Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Somebody may be connected to my home network


  • Please log in to reply
8 replies to this topic

#1 REIDS

REIDS

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 24 January 2017 - 07:23 PM

My wife clicked on a website that brought up a flashing "virus is on your computer" sign. She immediately turned off the computer (hard shut down) and then restarted the computer. Once restarted, she logged onto Amazon and was notified that her username/password had been compromised and that she needed to reset it (evidently hackers will change your default email address so that you change the password and they get the email to go to them and have access to your full account). Anyways, my wife did not fall for this, but I'm concerned that she may have accidently installed malware onto my computer or that somebody is connected into my home network and viewing my computer. Is there somebody that can walk me through checking for these items?
 
I am running Windows 10 Home edition.

Edit: Moved topic from Windows 10 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:36 PM

Posted 25 January 2017 - 07:05 AM

It may be enough to just clean the cache of the browser she was using. But to be safe....use the scans below, too.

 

I would suggest that if there is no ad blocker installed then do that, too. Often legit ad servers are used to show those criminal ads.

Ad Block Plus works well in Firefox, Chrome and IE browsers. Adblock Plus - Chrome Web Store  Adblock Plus :: Add-ons for Firefox

If you are using Edge...Adblock Plus for Edge browser

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 REIDS

REIDS
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 26 January 2017 - 12:46 AM

So I downloaded/installed/ran all programs listed below (FYI - the JRT when downloaded from the BleepingComputer website would not run... gave me an error message stating that this version will not run on this PC). Below are the logs that you have requested.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/25/17
Scan Time: 8:33 PM
Logfile: MBLog.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1101
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: TGOE_Desktop\rstadel

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 490398
Time Elapsed: 21 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 11
PUP.Optional.FilesFrog, HKLM\SOFTWARE\CLASSES\SDP\SHELL\OPEN\COMMAND, Quarantined, [1941], [258347],1.0.1101
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0289C4F4-11CF-4977-ABEA-F67955BED326}, Quarantined, [296], [259410],1.0.1101
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{37C23727-9EA2-461B-A49A-7F1960224E57}, Quarantined, [346], [348601],1.0.1101
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C3F3488-BF37-4D46-AC09-0212CE4BEB0B}, Quarantined, [308], [315079],1.0.1101
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CDE6DAE8-7CAF-472E-B385-2CD5AA12CAF6}, Quarantined, [296], [259410],1.0.1101
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DFFE6F59-B2C4-48BB-ABD1-02A9D8EDBC63}, Quarantined, [296], [259410],1.0.1101
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EDCF1B48-636C-454D-B59C-C1E6EE1D784E}, Quarantined, [346], [259033],1.0.1101
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchSignup, Quarantined, [308], [315080],1.0.1101
PUP.Optional.SysTweak, HKLM\SOFTWARE\WOW6432NODE\Systweak, Quarantined, [321], [327155],1.0.1101
PUP.Optional.SysTweak, HKU\S-1-5-21-1218953989-784211603-2504221690-1000\SOFTWARE\Systweak, Quarantined, [321], [327156],1.0.1101
PUP.Optional.ASK, HKU\S-1-5-21-1218953989-784211603-2504221690-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0F262153-D59D-4D5D-B57D-F2628D261EC3}, Quarantined, [646], [258187],1.0.1101

Registry Value: 8
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0289C4F4-11CF-4977-ABEA-F67955BED326}|PATH, Quarantined, [296], [259410],1.0.1101
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{37C23727-9EA2-461B-A49A-7F1960224E57}|PATH, Quarantined, [346], [348601],1.0.1101
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C3F3488-BF37-4D46-AC09-0212CE4BEB0B}|PATH, Quarantined, [308], [315079],1.0.1101
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CDE6DAE8-7CAF-472E-B385-2CD5AA12CAF6}|PATH, Quarantined, [296], [259410],1.0.1101
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DFFE6F59-B2C4-48BB-ABD1-02A9D8EDBC63}|PATH, Quarantined, [296], [259410],1.0.1101
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EDCF1B48-636C-454D-B59C-C1E6EE1D784E}|PATH, Quarantined, [346], [259033],1.0.1101
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND|ADVANCED SYSTEM PROTECTOR.BAK, Quarantined, [346], [326808],1.0.1101
PUP.Optional.ASK, HKU\S-1-5-21-1218953989-784211603-2504221690-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0F262153-D59D-4D5D-B57D-F2628D261EC3}|URL, Quarantined, [646], [258187],1.0.1101

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.SysTweak, C:\PROGRAMDATA\Systweak, Quarantined, [321], [327152],1.0.1101
PUP.Optional.SysTweak, C:\USERS\RSTADEL\APPDATA\ROAMING\Systweak, Quarantined, [321], [327152],1.0.1101

File: 1
PUP.Optional.MyPCBackup, C:\WINDOWS\SYSTEM32\TASKS\LAUNCHSIGNUP, Quarantined, [308], [315082],1.0.1101

Physical Sector: 0
(No malicious items detected)

(end)

 

