Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware/Spyware Issue - Chrome crashes [Closed]

Chrome malware spyware adware

  • This topic is locked This topic is locked

#1
arsteige

arsteige

    New Member

  • Member
  • Pip
  • 8 posts

Every time I pull up the internet using my Chrome browser, I get malware/adware which redirects my webpage.  I have McAfee LiveSafe downloaded and I've run multiple scans on my computer and it keeps coming up finding nothing wrong.  Obviously there's a virus somewhere or my browser wouldn't be redirected constantly.   I've attached the 2 logs from the Farbar Recovery Scan Tool for you to view.

 

Please help me find out what the issues are with my computer.  Thank you!!

 

Amanda Ross

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know how the system is after this run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-1528496886-270073939-2523521886-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
2016-03-28 06:30 - 2016-03-28 06:30 - 00003734 _____ C:\Windows\System32\Tasks\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867}
2016-03-28 06:35 - 2016-03-28 06:35 - 00000000 ____D C:\ProgramData\04eeefb3-06b1-0
2016-03-28 06:32 - 2016-03-28 08:30 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-03-28 06:32 - 2016-03-28 06:32 - 00026352 _____ C:\Windows\System32\Tasks\DNSWALTERS
2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\3db04732
2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\04eeefb3-0fb1-0
2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\{0dc0f51b-212c-0}
2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\{07d566bc-112c-1}
2016-03-08 09:02 - 2016-03-08 09:02 - 00003238 _____ C:\Windows\System32\Tasks\{69E6356F-B762-4484-BF69-7E7D9E56FDA6}
2015-11-11 07:25 - 2015-11-11 07:25 - 0000000 _____ () C:\Users\arsteige\AppData\Local\{345231BE-13F9-4289-9B44-389DE3DF5687}
Task: {17674EBE-9091-486A-A4DC-62B1CF717C49} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {2F3C57A6-B828-4BAE-BDFA-AB1BCE33152E} - System32\Tasks\DNSWALTERS => C:\Program Files (x86)\DNS Unlocker\dnswalters.exe <==== ATTENTION
Task: {4767F5A3-C816-4395-A010-62271CA849B2} - System32\Tasks\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867} => C:\Windows\system32\regsvr32.exe [2014-10-28] (Microsoft Corporation)
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
arsteige

arsteige

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here is my Fix log, however my computer will not allow me to download AdwCleaner.  It just keeps "thinking", but nothing happens...  Not sure what to do next..  Thank you for your help!! - Amanda

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by arsteige (2016-03-28 14:11:56) Run:1
Running from C:\Users\arsteige\Downloads
Loaded Profiles: arsteige (Available Profiles: arsteige)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-1528496886-270073939-2523521886-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
2016-03-28 06:30 - 2016-03-28 06:30 - 00003734 _____ C:\Windows\System32\Tasks\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867}
2016-03-28 06:35 - 2016-03-28 06:35 - 00000000 ____D C:\ProgramData\04eeefb3-06b1-0
2016-03-28 06:32 - 2016-03-28 08:30 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-03-28 06:32 - 2016-03-28 06:32 - 00026352 _____ C:\Windows\System32\Tasks\DNSWALTERS
2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\3db04732
2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\04eeefb3-0fb1-0
2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\{0dc0f51b-212c-0}
2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\{07d566bc-112c-1}
2016-03-08 09:02 - 2016-03-08 09:02 - 00003238 _____ C:\Windows\System32\Tasks\{69E6356F-B762-4484-BF69-7E7D9E56FDA6}
2015-11-11 07:25 - 2015-11-11 07:25 - 0000000 _____ () C:\Users\arsteige\AppData\Local\{345231BE-13F9-4289-9B44-389DE3DF5687}
Task: {17674EBE-9091-486A-A4DC-62B1CF717C49} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {2F3C57A6-B828-4BAE-BDFA-AB1BCE33152E} - System32\Tasks\DNSWALTERS => C:\Program Files (x86)\DNS Unlocker\dnswalters.exe <==== ATTENTION
Task: {4767F5A3-C816-4395-A010-62271CA849B2} - System32\Tasks\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867} => C:\Windows\system32\regsvr32.exe [2014-10-28] (Microsoft Corporation)
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:

*****************

Restore point was successfully created.
HKU\S-1-5-21-1528496886-270073939-2523521886-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
C:\Windows\System32\Tasks\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867} => moved successfully
C:\ProgramData\04eeefb3-06b1-0 => moved successfully
C:\Program Files (x86)\DNS Unlocker => moved successfully
C:\Windows\System32\Tasks\DNSWALTERS => moved successfully
C:\ProgramData\3db04732 => moved successfully
C:\ProgramData\04eeefb3-0fb1-0 => moved successfully
C:\ProgramData\{0dc0f51b-212c-0} => moved successfully
C:\ProgramData\{07d566bc-112c-1} => moved successfully
C:\Windows\System32\Tasks\{69E6356F-B762-4484-BF69-7E7D9E56FDA6} => moved successfully
C:\Users\arsteige\AppData\Local\{345231BE-13F9-4289-9B44-389DE3DF5687} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17674EBE-9091-486A-A4DC-62B1CF717C49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17674EBE-9091-486A-A4DC-62B1CF717C49}" => key removed successfully
C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2F3C57A6-B828-4BAE-BDFA-AB1BCE33152E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F3C57A6-B828-4BAE-BDFA-AB1BCE33152E}" => key removed successfully
C:\Windows\System32\Tasks\DNSWALTERS => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSWALTERS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4767F5A3-C816-4395-A010-62271CA849B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4767F5A3-C816-4395-A010-62271CA849B2}" => key removed successfully
C:\Windows\System32\Tasks\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867}" => key removed successfully
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1528496886-270073939-2523521886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1528496886-270073939-2523521886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : BN14.COM

