Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with a tricky Virus/Malware/Adware please!


  • Please log in to reply
5 replies to this topic

#1 pecancrunch

pecancrunch

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 March 2017 - 12:55 AM

Hi guys,

 

Turns out my computer has a virus on it. I noticed it when I was on chrome and before I clicked a website it would flash a "Luckystarting.com/ etc etc" on the address bar and then proceed to whatever I searched as per usual. I did some googling and could not find much information about this. I Downloaded Bitdefender, Malwarebytes anti malware, Zemana anti malware, Adwcleaner on other threads and they all removed the threats successfully such as some firefox/chrome shortcuts, some Trojans I believe. However, Adwcleaner has one issue repeating itself.

Adwcleaner finds a file called C:\Users\Public\Documents\temp.dat and can successfully removed it but after I restart my computer and run Adwcleaner, it returns again. I've tried deleting the file manually only to have it reappear later on. I later uninstalled Chrome, cleaned up properly with revo uninstaller, and ran Adwcleaner, to which the same thing is still happening. I reinstalled chrome seeing that the path didn't link to "chrome", popped it open and I still have the same LuckyStarting website crap. Please, somebody help me!

I am paranoid and am using Microsoft IE. Chrome has stored passwords in them, do you think they have been stolen? What should I do to protect myself? 

I will reply here ASAP. Thank you in advance for anyone who can help! I am currently running Windows 7 ultimate.

Please guide me to do a proper clean or what browser I can safely use as we try to solve this!


 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 30 March 2017 - 05:11 AM

Did you delete your Chrome profile which contains your Bookmarks and saved passwords before reinstalling Chrome?

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 pecancrunch

pecancrunch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 March 2017 - 06:45 AM

Did you delete your Chrome profile which contains your Bookmarks and saved passwords before reinstalling Chrome?

 

 

I am not too sure. Before uninstalling, I exported the bookmarks then ran Revo uninstaller to delete and clean the registry of Google Chrome. What should I Do about it?

 

Ok, Ran CC cleaner. Windows startup:

 

No HKCU:Run Akamai NetSession Interface  "C:\Users\Evan\AppData\Local\Akamai\netsession_win.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run DAEMON Tools Lite DT Soft Ltd "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
No HKCU:Run GarenaPlus  "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
No HKCU:Run MiPhoneManager Xiaomi Technology Inc "C:\Users\Evan\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"
No HKCU:Run Pando Media Booster Pando Networks, Inc. C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
Yes HKCU:Run RocketDock  "D:\Program Files (x86)\RocketDock\RocketDock.exe"
No HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Evan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run Zoom  
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Aeria Ignite  "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
No HKLM:Run BigDog305 VM305SNAP C:\Windows\VM305_STI.EXE A4 TECH PC Camera V
No HKLM:Run BlueStacks Agent BlueStack Systems, Inc. C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Yes HKLM:Run Creative SB Monitoring Utility  RunDll32 sbavmon.dll,SBAVMonitor
No HKLM:Run DivXMediaServer DivX, LLC C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
No HKLM:Run DivXUpdate DivX, LLC "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
No HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
No HKLM:Run HP Software Update  C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
No HKLM:Run hpqSRMon  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run LogMeIn Hamachi Ui  "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
No HKLM:Run Lycosa  "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
No HKLM:Run Malwarebytes TrayApp Malwarebytes D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes HKLM:Run MSC  "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run NetTime  C:\Program Files (x86)\NetTime\NetTime.exe
No HKLM:Run Razer Synapse  "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
Yes HKLM:Run RazerGameBooster Razer Inc. D:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
Yes HKLM:Run UpdReg Creative Technology Ltd. C:\Windows\UpdReg.EXE
Yes HKLM:Run VolPanel Creative Technology Ltd "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r
No HKLM:Run XMusic 虾米网 D:\Program Files (x86)\Xiami\XMusic\XMusic.exe -autorun
No HKLM:Run ZAM Copyright 2017. "D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
No Startup Common HP Digital Imaging Monitor.lnk  C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe
Yes Startup Common SteelSeries Engine 3.lnk SteelSeries ApS C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
Yes Startup User Rainmeter.lnk Rainmeter (Open Source Software) D:\Program Files\Rainmeter\Rainmeter.exe
Yes Startup User Stardock ObjectDock.lnk  C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
 

 

