Sign in to follow this  
Funny Girl

My home page

Recommended Posts

Hi Funny Girl,

 

Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

You're welcome :)

 

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

 

2. Start FRST.

Select Addition.txt.

Scan with FRST and attach the two new log files.

 

 

3. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

I've tried numerous times to run eset.com/onlinescan/ - I do everything they say then after the last pop-up box regarding security warning - I click install then the next message is "an add-on for this website failed to run". I tried to get online help but there's no live person to assist so it wouldn't run. I have attached the other files you requested. What's next?

 

 

AdwCleanerC1.txt

Addition_06-09-2015_07-56-00.txt

FRST_06-09-2015_07-56-00.txt

Share this post


Link to post
Share on other sites

Did you select that AdwCleaner shouldn't delete some folders or did AdwCleaner fail when it tried to delete them?

E.g.

[!] Key Not Deleted : HKU\S-1-5-21-1209626233-1858311023-2878856544-1000\Software\AppDataLow\Software\PriceGong
[!] Key Not Deleted : HKU\S-1-5-21-1209626233-1858311023-2878856544-1000\Software\AppDataLow\Software\Savings Bull

 

If AdwCleaner failed, please try again and start AdwCleaner by right-clicking it and selecting Run as Administrator.

If AdwCleaner deletes more, I need to see new logs from FRST.

Share this post


Link to post
Share on other sites

When I ran AdwCleaner yesterday and sent you the files. I followed your instructions and the only issues that were displayed were CouponPrinterService, netfilter, ReimageRealTimeProtection and YahooAUService. I clicked to clean and there may of been a pop-up saying some files would be deleted so i hit ok. I ran the program again as "Administrator" and nothing showed up so I didn't have to hit clean and therefore nothing is attached. I'm still getting myhomelinkonline just as before.

Share this post


Link to post
Share on other sites

The URL myearthlink.net redirects to myhomelinkonline.com. Maybe you want your home page to be my.earthlink.net (note the dot after "my") since that's a normal portal page.

But since there are some adware in the computer, please start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
URLSearchHook: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000 - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} -  No File
URLSearchHook: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} -  No File
SearchScopes: HKLM -> DefaultScope {94216338-6E2C-41E9-B6F9-7850C466C5B8} URL = 
BHO: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files\GamesBar\2.0.1.53\oberontb.dll No File
Toolbar: HKLM - No Name - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} -  No File
Toolbar: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000 -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} -  No File
Toolbar: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000 -> No Name - {D341D509-49FB-4FF2-9A1B-134056747A7D} -  No File
Toolbar: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000 -> No Name - {9DA1018D-8E68-401A-A32B-694354D68276} -  No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
CHR Extension: (BeFrugal.com Add-On) - C:\Users\Michael Andersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2015-08-11]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\MICHAE~1\AppData\Local\funmoods.crx <not found>
CHR HKU\S-1-5-21-1209626233-1858311023-2878856544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\MICHAE~1\AppData\Local\funmoods.crx <not found>
S3 cpuz134; no ImagePath
S1 UsbFltr; no ImagePath
S2 X6XSEx; no ImagePath
CustomCLSID: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000_Classes\CLSID\{15ea6566-467f-42ae-85d7-0ef80306cbdc}\localserver32 -> C:\Users\MICHAE~1\AppData\Local\Temp\{8b1670c8-dc4a-4ed4-974b-81737a23826b}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0CE0AE44
AlternateDataStreams: C:\ProgramData\Temp:15734396
AlternateDataStreams: C:\ProgramData\Temp:1DA424AA
AlternateDataStreams: C:\ProgramData\Temp:258F3E77
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:337FC984
AlternateDataStreams: C:\ProgramData\Temp:33F9314E
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:3C3DE159
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:4F8BECB9
AlternateDataStreams: C:\ProgramData\Temp:56EE2CAF
AlternateDataStreams: C:\ProgramData\Temp:59320096
AlternateDataStreams: C:\ProgramData\Temp:6355626F
AlternateDataStreams: C:\ProgramData\Temp:A7BCEE7D
AlternateDataStreams: C:\ProgramData\Temp:A98B0BB8
AlternateDataStreams: C:\ProgramData\Temp:ABFCD3CD
AlternateDataStreams: C:\ProgramData\Temp:D3953905
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:F1094E55
AlternateDataStreams: C:\ProgramData\Temp:F2B81C2E
AlternateDataStreams: C:\ProgramData\Temp:F49E02D5
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A
AlternateDataStreams: C:\Users\Michael Andersen\Downloads\adwcleaner_5.005 (1).exe:BDU
AlternateDataStreams: C:\Users\Michael Andersen\Downloads\adwcleaner_5.005 (2).exe:BDU
AlternateDataStreams: C:\Users\Michael Andersen\Downloads\adwcleaner_5.005.exe:BDU
AlternateDataStreams: C:\Users\Michael Andersen\Downloads\FRST.exe:BDU
AlternateDataStreams: C:\Users\Michael Andersen\Downloads\FRST64.exe:BDU
IE trusted site: HKU\S-1-5-21-1209626233-1858311023-2878856544-1000\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files\Coupons
C:\Program Files\CouponXplorer_5zEI
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Users\Michael Andersen\AppData\LocalLow\CouponXplorer_5zEI
C:\Users\Michael Andersen\Favorites\Coupons
C:\Users\Michael Andersen\Favorites\PC Cleaner
C:\Users\Michael Andersen\Favorites\Coupons
C:\Users\Michael Andersen\Favorites\Coupons
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

Share this post


Link to post
Share on other sites

I pasted the file as fixlist.txt on the desktop. When I click fix it says the fixlist.txt has to be in the same folder/directory as the tool and I don't know how to get it there. I typed it in and got the same response. I scanned again and have a new file that was produced. Do you want me to send it? With the myearthlink. I've had this as my home page for over 20 years and never had to put a . after my. I tried it several times and it worked. Thank you so much. Do I still have issues with my files?

Share this post


Link to post
Share on other sites

Please, move FRST program from the Downloads folder, C:\Users\Michael Andersen\Downloads, to the desktop and then run FRST program and click on FIX.

Share this post


Link to post
Share on other sites

When I move FRST I right click and send to desktop. I don't know how else to do it. I ran FRST and nothing then I clicked the box shortcut.txt and additional.txt and files were produced but when I clicked fix it said the file needed to be in the same folder/directory. What am I doing wrong?

Share this post


Link to post
Share on other sites

Do you see both FRST program and fixlist on the desktop?

 

Do you see the file extension ".exe" on the FRST program?

Do you see the file extension ".txt" on the fixlist file?

Share this post


Link to post
Share on other sites

And you start FRST by double-clicking it?

 

Do you see the file extension ".exe" on the FRST program?

Do you see the file extension ".txt" on the fixlist file?

I'm asking to be sure that fixlist doesn't have the name fixlist.txt.txt when file extensions are visible.

Share this post


Link to post
Share on other sites

Strange, but we can try with another program.

 

Save OTL on the Desktop. http://oldtimer.geekstogo.com/OTL.exe
Close all programs.
Double-click OTL to run it.

Click on Quick Scan and do not use the computer while the program runs.

When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Please, attach the two logs.

Share this post


Link to post
Share on other sites

Please, close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.

Start the program OTL, please.
Copy all the lines in the box:

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {94216338-6E2C-41E9-B6F9-7850C466C5B8}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BFCF63D2-AD53-4777-949D-1845597F0C5D}
CHR - Extension: No name found = C:\Users\Michael Andersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp\2013.3.16.15_0\
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll File not found
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.53\oberontb.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9DA1018D-8E68-401A-A32B-694354D68276} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D341D509-49FB-4FF2-9A1B-134056747A7D} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O15 - HKCU\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O18 - Protocol\Handler\linkscanner - No CLSID value found
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:D3953905
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:59320096
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:15734396
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:FC70A22A
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:F2B81C2E
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:2AD33723
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F49E02D5
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:1DA424AA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:56EE2CAF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4F8BECB9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6C6EB3B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A98B0BB8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:337FC984
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:258F3E77
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ABFCD3CD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:3C3DE159
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A7BCEE7D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:6355626F
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:0CE0AE44
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:33F9314E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:F1094E55
:Files
C:\Program Files\Coupons
C:\Program Files\CouponXplorer_5zEI
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Users\Michael Andersen\AppData\LocalLow\CouponXplorer_5zEI
C:\Users\Michael Andersen\Favorites\Coupons
C:\Users\Michael Andersen\Favorites\PC Cleaner
C:\Users\Michael Andersen\Favorites\Coupons
C:\Users\Michael Andersen\Favorites\Coupons
:Commands
[CREATERESTOREPOINT]
[REBOOT]

Please, paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it isn't pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

Share this post


Link to post
Share on other sites

These are the two files it created.

 

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Spider [email protected]%SystemRoot%\system32\gameux.dll,-10061
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Norton Internet [email protected]:\PROGRA~1\NORTON~2\Branding\muis.dll,-102
HP Help and [email protected]:\Windows\Help\OEM\scripts\HELPDT~1.DLL,-101
WildTangent Games App - [email protected]:\PROGRA~1\WILDTA~1\TOUCHP~1\hp\MUILink.exe,-105

 

Share this post


Link to post
Share on other sites

Sorry, that isn't the right files. Please, see what you kind find in c:\_OTL\Moved Files.

Share this post


Link to post
Share on other sites

Please, scan with OTL and attach the new OTL.txt, and I go through it to find out if OTL removed what it should have removed.

Share this post


Link to post
Share on other sites

OTL did its job last time and now there are only a few minor left-overs to remove.

Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.

 

Start the program OTL by right-clicking it and select Run as Administrator.

Copy all the lines in the box:

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (cpuz134)
FF - user.js - File not found
O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
:Commands
[CREATERESTOREPOINT]
[REBOOT]
Paste them into the field Custom Scans/Fixes.

Click on Run Fix.

 

If you are asked to restart the computer do that.

 

Notepad will pop-up with a log. Copy it and paste it into your reply.

If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

If you don't find it, just skip it.

 

Be sure that antivirus programs etc. are active before connecting to internet.

 

Is the computer behaving as it should now?

If yes, I'll post the instruction for how to remove the special cleaning programs you've been using.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this