AdwCleaner Log

# AdwCleaner v6.042 - Logfile created 25/01/2017 at 21:19:57
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-25.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : rstadel - TGOE_DESKTOP
# Running from : C:\Users\rstadel\AppData\Local\Microsoft\Windows\INetCache\IE\QS47V4YS\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Users\rstadel\AppData\Local\webplayer
[#] Folder deleted on reboot: C:\Users\rstadel\AppData\Local\Webplayer
[-] Folder deleted: C:\Users\rstadel\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF51AD29-5239-441A-B921-E655C8162060}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Key deleted: HKU\S-1-5-21-1218953989-784211603-2504221690-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1218953989-784211603-2504221690-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-1218953989-784211603-2504221690-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1218953989-784211603-2504221690-1000\Software\lucky leap
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1218953989-784211603-2504221690-1000\Software\lucky leap
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key deleted: HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9
[-] Key deleted: HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9433 Bytes] - [25/01/2017 21:19:57]
C:\AdwCleaner\AdwCleaner[R0].txt - [18435 Bytes] - [14/09/2013 15:00:11]
C:\AdwCleaner\AdwCleaner[R1].txt - [885 Bytes] - [14/09/2013 15:08:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [18232 Bytes] - [14/09/2013 15:02:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [9495 Bytes] - [25/01/2017 21:18:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9799 Bytes] ##########

 

Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by rstadel (Administrator) on Wed 01/25/2017 at 21:29:45.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 2

Successfully deleted: C:\Users\rstadel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com (Folder)
Successfully deleted: C:\Users\rstadel\Documents\add-in express (Folder)

 

Registry: 3

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{432684BE-7F67-4366-8F32-FF19C0624BBC} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{432684BE-7F67-4366-8F32-FF19C0624BBC} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/25/2017 at 21:32:50.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:36 PM

Posted 26 January 2017 - 05:45 AM

Haven't had any other user to report that about JRT....thanks...I will inquire further about that.

 

I think it would be best to run two more scans due to the volume of PUPs and adware found.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 REIDS

REIDS
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 29 January 2017 - 11:47 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir Win32/DealPly.EV potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir Win32/DealPly.J potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir a variant of Win32/DealPly.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\uninst.exe.vir a variant of Win32/DealPly.EW potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir Win32/DealPly.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll.vir a variant of Win32/DealPly.EU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rstadel\AppData\Roaming\OpenCandy\FE99D2351E7B43008050AA46586C54B7\WeCare_ASPCA_Standard_p27v1.exe.vir a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\files\ibbnjyvgnlzfdebyimhdeigbbglvkbaf\Uninstall.exe Win32/Somoto.I potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\files\ibbnjyvgnlzfdebyimhdeigbbglvkbaf\AppsHat\WebPlayer.exe Win32/Somoto.I potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Free mp3 Wma Converter\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting
C:\Users\rstadel\.frostwire5\updates\frostwire-setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application cleaned by deleting
C:\Users\rstadel\Downloads\TIE_Fighter_Collector's_CD-ROM,_Windows_7_x64_compatible.exe Win32/Adware.1ClickDownload.AN application cleaned by deleting
C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll a variant of MSIL/Toolbar.Linkury.BM potentially unwanted application cleaned by deleting
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application cleaned by deleting
C:\Windows\Installer\39cb7f.msi a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application deleted
C:\Windows\Installer\MSI7D3A.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
G:\Reids Work Computer\My Downloads\Ricochet Lost Worlds Keygen.zip Win32/Keygen.OO potentially unsafe application deleted

 

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 29.01.2017 20:45:32
Path starting: C:\Users\rstadel\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: rstadel
VersionXML: 3.85is-27.01.2017
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 04.11.2016 01:36:14
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.EXE
SystemDrive: C: FS: [NTFS] Capacity: [448.3 Gb] Used: [285.3 Gb] Free: [163 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.0.6.1469 v.3.0.6.1469
Secunia PSI (2.0.0.4003) v.2.0.0.4003
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.50901.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.0 v.7.0.102 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 65 v.8.0.650.17 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
QuickTime 7 v.7.78.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.19.0.0.213 Warning! Download Update
Adobe Acrobat Reader DC v.15.023.20056
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Internet Explorer\iexplore.exe v.11.0.14393.0
C:\Program Files (x86)\Internet Explorer\iexplore.exe v.11.0.14393.0
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.912
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.415
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.10.14393.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
opensource v.1.0.14960.3876 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------



#6 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:36 PM

Posted 30 January 2017 - 07:10 AM

Uninstall these programs:

opensource v.1.0.14960.3876

Adobe AIR v.19.0.0.213

QuickTime 7 v.7.78.80.95

Eset Online Scanner

Java 8 Update 65 v.8.0.650.17 (most users don't need Java...if you do reinstall it be sure to download from Download Free Java Software

Watch for unwanted programs during installation. Be sure to uncheck those.

 

Open AdwCleaner and choose Uninstall to remove it.

 

Right click on JRT and choose Delete to remove it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 REIDS

REIDS
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 30 January 2017 - 11:37 PM

I was able to remove all items except for opensource... I can't find that program in the Windows Control Panel. I don't ever remember this program being installed. Can you help me find this program and uninstall it?



#8 REIDS

REIDS
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 30 January 2017 - 11:57 PM

Actually, I couldn't find Eset Online Scanner (thought that was only an online scanner, not desktop), AdwCleaner or JRT on the computer... I searched for them in the search bar in windows and checked in my start menu and they weren't there. Am I missing a method of finding these programs?



#9 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:36 PM

Posted 31 January 2017 - 05:53 AM

Unless you intentionally uninstalled both JRT and AdwCleaner they should be seen on your Desktop. It's possible one or both are in your

Download folder if you or someone else haven't uninstalled them. Though they should be on your Desktop.

 

If Eset isn't in your list of installed programs, then you chose to uninstall it when the scan finished.

 

Try unhiding files and then do a search for opensource v.1.0.14960.3876

  1. In the search box on the taskbar, type folder, and then select Show hidden files and folders from the search results.
  2. Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.

Once you have unhidden files do a search for opensource as one word. If that is not successful try open source

Click on Start and in the search box enter one of the search terms.

 

You should keep CCleaner and use it regularly to clean the computer.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users