Scheduled Task:No Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 Bitdefender C:\Program Files\Bitdefender Agent\WatchDog.exe repair
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {049E9B55-DFD7-4D95-AFD9-16E6479816A5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Evan\Desktop\detect_routers.exe -d C:\Users\Evan\Desktop
Yes Task {1F13ACCB-361A-41B1-A633-DE58DD6A942D}  F:\WBIBX10J.86A.0251.EB.EXE
Yes Task {2BFD37B5-7C3F-405D-8895-EB724665F38C} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Evan\Desktop\Xai_v1.4.2.exe -d C:\Users\Evan\Desktop
Yes Task {77F1CCBA-4D61-4C23-8562-3C1A78F9C590} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Evan\Desktop\PAX X-Fi Go! Pro 2013 V1.00\Audio\VolPanel\setup.exe" -d "C:\Users\Evan\Desktop\PAX X-Fi Go! Pro 2013 V1.00\Audio\VolPanel"
Yes Task {B53B1C10-29BB-4178-9694-31BF950FD4D0} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Evan\Desktop\PAX X-Fi Go! Pro 2013 V1.00\Audio\Drivers\Setup.exe" -d "C:\Users\Evan\Desktop\PAX X-Fi Go! Pro 2013 V1.00\Audio\Drivers"
Yes Task {E1F0E00C-5B09-4060-B5C3-04D11E50BA39}  F:\WBIBX10J.86A.0251.EB.EXE
Yes Task {E9551F64-3728-4484-A198-194BF55FA0E2} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Evan\Desktop\AdobeAIRInstaller.exe -d C:\Users\Evan\Desktop
Yes Task {FCA02AA4-36E9-4639-B649-9CFADF757226}  F:\WBIBX10J.86A.0251.EB.EXE
Yes Task {FF52C763-8AFE-4403-8695-FD87841AF5D4} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "c:\program files (x86)\relevantknowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
 

Installed Programs:

 

7-Zip 9.20  09/11/2012  
7-Zip 9.20 (x64 edition) Igor Pavlov 14/11/2014 3.44 MB 9.20.00.0
A4 TECH PC Camera V A4 06/10/2014  2007.07.30
AC3Filter 2.5b Alexander Vigovsky 09/11/2012 4.39 MB 2.5b
Acrobat.com Adobe Systems Incorporated 09/11/2012 1.60 MB 1.6.65
Adobe Flash Player 17 ActiveX Adobe Systems Incorporated 16/04/2015 6.00 MB 17.0.0.169
Adobe Flash Player 17 NPAPI Adobe Systems Incorporated 19/04/2015 6.00 MB 17.0.0.169
Adobe Reader XI (11.0.03) Adobe Systems Incorporated 11/07/2013 127 MB 11.0.03
Apple Application Support (32-bit) Apple Inc. 10/02/2015 94.3 MB 3.1.1
Apple Application Support (64-bit) Apple Inc. 10/02/2015 108 MB 3.1.1
Apple Mobile Device Support Apple Inc. 10/02/2015 29.3 MB 8.1.0.18
Apple Software Update Apple Inc. 09/11/2012 2.38 MB 2.1.3.127
Audacity 2.0.2 Audacity Team 26/12/2012 43.5 MB 2.0.2
AviSynth 2.6 GPL Public release. 12/07/2016  2.6.0.6
AviSynth+ 2420 The Public 08/03/2017 5.63 MB 2420.0
Bass Audio Decoder (remove only)  09/11/2012  
Battle.net Blizzard Entertainment 23/12/2013  
Bitdefender Agent Bitdefender 26/03/2017  1.0.1
Bitdefender Antivirus Free Bitdefender 26/03/2017  1.0.6.12
BitRaider Streaming Client BitRaider, LLC 02/11/2016  1.3.3.4098
BlueStacks App Player BlueStack Systems, Inc. 09/04/2016 1.82 GB 2.0.2.5623
Bonjour Apple Inc. 09/11/2012 2.00 MB 3.0.0.10
CCleaner Piriform 30/03/2017  5.28
CD Audio Reader Filter (remove only)  09/11/2012  
CopyTrans Suite Remove Only WindSolutions 09/02/2014  2.37
Counter-Strike: Global Offensive Valve 11/12/2014  
CPUID CPU-Z 1.75  16/04/2016 3.92 MB 
CPUID HWMonitor 1.25  21/08/2014 2.49 MB 
Creative System Information Creative Technology Limited 14/10/2014  1.10
DAEMON Tools Lite DT Soft Ltd 15/11/2012  4.46.1.0327
DCoder Image Source (remove only)  09/11/2012  
Defraggler Piriform 16/04/2016  2.21
Discord Hammer & Chisel, Inc. 12/04/2017 49.1 MB 0.0.297
DivX Setup DivX, LLC 13/02/2015  2.7.0.31
Dota 2 Valve  21/05/2013  
DScaler 5 Mpeg Decoders  09/11/2012  
Duelyst Counterplay Games Inc. 12/01/2017  
ESET Online Scanner v3  29/03/2017  
Fallout 3 - NMC's Texture Pack R.G. Mechanics, spider91 03/07/2015  
Fallout 3 - Wasteland Edition R.G. Mechanics, spider91 03/07/2015  
Fallout 4  16/04/2016 1.48 MB 
Fallout Mod Manager 0.13.21 Q, Timeslip 03/07/2015 3.86 MB 
ffdshow v1.3.4533 [2014-09-29]  12/07/2016 13.7 MB 1.3.4533.0
ffdshow x64 v1.3.4533 [2014-09-29]  12/07/2016 15.0 MB 1.3.4533.0
FFMPEG Core Files (remove only)  09/11/2012  
Foxit Reader Foxit Software Inc. 17/02/2017 165 MB 8.2.0.2051
Gabest MPEG Splitter (remove only)  09/11/2012  
Glyph Trion Worlds, Inc. 04/11/2016 158 MB 
Google Chrome Google Inc. 29/03/2017  57.0.2987.110
Google Earth Plug-in Google 20/08/2016 82.7 MB 7.1.5.1557
Grand Theft Auto IV Rockstar Games 10/12/2014  1.00.0000
Grand Theft Auto V R.G. Mechanics, ProZorg_tm 17/06/2015  
GunboundIS Softnyx co.,ltd. 22/05/2013  
Haali Media Splitter  25/10/2014  
Hearthstone Blizzard Entertainment 16/05/2014  
Hearthstone Deck Tracker HearthSim 09/03/2017 18.5 MB 1.1.7
Heroes of the Storm Blizzard Entertainment 17/11/2016  
Intel® Network Connections 17.4.95.0 Intel 09/11/2012 15.2 MB 17.4.95.0
iTunes Apple Inc. 10/02/2015 234 MB 12.1.0.71
Java 7 Update 55 Oracle 10/11/2013 118 MB 7.0.550
K-Lite Codec Pack 10.5.0 Standard  05/06/2014 61.4 MB 10.5.0
LAME v3.99.3 (for Windows)  26/12/2012 1.52 MB 
LAV Filters 0.55.3 Hendrik Leppkes 25/10/2014 25.4 MB 0.55.3
Leawo Video Converter version  5.2.0.1  28/11/2012  
LOOT LOOT Development Team 05/07/2015  0.7.1
MadVR (remove only)  09/11/2012  
Malwarebytes version 3.0.6.1469 Malwarebytes 26/03/2017 150 MB 3.0.6.1469
Microsoft .NET Framework 4.6.1 Microsoft Corporation 26/06/2016 38.8 MB 4.6.01055
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 23/11/2012 31.3 MB 3.5.88.0
Microsoft Games for Windows Marketplace Microsoft Corporation 23/11/2012 6.03 MB 3.5.50.0
Microsoft Office Enterprise 2007 Microsoft Corporation 09/11/2012  12.0.4518.1014
Microsoft Silverlight Microsoft Corporation 14/07/2014 50.7 MB 5.1.30214.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 03/01/2016 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10/11/2013 298 KB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 18/11/2012 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 20/11/2012 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 28/11/2012 2.06 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08/12/2012 594 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30/11/2013 596 KB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 09/11/2012 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 29/12/2015 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Корпорация Майкрософт 26/07/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 28/03/2017  11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Корпорация Майкрософт 28/03/2017  11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 17/06/2015 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 04/11/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 04/11/2016 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 Microsoft Corporation 08/03/2017 25.4 MB 14.0.24212.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 Microsoft Corporation 13/01/2017 21.5 MB 14.0.24210.0
Minecraft1.7.4  12/05/2014  
Minimal ADB and Fastboot version 1.4 Sam Rodberg 12/03/2017 3.02 MB 1.4
Mozilla Firefox 41.0 (x86 en-US) Mozilla 28/09/2015 86.1 MB 41.0
MPC-HC 1.7.11 MPC-HC Team 08/03/2017 42.6 MB 1.7.11
MSXML 4.0 SP3 Parser Microsoft Corporation 23/04/2015 1.47 MB 4.30.2100.0
Mudfish Cloud VPN v4.4.2 Mudfish Networks 04/11/2016  4.4.2
My.com Game Center My.com B.V. 03/11/2016 132 MB 3.190
NarutoOnline 2.4.0.12121 Oasgames, Inc. 30/01/2017  2.4.0.12121
NCSOFT Game Launcher NCSOFT 23/01/2016  
NetTime Mark Griffiths 22/08/2014 1.85 MB 
Nexus Mod Manager Black Tree Gaming 19/04/2016 23.1 MB 0.61.16
NVIDIA Graphics Driver 364.72 NVIDIA Corporation 14/04/2016  364.72
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 14/04/2016  9.15.0428
NyxLauncherIS Softnyx co.,ltd. 22/05/2013 5.79 MB 
Open Broadcaster Software  01/11/2014  
OpenAL  09/01/2013  
OpenSource AVI Splitter (remove only)  09/11/2012  
OpenSource DTS/AC3/DD+ Source Filter (remove only)  09/11/2012  
OpenSource Flash Video Splitter (remove only)  25/10/2014  
Origin Electronic Arts, Inc. 14/09/2013  9.2.1.4399
Overwatch Blizzard Entertainment 25/03/2017  
Overwatch Test Blizzard Entertainment 26/06/2016  
Pando Media Booster Pando Networks Inc. 06/02/2013 5.46 MB 2.6.0.8
Playpark Downloader Asiasoft Online 22/02/2017 876 KB 0.3.6
Prio  14/06/2016  2.0.0.2960
Rainmeter  09/11/2012  2.4 r1678
Razer Game Booster Razer Inc. 20/02/2014 58.3 MB 4.1.59.0
ReClock RedFox Project 08/03/2017  
Revo Uninstaller 2.0.2 VS Revo Group, Ltd. 28/03/2017 21.1 MB 2.0.2
RocketDock 1.3.5 Punk Software 09/11/2012  
Rockstar Games Social Club Rockstar Games 17/06/2015  1.1.6.0
Samsung_MonSetup Samsung 13/04/2016  1.00.0000
Shadowverse Cygames, Inc. 06/03/2017  
Skype™ 7.25 Skype Technologies S.A. 17/07/2016 81.3 MB 7.25.106
Skyrim - Legendary Edition R.G. Mechanics, spider91 20/08/2014  
Sound Blaster X-Fi Go! Pro Creative Technology Limited 14/10/2014  1.0
SpeedFan (remove only)  23/07/2013  
Spotify Spotify AB 04/02/2017  1.0.42.151.g19de0aa6
Steam  09/11/2012  
Steam Valve Corporation 02/03/2017  2.10.91.91
SteelSeries Engine 3.7.3 SteelSeries ApS 03/05/2016  3.7.3
SteelSeries Xai Laser Mouse Steelseries 09/11/2012 21.3 MB 1.4.2
Super Street Fighter IV: Arcade Edition CAPCOM U.S.A., INC 10/12/2014  1.0.0000.129
SVP 4 Free SVP Team 12/07/2016 146 MB 4.0
System Requirements Lab for Intel Husdawg, LLC 09/11/2012 1.02 MB 4.5.11.0
TeamSpeak 3 Client TeamSpeak Systems GmbH 18/11/2012  3.0.6
TeamViewer 12 TeamViewer 28/03/2017  12.0.75813
TechPowerUp GPU-Z TechPowerUp 18/08/2014  
Temp File Cleaner Addpcs, LLC 29/03/2017  4.5.0.74(master)(8d92a0e96285c09fa03691e2b7618aee84c6c2b6)
TeraCopy 2.27 Code Sector 09/11/2012 5.49 MB 
TreeSize Free V3.1 JAM Software 17/09/2014 4.97 MB 3.1
Unity Web Player Unity Technologies ApS 18/04/2013 12.0 MB 
USB PC Camera VC305  06/10/2014  
Vulkan Run Time Libraries 1.0.5.1 LunarG, Inc. 14/04/2016 1.66 MB 1.0.5.1
WeChat 腾讯科技(深圳)有限公司 08/12/2016 79.5 MB 
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) Microsoft 03/05/2016  08/13/2009 2.1.0.1349
Windows Live Essentials Microsoft Corporation 03/01/2016  16.4.3528.0331
WinRAR archiver  09/11/2012  
World of Warcraft Blizzard Entertainment 25/06/2016  
XiaoMiFlash XiaoMi 12/03/2017 41.2 MB 1.0.0
Zemana AntiMalware Zemana Ltd. 28/03/2017 15.3 MB 2.72.0.327
Zoom Zoom Video Communications, Inc. 06/05/2016 9.76 MB 3.5
Zoom Player (remove only)  09/11/2012  
µTorrent BitTorrent Inc. 14/05/2016  3.4.7.42330
小米助手 小米移动软件有限公司 27/06/2015  
虾米音乐 虾米网 08/12/2016  2.0.2.1618
 

 

P.s. Thanks for helping so quickly!
Some side notes: I am usually very careful with these things. The two Chinese apps are totally fine. The problem only started 2/3 days ago.

 


Edited by pecancrunch, 30 March 2017 - 06:48 AM.


#4 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 30 March 2017 - 08:41 AM

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {049E9B55-DFD7-4D95-AFD9-16E6479816A5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Evan\Desktop\detect_routers.exe -d C:\Users\Evan\Desktop
Yes Task {1F13ACCB-361A-41B1-A633-DE58DD6A942D}  F:\WBIBX10J.86A.0251.EB.EXE
Yes Task {2BFD37B5-7C3F-405D-8895-EB724665F38C} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Evan\Desktop\Xai_v1.4.2.exe -d C:\Users\Evan\Desktop
Yes Task {77F1CCBA-4D61-4C23-8562-3C1A78F9C590} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Evan\Desktop\PAX X-Fi Go! Pro 2013 V1.00\Audio\VolPanel\setup.exe" -d "C:\Users\Evan\Desktop\PAX X-Fi Go! Pro 2013 V1.00\Audio\VolPanel"
Yes Task {B53B1C10-29BB-4178-9694-31BF950FD4D0} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Evan\Desktop\PAX X-Fi Go! Pro 2013 V1.00\Audio\Drivers\Setup.exe" -d "C:\Users\Evan\Desktop\PAX X-Fi Go! Pro 2013 V1.00\Audio\Drivers"
Yes Task {E1F0E00C-5B09-4060-B5C3-04D11E50BA39}  F:\WBIBX10J.86A.0251.EB.EXE
Yes Task {E9551F64-3728-4484-A198-194BF55FA0E2} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Evan\Desktop\AdobeAIRInstaller.exe -d C:\Users\Evan\Desktop
Yes Task {FCA02AA4-36E9-4639-B649-9CFADF757226}  F:\WBIBX10J.86A.0251.EB.EXE

 

Delete this Task: Use CCleaner by clicking on it and choosing Delete on the right.

Yes Task {FF52C763-8AFE-4403-8695-FD87841AF5D4} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "c:\program files (x86)\relevantknowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge

 

Old Adobe programs are malware magnets. Important that you either uninstall or update these programs.

Acrobat.com Adobe Systems Incorporated 09/11/2012 1.60 MB 1.6.65
Adobe Flash Player 17 ActiveX Adobe Systems Incorporated 16/04/2015 6.00 MB 17.0.0.169
Adobe Flash Player 17 NPAPI Adobe Systems Incorporated 19/04/2015 6.00 MB 17.0.0.169
Adobe Reader XI (11.0.03) Adobe Systems Incorporated 11/07/2013 127 MB 11.0.03

 

Uninstall These programs:

Java 7 Update 55 Oracle 10/11/2013 118 MB 7.0.550

Microsoft Silverlight Microsoft Corporation 14/07/2014 50.7 MB 5.1.30214.0 (Or update...your choice)

Mozilla Firefox 41.0 (x86 en-US) Mozilla 28/09/2015 86.1 MB 41.0 (Or update...your choice)

Pando Media Booster Pando Networks Inc. 06/02/2013 5.46 MB 2.6.0.8

Playpark Downloader Asiasoft Online 22/02/2017 876 KB 0.3.6

TeamSpeak 3 Client TeamSpeak Systems GmbH 18/11/2012  3.0.6

Unity Web Player Unity Technologies ApS 18/04/2013 12.0 MB

µTorrent BitTorrent Inc. 14/05/2016  3.4.7.42330 (Using uTorrent to download free stuff is VERY risky...more than half of all downloads contain malware and many downloads are illegal.)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 pecancrunch

pecancrunch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 March 2017 - 11:00 PM

Okay, I've Followed your instructions. But my Chrome still routes me to the "luckystarting.com" and its a different profile. What is the next step to fixing this? AdwCleaner still shows a file  C:\Users\Public\Documents\temp.dat as having issues... My browser is being hijacked, what are the next steps to fixing this? Thank you for the reply! Sorry if I take a bit longer to reply, my timezone is GMT +8

 

Ran Adwcleaner, Restarted pc when prompted, Adwcleaner successfully removes files and gives me a log
 

# AdwCleaner v6.045 - Logfile created 31/03/2017 at 12:10:20
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-30.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Evan - EVAN-PC
# Running from : C:\Users\Evan\Downloads\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Evan\AppData\Roaming\clean

***** [ Files ] *****

[-] File deleted: C:\Users\Public\Documents\temp.dat

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

 

***** [ Web browsers ] *****

[-] [C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: Chrome policies deleted
:: Chrome preferences reset: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9604 Bytes] - [28/03/2017 23:13:04]
C:\AdwCleaner\AdwCleaner[C2].txt - [2322 Bytes] - [28/03/2017 23:31:45]
C:\AdwCleaner\AdwCleaner[C3].txt - [1619 Bytes] - [28/03/2017 23:43:12]
C:\AdwCleaner\AdwCleaner[C4].txt - [1838 Bytes] - [29/03/2017 00:00:07]
C:\AdwCleaner\AdwCleaner[C5].txt - [2220 Bytes] - [29/03/2017 00:37:17]
C:\AdwCleaner\AdwCleaner[C6].txt - [2468 Bytes] - [29/03/2017 13:52:05]
C:\AdwCleaner\AdwCleaner[C7].txt - [1655 Bytes] - [31/03/2017 12:10:20]
C:\AdwCleaner\AdwCleaner[R0].txt - [13267 Bytes] - [02/06/2015 00:29:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [10255 Bytes] - [02/06/2015 00:36:51]
C:\AdwCleaner\AdwCleaner[S10].txt - [2349 Bytes] - [29/03/2017 00:48:00]
C:\AdwCleaner\AdwCleaner[S11].txt - [2536 Bytes] - [29/03/2017 13:18:56]
C:\AdwCleaner\AdwCleaner[S12].txt - [2542 Bytes] - [29/03/2017 13:39:56]
C:\AdwCleaner\AdwCleaner[S13].txt - [2646 Bytes] - [29/03/2017 14:00:16]
C:\AdwCleaner\AdwCleaner[S14].txt - [2720 Bytes] - [29/03/2017 17:39:09]
C:\AdwCleaner\AdwCleaner[S15].txt - [2972 Bytes] - [30/03/2017 13:43:07]
C:\AdwCleaner\AdwCleaner[S16].txt - [3046 Bytes] - [31/03/2017 12:09:57]
C:\AdwCleaner\AdwCleaner[S1].txt - [8901 Bytes] - [28/03/2017 23:10:50]
C:\AdwCleaner\AdwCleaner[S2].txt - [2359 Bytes] - [28/03/2017 23:31:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [1718 Bytes] - [28/03/2017 23:39:22]
C:\AdwCleaner\AdwCleaner[S4].txt - [1864 Bytes] - [28/03/2017 23:50:48]
C:\AdwCleaner\AdwCleaner[S5].txt - [1937 Bytes] - [28/03/2017 23:58:15]
C:\AdwCleaner\AdwCleaner[S6].txt - [2084 Bytes] - [29/03/2017 00:07:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [2055 Bytes] - [29/03/2017 00:14:46]
C:\AdwCleaner\AdwCleaner[S8].txt - [2128 Bytes] - [29/03/2017 00:24:24]
C:\AdwCleaner\AdwCleaner[S9].txt - [2329 Bytes] - [29/03/2017 00:37:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [3051 Bytes] ##########


BUT, immediately after restarting, I run AdwCleaner again and still, this file refuses to be deleted and my chrome is still messed up...

here is a screen cap -
https://ibb.co/d8Gmdv


 


Edited by pecancrunch, 30 March 2017 - 11:25 PM.


#6 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 31 March 2017 - 05:55 AM

I think it best if you start a new topic in the Malware Removal Forum by following directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users