|
Post by greebal on Apr 9, 2014 10:01:45 GMT
How do I find the image URL?
I have a pic on my desktop taken with the snipping tool.
|
|
|
Post by Lighthouse on Apr 9, 2014 10:53:07 GMT
You have to upload it to somewhere like PhotoBucket. You need to create a free account there, upload it, and then copy the embed code, and paste it in your post.
|
|
|
Post by Admin_Vistamike on Apr 9, 2014 11:01:07 GMT
Use the 'Add image to post' button. Select pic (browse) Upload as default size....then click upload!! The image will be open in new window when clicked. Or use: rightload.org/And to post a high res pic. I use the i.imgur.com option, select the BBcode image. Add image gives you this:
|
|
|
Post by greebal on Apr 9, 2014 11:10:09 GMT
Thanks for that.
I had a problem and was going to post the pic, fortunately AdwCleaner sorted it for me.
|
|
|
Post by Admin_Vistamike on Apr 9, 2014 11:50:06 GMT
Feel free to test an image post!
|
|
|
Post by greebal on Apr 9, 2014 11:59:23 GMT
This is the snip
|
|
|
Post by greebal on Apr 9, 2014 12:05:05 GMT
As you can see, tested and working, I will buy you a beer but you would have to come down to southern Spain to sup it.
|
|
|
Post by Admin_Vistamike on Apr 9, 2014 13:42:36 GMT
Estepona, La Línea de la Concepción and Gibraltar I know well...
So the snip was to alert a warning that the 'site' was untrusted!!
|
|
|
Post by greebal on Apr 9, 2014 14:27:23 GMT
The snip was what I got every time I opened IE. I obviously got infected somewhere along the line because I always had it set to the startpage search engine I had to drink your beer because it was getting warm in the sun.
|
|
|
Post by irvsp on Apr 9, 2014 14:51:55 GMT
This is the snip You've been infected with Qone8. REMOVAL INSTRUCTIONSI've seen people get infected from d/l'ing programs from some sites. You have to WATCH what you click on. Many have 'download' in a few places. Many times, the file you really want is NOT on the first d/l link. You also must read the EULA carefully. Some will specifically call out other loaded programs. Also, do not BLINDLY click NEXT and look at what might be checked, usually other installs. Some will hide them under 'Advanced Install' or 'Custom Install'. Worse part, many do NOT show up in the PROGRAMS AND FEATURES Control Panel ADD/DELETE listing.
|
|
|
Post by greebal on Apr 9, 2014 15:21:29 GMT
|
|
|
Post by irvsp on Apr 9, 2014 18:19:19 GMT
I clicked on your link and got ADWARECLEANER to try. Actually got it from HERE.BIG MISTAKE!!!!
It took out stuff that crippled some games and legitimate EXTENSIONS in FireFox. Reviewing the chosen 'items' it thought was bad wasn't much help. Especially the Registry entries. It basically gave NO indication of anything, and why it was to be removed. Luckily it does QUARANTINE what it removed, so I was able to restore everything. This is the resultant log: # AdwCleaner v3.023 - Report created 09/04/2014 at 13:00:22 # Updated 01/04/2014 by Xplode # Operating System : Windows 8.1 Pro with Media Center (64 bits) # Username : Irv - IRV-XPS435 # Running from : K:\Inet DL\adwcleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\OpenCandy Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\ProgramData\Alawar Stargaze Folder Deleted : C:\ProgramData\AlawarEntertainment Folder Deleted : C:\ProgramData\AlawarWrapper Folder Deleted : C:\Program Files (x86)\iLivid Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin Folder Deleted : C:\Users\Irv\AppData\Local\CrashRpt Folder Deleted : C:\Users\Irv\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Irv\AppData\Local\PackageAware Folder Deleted : C:\Users\Irv\AppData\Local\TempDir Folder Deleted : C:\Users\Irv\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Irv\AppData\Roaming\DigitalSites Folder Deleted : C:\Users\Irv\AppData\Roaming\quickclick Folder Deleted : C:\Users\Irv\AppData\Roaming\Systweak Folder Deleted : C:\Users\Irv\AppData\Roaming\AlawarEntertainment Folder Deleted : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\fj4knerp.default-1360634738914\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} Folder Deleted : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\fj4knerp.default-1360634738914\Extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975} Folder Deleted : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\fj4knerp.default-1360634738914\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} Folder Deleted : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\fj4knerp.default-1360634738914\Extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA} Folder Deleted : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\ibic5ltu.test\Extensions\staged File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk File Deleted : C:\Users\Irv\AppData\Local\Temp\Uninstall.exe File Deleted : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\fj4knerp.default-1360634738914\searchplugins\safesearch.xml File Deleted : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\ibic5ltu.test\searchplugins\safesearch.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\powerpack Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKLM\Software\OpenCandy Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\Trymedia Systems
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\fj4knerp.default-1360634738914\prefs.js ]
Line Deleted : user_pref("extensions.crossrider.bic", "13e4ba8d373b7306fa903a93faba5f03"); Line Deleted : user_pref("extensions.helperbar.Country", "United States"); Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false); Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false); Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Line Deleted : user_pref("extensions.helperbar.UserID", "64ec3176-b863-4c71-9772-bd8938eb320c"); Line Deleted : user_pref("extensions.helperbar.Visibility", false); Line Deleted : user_pref("extensions.yMnByWpMtpg.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 && window.self == win[...] Line Deleted : user_pref("keyword.URL", "hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=NIS&chn=retail&geo=US&ver=21&q=");
[ File : C:\Users\Irv\AppData\Roaming\Mozilla\Firefox\Profiles\ibic5ltu.test\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Irv\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7856 octets] - [09/04/2014 12:57:09] AdwCleaner[S0].txt - [6238 octets] - [09/04/2014 13:00:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6298 octets] ##########
I will not use this program again..... I started looking at those shown and all I found were empty folders on the disk as I had removed them before, but didn't bother looking in the Registry, assumed they were just pointers, WRONG. I lost licenses to a few games that were removed from the registry. Luckily running the app and its restore function appears (so far) to have put everything back. No doubt I have some AdWare on my computer but this app is overly aggressive.
|
|
|
Post by greebal on Apr 9, 2014 18:27:16 GMT
Bloody hell!!
sorry irv
but thank you very much for your informative advice.
|
|
|
Post by GuiltySpark on Apr 9, 2014 18:34:02 GMT
Have to disagree with you there Irv, I've found adwcleaner to be very good at its job and saved me having to go sieving through reg files for hours trying to find the culprit(s), many removal programs can be 'overly aggressive' but some do a good legitimate job and others remove legit apps, but to each their own as I've never had any issues with it in the past.
You certainly do have a few nasties in there, not surprising nowadays with the bundling.
|
|
|
Post by irvsp on Apr 9, 2014 20:46:28 GMT
Have to disagree with you there Irv, I've found adwcleaner to be very good at its job and saved me having to go sieving through reg files for hours trying to find the culprit(s), many removal programs can be 'overly aggressive' but some do a good legitimate job and others remove legit apps, but to each their own as I've never had any issues with it in the past. You certainly do have a few nasties in there, not surprising nowadays with the bundling. The 'nasties' were all remnants it seemed? I recognized them as ones that had gotten on my computer in the past. All were empty folders it seemed. Whatever I used in the past to get stuff off had left the folders. The log as shown (there are 2 actually) was the one after it had removed everything. That came up and was created after the re-boot. The other was from before the re-boot. Basically the same. What the log and the app didn't show was 'how much' was taken out from those folders and specifically the Registry. Also this one, C:\ProgramData\Trymedia\licenses, if these are the licenses for the programs on my computer, they were ALL taken out, 209 of them. C:\ProgramData\Trymedia\stats and C:\ProgramData\Trymedia\data\ appear to be matching entries for the licenses too. For instance, this is from the STATS folder and the same name as a LICENSE file: ======== <?xml version="1.0" ?> <amcontent version="7.01" offering="angelicaweavercatchmewhenyoucan"> <path>K:\Games\Angelica Weaver - Catch Me When You Can\GH-AngelicaWeaver_CatchMeWhenYouCanSE.exe</path> <timestamp>0000000051432f05</timestamp> <page>[open.html:A]</page> <trial status="trial"> <time total="00000e10" used="00000000" /> </trial> </amcontent> ============= That game is long since gone. Problem is the way programs are removed. Even Revo Uninstaller can't make the connection back to these files. Only if I use Install Tracking when I installed it. Quite normal, I don't know of any program that just puts the license in plain text anywhere and pointers to it that one can easily read. Because of that, uninstallers have a hard time finding all the little bits of programs you delete. I did find the program I had problems with in both the CACHE and one of the STATS files. There is either a 'flag' or a license buried some how within that data I suspect? I probably have 20 games on my computer, yet the TRYMEDIA directory has 10 times that. Looking at some they are OLD. The whole directory and sub-directories are just over 200MB's, not worth the trouble of getting the 'junk' out. Still, using other cleaners I've not had problems like this. Heck, it even REMOVED the WOT extension from FireFox! My GARMIN one too!
|
|