12/1/2016 6.15.59.0
News Microsoft Corporation 12/23/2016 4.18.41.0
OneNote Microsoft Corporation 12/16/2016 17.7668.57601.0
Paid Wi-Fi & Cellular Microsoft Corporation 9/16/2016 1.1607.6.0
Pandora Pandora Media Inc 11/22/2016 11.1.7.0
People Microsoft Corporation 12/9/2016 10.1.3160.0
Photos Microsoft Corporation 11/22/2016 16.1118.10000.0
Skype Preview Skype 12/15/2016 11.10.145.0
Skype™ 7.30 Skype Technologies S.A. 12/12/2016 166 MB 7.30.105
Spotify Spotify AB 12/24/2016 1.0.45.186.g3b5036d6
Store Microsoft Corporation 12/14/2016 11610.1001.23.0
Store Purchase App Microsoft Corporation 9/28/2016 11608.1000.2431.0
Synaptics Pointing Device Driver Synaptics Incorporated 19.0.12.0
Twitter Twitter Inc. 12/7/2016 5.4.1.0
Unity Web Player Unity Technologies ApS 5.3.7f1
Voice Recorder Microsoft Corporation 12/14/2016 10.1612.3352.0
We Happy Few GOG.com 12/16/2016 2.0.0.2
Weather Microsoft Corporation 12/16/2016 4.18.37.0
Windows 10 Upgrade Assistant Microsoft Corporation 1.4.9200.17354
Xbox Microsoft Corporation 12/22/2016 24.24.20004.0
Xbox 360 SmartGlass Microsoft Corporation 10/8/2016 1.4.3.0
Xbox Identity Provider Microsoft Corporation 8/27/2016 11.19.19003.0
 


#6 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:54 AM

Posted 04 January 2017 - 08:47 AM

Missing...the list of Scheduled Tasks

 

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run iCloudServices Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Lauryn Mandy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:RunOnce Uninstall C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
 
Uninstall these programs:
Candy Crush Soda Saga king.com 12/22/2016 1.80.600.0
ESET Online Scanner v3
Unity Web Player Unity Technologies ApS 5.3.7f1

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 littlelam16

littlelam16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 04 January 2017 - 09:16 AM

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run GoogleDriveSync Google "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Yes HKCU:Run iCloudServices Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Lauryn Mandy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:RunOnce Uninstall C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lauryn Mandy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Malwarebytes TrayApp Malwarebytes C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run QLBController Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
Yes HKLM:Run WindowsDefender "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
 
 
3D Builder Microsoft Corporation 12/2/2016 12.0.3131.0
7-Zip 16.02 (x64) Igor Pavlov 16.02
Adobe Acrobat Reader DC Adobe Systems Incorporated 11/4/2016 387 MB 15.020.20042
Adobe Flash Player 24 NPAPI Adobe Systems Incorporated 24.0.0.186
Adobe Photoshop Express Adobe Systems Incorporated 9/28/2016 1.3.1.19
Alarms & Clock Microsoft Corporation 12/13/2016 10.1612.3343.0
App Installer Microsoft Corporation 8/27/2016 1.0.2181.0
Apple Application Support (32-bit) Apple Inc. 12/14/2016 159 MB 5.2
Apple Application Support (64-bit) Apple Inc. 12/14/2016 178 MB 5.2
Apple Mobile Device Support Apple Inc. 11/2/2016 41.6 MB 10.0.1.3
Apple Software Update Apple Inc. 8/26/2016 4.91 MB 2.2.0.150
Audacity 2.1.2 Audacity Team 8/27/2016 2.1.2
Bonjour Apple Inc. 8/26/2016 3.28 MB 3.1.0.1
Calculator Microsoft Corporation 12/14/2016 10.1612.3341.0
Camera Microsoft Corporation 12/13/2016 2016.1101.20.0
Candy Crush Soda Saga king.com 12/22/2016 1.80.600.0
CCleaner Piriform 5.25
ESET Online Scanner v3
FarmVille 2: Country Escape Zynga Inc. 12/13/2016 6.2.1186.0
Feedback Hub Microsoft Corporation 11/17/2016 1.1610.3143.0
Finale NotePad 2012 MakeMusic 12/31/1969 2012..r1.5
Get Office Microsoft Corporation 11/16/2016 17.7608.23501.0
Get Started Microsoft Corporation 12/14/2016 4.2.29.0
Google Chrome Google Inc. 8/26/2016 55.0.2883.87
Google Drive Google, Inc. 12/17/2016 69.2 MB 1.32.4066.7445
Groove Music Microsoft Corporation 12/17/2016 10.16112.10211.0
HP AiO Printer Remote HP Inc. 11/17/2016 65.1.190.0
HP HD Webcam [Fixed] SunplusIT 3.5.8.2
HP Hotkey Support Hewlett-Packard Company 12/31/2014 36.2 MB 5.0.20.1
HP Scan and Capture Hewlett-Packard Company 9/29/2016 40.0.245.0
iCloud Apple Inc. 12/14/2016 166 MB 6.1.0.30
Intel® Control Center Intel Corporation 1.2.1.1010
Intel® Management Engine Components Intel Corporation 8.1.30.1349
Intel® Network Connections Drivers Intel 16.8
iTunes Apple Inc. 12/14/2016 310 MB 12.5.4.42
LSI HDA Modem LSI Corporation 2.2.100
Lurking (v1.0.3) Runneraway 11/16/2016
Mail and Calendar Microsoft Corporation 12/17/2016 17.7714.42037.0
Malwarebytes version 3.0.5.1299 Malwarebytes 1/3/2017 3.0.5.1299
Maps Microsoft Corporation 12/14/2016 5.1611.3342.0
Messaging Microsoft Corporation 8/27/2016 3.19.1001.0
Microsoft Office Microsoft Corporation 6/30/2016 331 MB 15.0.4454.1510
Microsoft Office Excel Viewer Microsoft Corporation 9/11/2016 145 MB 12.0.6219.1000
Microsoft OneDrive Microsoft Corporation 17.3.6720.1207
Microsoft Solitaire Collection Microsoft Studios 12/13/2016 3.12.12120.0
Microsoft Sticky Notes Microsoft Corporation 12/15/2016 1.3.0.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 12/31/2014 1.10 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12/31/2014 1.16 MB 9.0.30729
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/31/2014 18.3 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/31/2014 22.2 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 12.0.21005.1
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 Microsoft Corporation 14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 Microsoft Corporation 14.0.23026.0
Movies & TV Microsoft Corporation 12/14/2016 10.16112.10221.0
Mozilla Firefox 50.1.0 (x86 en-US) Mozilla 50.1.0
Mozilla Maintenance Service Mozilla 50.1.0.6186
Netflix Netflix, Inc. 12/1/2016 6.15.59.0
News Microsoft Corporation 12/23/2016 4.18.41.0
OneNote Microsoft Corporation 12/16/2016 17.7668.57601.0
Paid Wi-Fi & Cellular Microsoft Corporation 9/16/2016 1.1607.6.0
Pandora Pandora Media Inc 11/22/2016 11.1.7.0
People Microsoft Corporation 12/9/2016 10.1.3160.0
Photos Microsoft Corporation 11/22/2016 16.1118.10000.0
Skype Preview Skype 12/15/2016 11.10.145.0
Skype™ 7.30 Skype Technologies S.A. 12/12/2016 166 MB 7.30.105
Spotify Spotify AB 12/24/2016 1.0.45.186.g3b5036d6
Store Microsoft Corporation 12/14/2016 11610.1001.23.0
Store Purchase App Microsoft Corporation 9/28/2016 11608.1000.2431.0
Synaptics Pointing Device Driver Synaptics Incorporated 19.0.12.0
Twitter Twitter Inc. 12/7/2016 5.4.1.0
Unity Web Player Unity Technologies ApS 5.3.7f1
Voice Recorder Microsoft Corporation 12/14/2016 10.1612.3352.0
We Happy Few GOG.com 12/16/2016 2.0.0.2
Weather Microsoft Corporation 12/16/2016 4.18.37.0
Windows 10 Upgrade Assistant Microsoft Corporation 1.4.9200.17354
Xbox Microsoft Corporation 12/22/2016 24.24.20004.0
Xbox 360 SmartGlass Microsoft Corporation 10/8/2016 1.4.3.0
Xbox Identity Provider Microsoft Corporation 8/27/2016 11.19.19003.0
 

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe


#8 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:54 AM

Posted 04 January 2017 - 09:37 AM

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
 
Please let me know how the computer is performing....and if problem stated in your opening post is solved or not.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 littlelam16

littlelam16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 04 January 2017 - 11:26 AM

I still have a small "Secure Search" bar in Google Chrome, but my computer works fine. What do I do?



#10 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:54 AM

Posted 04 January 2017 - 01:05 PM

You may have to completed uninstall Google Chrome including your profile to remove that. But first try just resetting Chrome. If that fails

to remove the toolbar then back up your bookmarks and do a complete uninstall. Which means uninstalling and when asked you want to remove

your profile, too....say yes.

 

Reset Chrome settings to default

You can restore your browser settings in Chrome at any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

  1. On your computer, open Chrome.
  2. At the top right, click More > Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the box that appears, click Reset. ​

Instructions for backing up Bookmarks: Import or export bookmarks - Chrome Help


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 littlelam16

littlelam16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 04 January 2017 - 08:34 PM

Thank you so much! The toolbar is completely gone.  :thumbup2:



#12 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:54 AM

Posted 04 January 2017 - 08:46 PM

Good...you're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 littlelam16

littlelam16
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 04 January 2017 - 10:00 PM

My apologies, the Secure Search bar has reappeared. What do I need to uninstall? I did everything you said.



#14 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:54 AM

Posted 05 January 2017 - 06:00 AM

Did you save your bookmarks and delete your Chrome profile when uninstalling Chrome?

 

What add-ons to Google Chrome did you install? Other than Chrome...what other programs did you install yesterday?

 

Run the MBAM, AdwCleaner and JRT scans again.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users