Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adf.ly link (threadsphere.bid) pop ups on startup


  • This topic is locked This topic is locked
15 replies to this topic

#1 Beckran

Beckran

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 09 April 2018 - 10:40 AM

When i turn on my pc it opens Google Chrome and adf.ly link gets up on the Chrome... could somebody help me cause it slow downs my startup a lot if you want to ask me something about it ask and i'll answer.


Edited by hamluis, 09 April 2018 - 12:00 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:01 AM

Posted 09 April 2018 - 06:48 PM

Welcome to BC....

 

Used the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Beckran

Beckran
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 10 April 2018 - 02:52 PM

Hi, thanks for fast responding here is the Malwarebytes scan file nothing was found 'cause I scan my pc with malwarebytes everyday : 

 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 4/10/18
Scan Time: 4:04 PM
Log File: 22ccabc6-3cc8-11e8-b242-00ff1342d75f.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4680
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: adam-PC\adam
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 265655
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 12 min, 27 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
I used adwcleaner before too and these are all the log files I've got : 
 
 
 
# AdwCleaner 7.0.7.0 - Logfile created on Mon Jan 29 16:39:02 2018
# Updated on 2018/18/01 by Malwarebytes 
# Database: 01-26-2018.4
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\adam\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\adam\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\adam\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\adam\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHive
PUP.Optional.TweakBit, C:\ProgramData\Application Data\BSD\DriverHive
PUP.Optional.TweakBit, C:\Users\All Users\BSD\DriverHive
PUP.Optional.Legacy, C:\ProgramData\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\ProgramData\Application Data\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\Users\All Users\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\Users\adam\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IObit\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.DriverUpdatePlus, [Key] - HKLM\SOFTWARE\BSD
PUP.Optional.DriverUpdatePlus, [Key] - HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\BSD
PUP.Optional.DriverUpdatePlus, [Key] - HKCU\Software\BSD
PUP.Optional.SlimCleanerPlus, [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
PUP.Optional.Auslogics, [Key] - HKLM\SOFTWARE\BSD
PUP.Optional.Auslogics, [Key] - HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\BSD
PUP.Optional.Auslogics, [Key] - HKCU\Software\BSD
PUP.Optional.UpService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics
PUP.Optional.AdService, [Key] - HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\SetupCompany
PUP.Optional.AdService, [Key] - HKCU\Software\SetupCompany
PUP.Optional.AdService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
 
 
 
# AdwCleaner 7.0.7.0 - Logfile created on Mon Jan 29 18:01:52 2018
# Updated on 2018/18/01 by Malwarebytes 
# Database: 01-26-2018.4
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [4605 B] - [2018/1/29 16:40:8]
C:/AdwCleaner/AdwCleaner[S0].txt - [5493 B] - [2018/1/29 16:39:2]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
 
 
 
 
# AdwCleaner 7.0.7.0 - Logfile created on Fri Feb 02 15:15:49 2018
# Updated on 2018/18/01 by Malwarebytes 
# Database: 02-02-2018.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Solvusoft, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
PUP.Optional.Solvusoft, C:\ProgramData\Solvusoft
PUP.Optional.Solvusoft, C:\ProgramData\Application Data\Solvusoft
PUP.Optional.Solvusoft, C:\Windows\System32\config\systemprofile\AppData\Roaming\Solvusoft
PUP.Optional.Solvusoft, C:\Program Files (x86)\Solvusoft
PUP.Optional.Solvusoft, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft
PUP.Optional.Solvusoft, C:\Users\adam\AppData\Roaming\Solvusoft
PUP.Optional.Solvusoft, C:\Users\All Users\Solvusoft
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0570A0D4430B8FD479ED621F12A22CFF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\0570A0D4430B8FD479ED621F12A22CFF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\0570A0D4430B8FD479ED621F12A22CFF
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKCU\Software\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [4605 B] - [2018/1/29 16:40:8]
C:/AdwCleaner/AdwCleaner[C1].txt - [1319 B] - [2018/1/29 18:12:19]
C:/AdwCleaner/AdwCleaner[S0].txt - [5493 B] - [2018/1/29 16:39:2]
C:/AdwCleaner/AdwCleaner[S1].txt - [1159 B] - [2018/1/29 18:1:52]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
 
 
 
 
# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 10 13:56:20 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-04-10.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.DriverDoc, C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}
PUP.Optional.DriverDoc, C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.WinRepairPro, [Key] - HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\win
PUP.Optional.WinRepairPro, [Key] - HKCU\Software\win
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe
PUP.Optional.Solvusoft, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\ProgramData\Solvusoft\Programs Bar\
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [4605 B] - [2018/1/29 16:40:8]
C:/AdwCleaner/AdwCleaner[C1].txt - [1319 B] - [2018/1/29 18:12:19]
C:/AdwCleaner/AdwCleaner[C2].txt - [2343 B] - [2018/2/2 15:16:27]
C:/AdwCleaner/AdwCleaner[S0].txt - [5493 B] - [2018/1/29 16:39:2]
C:/AdwCleaner/AdwCleaner[S1].txt - [1159 B] - [2018/1/29 18:1:52]
C:/AdwCleaner/AdwCleaner[S2].txt - [2377 B] - [2018/2/2 15:15:49]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########
 
 
 
 
 
 
 
Eset online scaner log files: 
 
 
 
 
C:\Users\adam\Desktop\ccsetup541pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\adam\Desktop\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application,a variant of Win32/WebCompanion.B potentially unwanted application cleaned by deleting
C:\Windows\Installer\296626a.msi a variant of Win32/UwS.SlimDrivers.A application deleted
D:\League of Legends\ccsetup536pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
D:\Prevzaté súbory\Malwarebytes Premium 3.2.2.2029.rar a variant of MSIL/HackTool.Crack.V potentially unsafe application deleted
D:\Prevzaté súbory\PowerISO6.exe Win32/FusionCore.L potentially unwanted application,a variant of Win32/FusionCore.P potentially unwanted application cleaned by deleting
D:\Prevzaté súbory\remove-adware-anti-malware-setup.exe a variant of Win32/Auslogics.N potentially unwanted application cleaned by deleting
D:\Prevzaté súbory\Setup_DriverDoc_2016.exe a variant of Win32/UwS.DriverFighter.A application cleaned by deleting
D:\Prevzaté súbory\sr-tasm.iso Win32/Agent.NAN virus deleted
D:\Prevzaté súbory\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application,a variant of Win32/WebCompanion.B potentially unwanted application cleaned by deleting
D:\Prevzaté súbory\The.Amazing.Spider-Man.2.Proper-RELOADED\rld-thamsp2.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application,a variant of Win32/HackTool.Crack.EA potentially unsafe application deleted
 


#4 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:01 AM

Posted 10 April 2018 - 04:51 PM

I suggest you stop using cracked programs and games. You will continue to get infected otherwise. Plus it is illegal.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Beckran

Beckran
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 11 April 2018 - 11:59 AM

Here is the windows file 

 

 

 

No HKCU:Run Advanced SystemCare 11 "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run DAEMON Tools Lite Automount Disc Soft Ltd "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
No HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run PWRISOVM.EXE C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run ZAM "C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe" /minimized
No Startup Common Kaspersky Free.lnk AO Kaspersky Lab C:\PROGRA~2\KASPER~1\KASPER~1.0\avpui.exe 
No Startup User Kaspersky Free.lnk AO Kaspersky Lab C:\PROGRA~2\KASPER~1\KASPER~1.0\avpui.exe 
No Startup User MEGAsync.lnk C:\Users\adam\AppData\Local\MEGAsync\MEGAsync.exe
 
 
 
And here is the scheduled tasks file
 
 
 
 
No Task AVG Driver Updater Scan C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe scheduled
No Task AVG Driver Updater Startup C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe -boot
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} AO Kaspersky Lab C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
Yes Task Sstt2-TaskPlan "%ProgramFiles%\Gaming\YMS 3017\YMS 3017.EXE"
No Task {0133C267-1DC6-4289-8A99-4E1C439E07F7} D:\Prevzaté súbory\PPRO_2.0_Ret-NH_UE\Premiere Pro 2.0\Adobe Premiere Pro\setup.exe
No Task {9572E5AF-FA9A-4D30-9701-80D15AA67227} D:\Prevzaté súbory\PPRO_2.0_Ret-NH_UE\Premiere Pro 2.0\Adobe Premiere Pro\setup.exe
 

 

 

Programs 

 

 

 

 

Action! Mirillis 25. 2. 2018 91,8 MB 2.8.2

Adobe Flash Player 27 PPAPI Adobe Systems Incorporated 11. 10. 2017 19,7 MB 27.0.0.159
Apple Mobile Device Support Apple Inc. 25. 2. 2018 28,0 MB 9.0.0.26
Apple Software Update Apple Inc. 25. 2. 2018 2,40 MB 2.1.4.131
Asmedia ASM106x SATA Host Controller Driver Asmedia Technology 11. 10. 2017 796 KB 3.0.2.0000
Asmedia USB Host Controller Driver Asmedia Technology 1. 11. 2017 5,07 MB 1.16.26.1
Battlerite Stunlock Studios 31. 12. 2017
BlueStacks 3 BlueStack Systems, Inc. 12. 12. 2017 1,29 GB 3.52.67.1911
Bonjour Apple Inc. 25. 2. 2018 2,04 MB 3.0.0.10
CCleaner Piriform 10. 4. 2018 5.41
CpuCoreParking CpuCoreParking 13. 3. 2018 2,39 MB 2.0.1.0
DAEMON Tools Lite Disc Soft Ltd 17. 10. 2017 10.6.0.0283
Epic Games Launcher Epic Games, Inc. 13. 3. 2018 80,2 MB 1.1.144.0
Fraps (remove only) 31. 10. 2017
Google Chrome Spoločnosť Google Inc. 11. 10. 2017 65.0.3325.181
iTunes Apple Inc. 25. 2. 2018 233 MB 12.1.3.6
Java 8 Update 161 Oracle Corporation 3. 2. 2018 100 MB 8.0.1610.12
Java 8 Update 161 (64-bit) Oracle Corporation 3. 2. 2018 114 MB 8.0.1610.12
Kaspersky Free Kaspersky Lab 11. 10. 2017 18.0.0.405
Kaspersky Secure Connection Kaspersky Lab 11. 10. 2017 18.0.0.405
League of Legends Riot Games, Inc 29. 10. 2017 162 MB 1.0
LG United Mobile Drivers LG Electronics 21. 2. 2018 6,80 MB 3.10.1.0
Malwarebytes verzia 3.4.5.2467 Malwarebytes 31. 3. 2018 181 MB 3.4.5.2467
Microsoft .NET Framework 4.7.1 Microsoft Corporation 2. 3. 2018 38,8 MB 4.7.02558
Microsoft PowerPoint 2010 Microsoft Corporation 22. 12. 2017 14.0.7015.1000
Microsoft PowerPoint Viewer Microsoft Corporation 11. 4. 2018 174 MB 14.0.7015.1000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19. 12. 2017 300 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 22. 10. 2017 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14. 10. 2017 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 6. 12. 2017 588 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22. 12. 2017 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 23. 12. 2017 13,8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 23. 12. 2017 15,0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 15. 11. 2017 20,5 MB 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 15. 11. 2017 17,3 MB 11.0.60610.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 29. 1. 2018 20,5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 21. 11. 2017 17,1 MB 12.0.30501.0
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 Microsoft Corporation 13. 3. 2018 25,6 MB 14.12.25810.0
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 Microsoft Corporation 13. 3. 2018 22,1 MB 14.12.25810.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 23. 12. 2017 10.0.50903
Minecraft 1.11.2 + Titan Launcher 3.7.0 Mojang 23. 1. 2018 148 MB 1.11.2
NVIDIA Ovládač zvuku HD 1.3.34.27 NVIDIA Corporation 9. 12. 2017 1.3.34.27
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 NVIDIA Corporation 9. 12. 2017 9.16.0318
OBS Studio OBS Project 25. 2. 2018 21.0.1
Podpora Apple aplikácií (32-bit) Apple Inc. 25. 2. 2018 94,2 MB 3.1.3
Podpora Apple aplikácií(64-bit) Apple Inc. 25. 2. 2018 107 MB 3.1.3
Realtek Ethernet Controller Driver Realtek 11. 10. 2017 7.92.115.2015
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 1. 11. 2017 413 MB 6.0.1.8186
Samsung USB Driver for Mobile Phones Samsung Electronics Co., Ltd. 8. 12. 2017 37,4 MB 1.5.61.0
Shakes and Fidget Playa Games GmbH 28. 10. 2017
Skype verzia 8.13 Skype Technologies S.A. 4. 2. 2018 176 MB 8.13
spacedesk datronicsoft Inc. 29. 3. 2018 3,30 MB 0.9.974.0
SpeedFan (remove only) 25. 3. 2018
Steam Valve Corporation 11. 10. 2017 2.10.91.91
Subnautica 13. 2. 2018 1,48 MB
Team Fortress 2 Valve 6. 4. 2018
TeamViewer 12 TeamViewer 24. 3. 2018 12.0.95388
Tomb Raider Crystal Dynamics 1. 1. 2018
Turmoil Gamious 3. 1. 2018
Unchecky v1.2 Reason Software Company Inc. 8. 4. 2018 1.2
VLC media player VideoLAN 11. 10. 2017 2.2.4
Vulkan Run Time Libraries 1.0.42.1 LunarG, Inc. 11. 10. 2017 1,66 MB 1.0.42.1
WinRAR 5.50 (64-bitová verzia) win.rar GmbH 11. 10. 2017 5.50.0
YMS 3017 AMBUSH Gaming mouse 19. 1. 2018 3,27 MB 1.0
µTorrent BitTorrent Inc. 13. 2. 2018 3.5.1.44332
 


#6 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:01 AM

Posted 11 April 2018 - 12:26 PM

Uninstall these programs:

Java 8 Update 161 Oracle Corporation 3. 2. 2018 100 MB 8.0.1610.12 (Or update to latest version) Most users don't need Java.
Java 8 Update 161 (64-bit) Oracle Corporation 3. 2. 2018 114 MB 8.0.1610.12  (Or update to latest version) Most users don't need Java.
µTorrent BitTorrent Inc. 13. 2. 2018 3.5.1.44332 ( Dangerous to use to download cracked, pirated, free software, videos and music...
over 60% of downloads will be bundled with malware...may be illegal, too. )
 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} AO Kaspersky Lab C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
Yes Task Sstt2-TaskPlan "%ProgramFiles%\Gaming\YMS 3017\YMS 3017.EXE"
 
Disable this Startup: Use CCleaner by clicking on it and choosing Disable on the right.
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
After performing the above and rebooting....let me know of any problems still existing.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Beckran

Beckran
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 12 April 2018 - 02:25 PM

I've uninstalled all programs that you've told me and disabled every task but i didn't found the startup Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" again but maybe it is is because i uninstalled both Java programs before. And it is still showing the ad when i start my pc



#8 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:01 AM

Posted 12 April 2018 - 02:54 PM

Yes, uninstalling Java should of removed that Task.

 

Is Chrome still opening at Startup?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Beckran

Beckran
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 April 2018 - 09:53 AM

Yes it is still opening chrome and ad.fly

#10 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:01 AM

Posted 13 April 2018 - 10:00 AM

If you are not using Google Sync you can forgo resetting it.

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

  • First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png.c04f40073c8950690b "reset sync" button to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the run dialog box.
    • run_command.png.b7de635070cd76eabbc0061d
  • Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
  4. Example of all files and folders selected, except Bookmarks

chrome_files_folders.png.ca8091b73232581


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 Beckran

Beckran
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 April 2018 - 03:45 PM

I have gone trough all of your steps and reseted the chrome and it is still opening on startup😑

#12 Beckran

Beckran
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 April 2018 - 03:47 PM

But the URL changed to restorecosm.bid

#13 Beckran

Beckran
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 April 2018 - 03:54 PM

And I just want to mention i tried all of these programs to try to desinfect my computer : Kaspersky,Malwarebytes,Eset,adwcleaner,JRT,hitmanpro...and it started on Opera my previous browser i changed it because i thinked it will stop it from opening it on startup...and i noticed that it opens that browser what is set to default...and i think it started when i tried this program and some of the other from the company : Advanced System Care from IObit

#14 Beckran

Beckran
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 April 2018 - 04:09 PM

And Driver Updater or something like that

#15 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:01 AM

Posted 13 April 2018 - 05:27 PM

Time to start a new topic.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users