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::949f:bfc9:d81c:624b%3
   Default Gateway . . . . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:46c:2a36:b75f:c90
   Link-local IPv6 Address . . . . . : fe80::46c:2a36:b75f:c90%7
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.centurylink.net:

   Media State . . . . . . . . . . . : Media unoperational
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : BN14.COM

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : centurylink.net
   Link-local IPv6 Address . . . . . : fe80::949f:bfc9:d81c:624b%3
   IPv4 Address. . . . . . . . . . . : 192.168.0.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:c57:225d:3f57:fff5
   Link-local IPv6 Address . . . . . : fe80::c57:225d:3f57:fff5%7
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.centurylink.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : centurylink.net

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{AE37FBE4-B0B1-4AB0-8D78-04FEF538AC13} canceled.
{37E6BF75-F659-40E0-8E15-113CCBBB682F} canceled.
{715B8368-084F-47EE-AEDA-8F20FDD6988E} canceled.
{43EADADD-0FC8-40A7-82BE-B39193CC943D} canceled.
4 out of 4 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 1.8 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 14:18:45 ====


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try MBAM first. Is there a difference in the computers behaviour now ?

JHlUMFt.png Scan with Malwarebytes Anti-Malware
  • Please download Malwarebytes Anti-Malware to your desktop
  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

  • 0

#5
arsteige

arsteige

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Okay, I had to restart my computer in Safe Mode w/Networking to be able to keep the website open long enough to download that program.  The website was redirected, but I was at least able to start the download and run the scans.  Here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/29/2016
Scan Time: 9:05 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.29.03
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: arsteige
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341073
Time Elapsed: 19 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 9
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [3c4b1875f2a75fd7ba2a59f4f50f4cb4], 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [f1963c51a6f391a5bf88473c21e36b95], 
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [fd8ac0cd4a4fd06600476625a85c05fb], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Quarantined, [fb8c2766cfca71c5e814880ddd27d030], 
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [dfa8533a9efb2e0844a0bc910400c63a], 
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [aed9dab36237f442b394cfbce123e51b], 
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Quarantined, [7d0a17769cfde4522f28276e3fc5be42], 
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3DB04732}, Quarantined, [1a6d4746980170c6ed8ba9eda26221df], 
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-1528496886-270073939-2523521886-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [ec9b9af33b5e8fa703417d061be9c43c], 
 
Registry Values: 4
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3db04732}|1, 1459164650, Quarantined, [1a6d4746980170c6ed8ba9eda26221df]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{1FE3A277-8D1E-4323-9012-9D7701651757}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [b6d1ef9e6b2ec3730be7b9d131d31ee2]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{66C31704-E29C-4635-8B69-FCF4480E3D66}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [1275d6b7d9c0d3632fc31971b54f8779]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E0177C47-205F-4461-A398-B656C6CCD952}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [fd8a1b72badfc96d92604b3f966ed62a]
 
Registry Data: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.171 82.163.142.173, Good: (8.8.8.8), Bad: (82.163.143.171 82.163.142.173),Replaced,[0780197454453402ba1e33facd3810f0]
 
Folders: 2
PUP.Optional.Amonetize, C:\ProgramData\dbc01a43-04b1-1, Quarantined, [ea9d414ca0f9bc7aeaa12ff41ae9659b], 
PUP.Optional.Amonetize, C:\ProgramData\dbc01a43-3613-0, Quarantined, [5433fe8fcfcac27499f2180ba85b13ed], 
 
Files: 14
PUP.Optional.BestPriceNinja, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [afd8ef9ea8f1f343e36cef9701031fe1], 
PUP.Optional.BestPriceNinja, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [0a7ddcb14554e6507bd4dfa718ecca36], 
PUP.Optional.eShopComp, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage, Quarantined, [f09769240f8acb6b1d06bad11aea58a8], 
PUP.Optional.eShopComp, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage-journal, Quarantined, [fc8b7914adeca5912201d4b75fa5c040], 
PUP.Optional.eShopComp, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, Quarantined, [95f25538c3d6310558cb3b50f50ffc04], 
PUP.Optional.eShopComp, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, Quarantined, [4a3de9a4e9b001350d16642738cca45c], 
PUP.Optional.CrossRider, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [f196711c6237d85e69ef236b06fe03fd], 
PUP.Optional.CrossRider, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [790ed4b93b5e251181d76e2048bc6c94], 
PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage, Quarantined, [b1d6355831687cba2feb9df6db29a15f], 
PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal, Quarantined, [d9ae3954e0b9d85e8595573c768e8779], 
PUP.Optional.UTop, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_utop.it_0.localstorage, Quarantined, [e3a40687bcddcc6a5f2ebed8b054639d], 
PUP.Optional.UTop, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_utop.it_0.localstorage-journal, Quarantined, [4641454867320531fa935640e71d06fa], 
PUP.Optional.UTop, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, Quarantined, [52353657f2a7f1456f1ed2c4758f5ba5], 
PUP.Optional.UTop, C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, Quarantined, [1374e6a75d3c48ee8ffe187ec440a65a], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Let me know what I need to do now.  I was able to restart my computer normally and the malware program blocks the pop ups that are trying to redirect my webpages, so at least I'm able to use the computer better.  Thank you!! :)

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK can you now download and run AdwCleaner please, that should get the remnants


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Chrome, malware, spyware, adware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP