Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unwanted Tabs Open in Browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 7th, 2014, 7:46 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 15:42 on 07/10/2014 by karen
Administrator - Elevation successful

========== filefind ==========

Searching for "*Activeris AntiMalware*"
No files found.

Searching for "*eaSytooShop*"
C:\zoek_backup\C_Users_karen_AppData_LocalLow_{C33601E2-6589-A9B0-E1DD-D2257A04E70B}\eaSytooShop.2.8.dat --a---- 207120 bytes [20:14 07/10/2014] [11:42 04/10/2014] C9D9B6668E7EFBC785FBA2AEADA91DA8
C:\zoek_backup\C_Users_karen_AppData_LocalLow_{C33601E2-6589-A9B0-E1DD-D2257A04E70B}\{C33601E2-6589-A9B0-E1DD-D2257A04E70B}\eaSytooShop.2.8.dat --a---- 90449 bytes [20:14 07/10/2014] [22:07 16/09/2014] C6682C5B12DEA0D0FC4D56E99777D3CF
C:\zoek_backup\C_Users_karen_AppData_Local_Packages_windows_ie_ac_001_AC_{C33601E2-6589-A9B0-E1DD-D2257A04E70B}\eaSytooShop.2.8.dat --a---- 122 bytes [20:14 07/10/2014] [20:56 28/07/2014] 4A9158E40A12AE79F69FFC28EBFD5629

Searching for "*Performancer*"
No files found.

Searching for "*PProeShopper*"
C:\zoek_backup\C_Users_karen_AppData_LocalLow_{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693}\PProeShopper.2.8.dat --a---- 253778 bytes [20:14 07/10/2014] [11:42 04/10/2014] F81884B0EA36F0DF62B31495371DC051
C:\zoek_backup\C_Users_karen_AppData_Local_Packages_windows_ie_ac_001_AC_{BB1AB6B4-5D78-BD70-AD34-9DD8499FC693}\PProeShopper.2.8.dat --a---- 122 bytes [20:14 07/10/2014] [01:07 23/06/2014] 4A9158E40A12AE79F69FFC28EBFD5629

Searching for "*saveeoron*"
C:\zoek_backup\C_Users_karen_AppData_LocalLow_{551383EC-19FE-BD95-6856-39F1EE94B066}\saveeoron.2.8.dat --a---- 256194 bytes [20:14 07/10/2014] [18:07 06/10/2014] C18CD072972EA10A256B28C036D8F8ED
C:\zoek_backup\C_Users_karen_AppData_Local_Packages_windows_ie_ac_001_AC_{551383EC-19FE-BD95-6856-39F1EE94B066}\saveeoron.2.8.dat --a---- 122 bytes [20:14 07/10/2014] [18:05 08/07/2014] 4A9158E40A12AE79F69FFC28EBFD5629

Searching for "*siavinshop*"
No files found.

Searching for "*superfish.com*"
C:\AdwCleaner\Quarantine\C\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal.vir --a---- 3608 bytes [18:12 05/06/2014] [18:12 05/06/2014] 47CBB8282C545ABC33A192C4947730D9
C:\AdwCleaner\Quarantine\C\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage.vir --a---- 3072 bytes [18:12 05/06/2014] [18:12 05/06/2014] 91B76A0BB7657F4C9473DE80BC48F887

Searching for "*unicoupons*"
No files found.

Searching for "*WildWestCoupon*"
No files found.

========== folderfind ==========

Searching for "*Activeris AntiMalware*"
No folders found.

Searching for "*eaSytooShop*"
No folders found.

Searching for "*Performancer*"
No folders found.

Searching for "*PProeShopper*"
No folders found.

Searching for "*saveeoron*"
No folders found.

Searching for "*siavinshop*"
No folders found.

Searching for "*superfish.com*"
No folders found.

Searching for "*unicoupons*"
No folders found.

Searching for "*WildWestCoupon*"
No folders found.

========== Regfind ==========

Searching for "Activeris AntiMalware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1]
"UninstallString"=""C:\Program Files (x86)\Activeris AntiMalware\unins000.exe" /silent"

Searching for "eaSytooShop"
No data found.

Searching for "Performancer"
No data found.

Searching for "PProeShopper"
No data found.

Searching for "saveeoron"
No data found.

Searching for "siavinshop"
No data found.

Searching for "superfish.com"
No data found.

Searching for "unicoupons"
No data found.

Searching for "WildWestCoupon"
No data found.

-= EOF =-
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm
Advertisement
Register to Remove

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 7th, 2014, 7:47 pm

Update:
While downloading Zoek, many windows opened up. During my submission this go around, I have a facebook, twitter, mail and plus sign that sits to the left of my IE browser. I removed Chrome and deleted the folder you listed.
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby Cypher » October 8th, 2014, 5:27 am

Hi,
While downloading Zoek, many windows opened up. During my submission this go around, I have a facebook, twitter, mail and plus sign that sits to the left of my IE browser. I removed Chrome and deleted the folder you listed.
Lets reset Internet Explorer.
Once done let me know if your are still having problems with it.
We also need to run another fix, then we will reinstall Chrome, let me know if you have any problems using Chrome now to.

Please download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the words Code: select all.
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts] 
    [emptytemp]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

  • Please download Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE.
  • Next time IE is launched you will be prompted to reapply settings again, this is normal.
  • Note: Any add-ons will require to be reapplied after the above reset.

Next.
Download and reinstall Google chrome from Here


Logs/Information to Post in your Next Reply

  • OTM Fix log.
  • Are you having any other problems with Internet Explorer?
  • Are you having any problems with Chrome?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 8th, 2014, 9:53 am

Hello Cypher,

Thank you so much for your help with this! I will say that I have quit trying to fix things on my own - instead going straight to malwareremoval.com for help right away. IE and Chrome are working properly now (actually typing in Chrome right now). Here is the log you requested:



All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\karen\Desktop\cmd.bat deleted successfully.
C:\Users\karen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: karen
->Temp folder emptied: 25046 bytes
->Temporary Internet Files folder emptied: 4573556 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 854 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12762 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10082014_075821

Files moved on Reboot...
C:\Users\karen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\karen\AppData\Local\Temp\~DF581B317A9D53A983.TMP not found!
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9W4TC6H\ads[2].htm moved successfully.
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9W4TC6H\Hgo13k-tfSpn0qi1SFdUfT8E0i7KZn-EPnyo3HZu7kw[2].woff moved successfully.
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9W4TC6H\zrt_lookup[1].htm moved successfully.
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BY8HD8E9\DroidSans[1].woff moved successfully.
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\292OFCZM\ads[2].htm moved successfully.
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\292OFCZM\viewtopic[1].htm moved successfully.
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 8th, 2014, 9:57 am

And just as I posted it, a pop up came in on the left side of Chrome with the facebook, twitter, mail and plus sign again. I don't use Chrome typically (I prefer Firefox) - is this expected behavior? I clicked on what appeared to be the "hide" button (an arrow pointing to the left) and I haven't seen it since.
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby Cypher » October 8th, 2014, 10:46 am

Hi,
Thank you so much for your help with this!

You're most welcome :)
IE and Chrome are working properly now (actually typing in Chrome right now).

And just as I posted it, a pop up came in on the left side of Chrome with the facebook, twitter, mail and plus sign again. I don't use Chrome typically (I prefer Firefox) - is this expected behavior?

Good to hear both appear to be running better.
I personally have never used Chrome, those could be normal extensions within the browser.
How is it performing otherwise, any redirected searches or multiple tabs opening now ?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 8th, 2014, 12:56 pm

Dear Cypher,

No - I have tried multiple searches, opened tabs on my own, used and searched for a variety of webpages and everything is quiet.

Next steps?

Nathan
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 8th, 2014, 1:00 pm

Hmmm, the only site that brings the buttons up to the left is this site...
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby Cypher » October 8th, 2014, 1:16 pm

Hi,
I have tried multiple searches, opened tabs on my own, used and searched for a variety of webpages and everything is quiet.

Excellent.
Hmmm, the only site that brings the buttons up to the left is this site...

That's fine, it's a feature of this site ;)
Your latest logs appear to be clean so you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools
    • Purge system restore
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

We removed outdated versions of Adobe Reader and Java, if you use them you can reinstall the latest versions.

Java SE Runtime Environment (JRE).

Please download from HERE

  • Find Java SE 8u20.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (11.0.09).
  • Note: Uncheck install McAfee Security Scan Plus


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unwanted Tabs Open in Browser

Unread postby dreslick » October 8th, 2014, 1:45 pm

That sounds fine. I have read the post. Thank you again for your help!
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Unwanted Tabs Open in Browser

Unread postby Cypher » October 8th, 2014, 1:58 pm

dreslick wrote:Thank you again for your help!

My pleasure :)
As you have no questions i will close this topic.
Good luck and stay safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware