Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome redirects to a new page


  • Please log in to reply
22 replies to this topic

#1 AFei

AFei

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 25 April 2017 - 11:41 AM

On certain links on chrome, I am getting redirects to pages that are basically pop ups by PC keeper and they are asking me to scan my computer.

 

Here is the screen shot of it.
http://smrtshot.com/i/r1Xl0

There are also other pages it redirects to but this is the ones that it likes to come back to the most.

Im typing from fire fox and there are no pop ups happening. Its only in chrome and its really annoying.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:09 AM

Posted 25 April 2017 - 12:00 PM

Reset Chrome:

 

You can restore your browser settings in Chrome at any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

  1. On your computer, open Chrome.
  2. At the top right, click More > Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the box that appears, click Reset. ​

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 25 April 2017 - 01:21 PM

Funny enough I did all of them except ccleaner, and Junkware, before I read this, but in a weird order.
So here are some of the logs. I did a n extra rescann, and for the other I have to restart my computer, so wait til the other post gets there, and Ill be back with you shortly.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/25/2017
Scan Time: 9:51 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.04.25.05
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Calvin Fei

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365842
Time Elapsed: 4 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Adware.BundleInstaller, C:\Users\Calvin Fei\Downloads\Andy_46.16_66.exe, Quarantined, [ae9b02f36741a690375ba66ae918ae52],

Physical Sectors: 0
(No malicious items detected)


(end)
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/25/2017
Scan Time: 11:10 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.04.25.05
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Calvin Fei

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362759
Time Elapsed: 3 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner v6.046 - Logfile created 25/04/2017 at 09:46:54
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Calvin Fei - CALVIN
# Running from : C:\Users\Calvin Fei\Downloads\adwcleaner_6.046.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Folder Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cknebhggccemgcnbidipinkifmmegdel
Folder Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm


***** [ Files ] *****

File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage
File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal
File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage
File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal
File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]
Key Found:  HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - gngocbkfmikdgphklgmmehbjjlfgdemm
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - aol.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - ask.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - websearch.ask.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - mysearch.avg.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - funshion.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - sjsu.edu
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - painttool-sai.en.softonic.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - netflix.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - mp3-quality-modifier.en.softonic.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - wordpress.org
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - google-sketchup.en.softonic.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Chrome pref Found:  [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [5257 Bytes] - [25/04/2017 09:46:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5330 Bytes] ##########



#4 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 25 April 2017 - 01:36 PM

Ok done
# AdwCleaner v6.046 - Logfile created 25/04/2017 at 11:22:29
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-25.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Calvin Fei - CALVIN
# Running from : C:\Users\Calvin Fei\Downloads\adwcleaner_6.046.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Folder Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm


***** [ Files ] *****

File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage
File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
File Found:  C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - funshion.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - sjsu.edu
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - painttool-sai.en.softonic.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - netflix.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - mp3-quality-modifier.en.softonic.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - wordpress.org
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - websearch.ask.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] - google-sketchup.en.softonic.com
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Chrome pref Found:  [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - gngocbkfmikdgphklgmmehbjjlfgdemm

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5594 Bytes] - [25/04/2017 09:47:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [5421 Bytes] - [25/04/2017 09:46:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [3359 Bytes] - [25/04/2017 11:22:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3432 Bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64
Ran by Calvin Fei (Administrator) on Tue 04/25/2017 at 11:34:05.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel (Folder)
Successfully deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm (Folder)
Successfully deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal (File)
Successfully deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage (File)
Successfully deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal (File)
Successfully deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/25/2017 at 11:34:53.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:09 AM

Posted 25 April 2017 - 02:16 PM

The AdwCleaner log doesn't show you deleted what it found. Please rerun and be sure to click on Clean when scan finishes.

 

After doing that and reboot....does the problem mentioned in your opening post still exists? Have you reset the browser?

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 27 April 2017 - 09:58 AM

After the previous log, it reduced it significantly. It only popup only like once or twice.


After scanning with the log below, I can't tell. Its not poping up when going to another page, so that is a sign.

------------------------------------------
# AdwCleaner v6.046 - Logfile created 27/04/2017 at 07:52:31
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-25.1 [Local]
# Operating System : Windows 8.1  (X64)
# Username : Calvin Fei - CALVIN
# Running from : C:\Users\Calvin Fei\Downloads\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[-] Folder deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cknebhggccemgcnbidipinkifmmegdel
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gngocbkfmikdgphklgmmehbjjlfgdemm


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5594 Bytes] - [25/04/2017 09:47:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [3540 Bytes] - [25/04/2017 11:23:08]
C:\AdwCleaner\AdwCleaner[C3].txt - [1417 Bytes] - [27/04/2017 07:52:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [5421 Bytes] - [25/04/2017 09:46:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [3511 Bytes] - [25/04/2017 11:22:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [1900 Bytes] - [27/04/2017 07:51:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1709 Bytes] ##########
 



#7 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 27 April 2017 - 10:00 AM

Here is the security file.

SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17]
WebSite: www.safezone.cc
DateLog: 27.04.2017 07:59:31
Path starting: C:\Users\Calvin Fei\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Calvin Fei
VersionXML: 4.14is-23.04.2017
___________________________________________________________________________

Windows 8.1(6.3.9600) (x64) Core Lang: English(0409)
Installation date OS: 14.11.2013 02:28:42
LicenseStatus: Office 15, OfficeProPlusR_Retail edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeProPlusR_Grace edition Windows is in Notification mode
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [238.1 Gb] Used: [230 Gb] Free: [8.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18639 [+]
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2017-04-18 04:02:24
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
Account guest is enabled. Not require a password.
---------------------------- [ Antivirus_WMI ] ----------------------------
360 Total Security (enabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
360 Total Security (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
360 Total Security v.9.0.0.1146
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
HitmanPro 3.7 v.3.7.18.284
Malwarebytes Anti-Exploit version 1.9.1.1384 v.1.9.1.1384
herdProtect Anti-Malware Scanner v.1.0
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Unchecky v1.0.2 v.1.0.2
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.40 (64-bit) v.5.40.0
Microsoft Silverlight v.5.1.40728.0 Warning! Download Update
7-Zip 9.20
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.24 v.7.24.104 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 7 Update 76 (64-bit) v.7.0.760 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u131-windows-x64.exe).
Java 8 Update 45 (64-bit) v.8.0.450 Warning! Download Update
Uninstall old version and install new one (jre-8u131-windows-x64.exe).
Java 7 Update 76 v.7.0.760 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u131-windows-i586.exe).
Java 8 Update 45 v.8.0.450 Warning! Download Update
Uninstall old version and install new one (jre-8u131-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
iTunes v.12.1.2.27 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime 7 v.7.77.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.19.0.0.241 Warning! Download Update
Adobe Flash Player 19 NPAPI v.19.0.0.185 Warning! Download Update
Adobe Shockwave Player 12.1 v.12.1.8.158 Warning! Download Update
Adobe Reader XI (11.0.12) v.11.0.12 Warning! Download Update
^Please run Adobe Reader XI and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Google Chrome v.58.0.3029.81
Mozilla Firefox 53.0 (x86 en-US) v.53.0
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.58.0.3029.81
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.53.0.0.6312
------------------ [ AntivirusFirewallProcessServices ] -------------------
HitmanPro Scheduler (HitmanProScheduler) - The service is running
C:\Program Files\HitmanPro\hmpsched.exe v.3.7.0.5
Malwarebytes Anti-Exploit Service (MbaeSvc) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe v.1.9.1.1384
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service has stopped
360 Total Security (QHActiveDefense) - The service is running
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe v.9.0.0.1002
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe v.8.2.0.1000
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe v.9.0.0.1012
---------------------------- [ UnwantedApps ] -----------------------------
Unity Web Player Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 



#8 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:09 AM

Posted 27 April 2017 - 10:30 AM

Suggest you uninstall these programs: (completely shut them down and then use Download Revo Uninstaller Freeware to uninstall)

360 Total Security

HitmanPro 3.7 v.3.7.18.284

herdProtect Anti-Malware Scanner v.1.0

Java 7 Update 76 (64-bit) v.7.0.760  (most users don't need or use Java)

Java 8 Update 45 (64-bit) v.8.0.450

Java 7 Update 76 v.7.0.760

Java 8 Update 45 v.8.0.450

QuickTime 7 v.7.77.80.95

Adobe AIR v.19.0.0.241

Unity Web Player

Skype Click to Call v.8.5.0.9167

 

Update these programs:

Adobe Flash Player 19 NPAPI v.19.0.0.185 Warning! Download Update

Adobe Reader XI (11.0.12) v.11.0.12 Warning! Download Update

 

I see you have Eset Online scanner installed. Run a scan using it and post its results.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 10 May 2017 - 09:16 PM

Hello. Sorry for late reply. I just forgotten about my computer.

 

I turn it on today so I could work on stuff, and then chrome still have a few pop ups. You plan abroad, and  This was before I did the installs and updates, and ESET.

Also strange you wanted me to uninstal 360. Inadequate Infirmary recommended that program, but oh well.

As of current, the ESET is scanning. It was hard to find for some reason, but I found it. Ill post updates when its done. :)



#10 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 30 May 2017 - 05:50 PM

My issue is still not resolve yet. I am still having popup issues with my chrome and I totally forgotten about my post and now its all the way past.

If you want the latest of what I did, here was the past post:

https://www.bleepingcomputer.com/forums/t/645210/chrome-redirects-to-a-new-page/

 

Mod Edit:  Merged topics - Hamluis.


Edited by hamluis, 30 May 2017 - 06:47 PM.


#11 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:09 AM

Posted 31 May 2017 - 07:16 AM

Have you reset Chrome per my first post?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 04 June 2017 - 05:04 PM

i already did, but ill try again.



#13 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:09 AM

Posted 05 June 2017 - 04:16 AM

This has been going on for months. I don't know if you have been using the computer during this time or not. I suggest you rerun all of the

programs in a timely manner and post the results. That will allow me to better suggest a solution.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 06 June 2017 - 01:59 AM

# AdwCleaner v6.047 - Logfile created 05/06/2017 at 23:56:37
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-05.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Calvin Fei - CALVIN
# Running from : C:\Users\Calvin Fei\Downloads\AdwCleaner(1).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[-] Folder deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm


***** [ Files ] *****

[-] File deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage
[-] File deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Codejock.SkinFramework.15.2.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.15.2.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFramework.15.2.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.15.2.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{128507E0-C56F-43C0-BCF1-8193B35FE4C4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{40217CB8-4463-4030-B324-AC6A8075FEC8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{AFA0E6A1-28D7-4F2C-87A7-7266367B4655}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{BD0C1912-66C3-49CC-8B12-7B347BF6C846}


***** [ Web browsers ] *****

[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearch.avg.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: funshion.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: sjsu.edu
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: painttool-sai.en.softonic.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: netflix.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mp3-quality-modifier.en.softonic.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: wordpress.org
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: websearch.ask.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: google-sketchup.en.softonic.com
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cknebhggccemgcnbidipinkifmmegdel
[-] [C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gngocbkfmikdgphklgmmehbjjlfgdemm


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5594 Bytes] - [25/04/2017 09:47:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [3540 Bytes] - [25/04/2017 11:23:08]
C:\AdwCleaner\AdwCleaner[C3].txt - [1788 Bytes] - [27/04/2017 07:52:31]
C:\AdwCleaner\AdwCleaner[C4].txt - [3988 Bytes] - [05/06/2017 23:56:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [5421 Bytes] - [25/04/2017 09:46:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [3511 Bytes] - [25/04/2017 11:22:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [1900 Bytes] - [27/04/2017 07:51:59]
C:\AdwCleaner\AdwCleaner[S3].txt - [4542 Bytes] - [05/06/2017 23:55:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [4353 Bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64
Ran by Calvin Fei (Administrator) on Mon 06/05/2017 at 23:58:03.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\Calvin Fei\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)
Successfully deleted: C:\Windows\SysWOW64\RENCC9B.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/05/2017 at 23:58:58.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by AFei, 06 June 2017 - 02:00 AM.


#15 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 06 June 2017 - 02:01 AM

SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17]
WebSite: www.safezone.cc
DateLog: 06.06.2017 00:00:58
Path starting: C:\Users\Calvin Fei\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Calvin Fei
VersionXML: 4.32is-04.06.2017
___________________________________________________________________________

Windows 8.1(6.3.9600) (x64) Core Lang: English(0409)
Installation date OS: 14.11.2013 02:28:42
LicenseStatus: Office 15, OfficeProPlusR_Retail edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeProPlusR_Grace edition Windows is in Notification mode
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [238.1 Gb] Used: [180.2 Gb] Free: [57.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18666
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2017-05-26 08:11:27
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
Account guest is enabled. Not require a password.
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
ESET Internet Security (enabled and out of date)
---------------------------- [ Firewall_WMI ] -----------------------------
ESET Personal firewall (disabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
ESET Internet Security (enabled and out of date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Internet Security v.10.1.204.0
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Exploit version 1.9.1.1403 v.1.9.1.1403
herdProtect Anti-Malware Scanner v.1.0
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Unchecky v1.0.2 v.1.0.2
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.40 (64-bit) v.5.40.0
Microsoft Silverlight v.5.1.40728.0 Warning! Download Update
7-Zip 9.20
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
iTunes v.12.1.2.27 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 25 NPAPI v.25.0.0.171
Adobe Shockwave Player 12.1 v.12.1.8.158 Warning! Download Update
Adobe Acrobat Reader DC v.17.009.20044
------------------------------- [ Browser ] -------------------------------
Google Chrome v.58.0.3029.110
Mozilla Firefox 53.0.3 (x86 en-US) v.53.0.3
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.53.0.3.6347
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\ESET\ESET Security\egui.exe v.10.1.204.0
ESET Service (ekrn) - The service is running
C:\Program Files\ESET\ESET Security\ekrn.exe v.10.1.204.0
Malwarebytes Anti-Exploit Service (MbaeSvc) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe v.1.9.1.1403
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users