Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May have adware


  • Please log in to reply
12 replies to this topic

#1 nlmiller1975

nlmiller1975

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 14 August 2015 - 10:35 PM

I seem to have ads at the top of or the side of the browser every time I visit a website.  It appears to be happening whether it's Internet Explorer or Google Chrome.  I was also redirected to a website telling me to call a toll-free number saying that I have adware on my computer.  I didn't write down the website, though, or the phone number.  Also, my computer seems to be a bit more sluggish than normal.  Not sure if this is related.

 

Thank you in advance!



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:12:08 AM

Posted 15 August 2015 - 02:06 AM

I seem to have ads at the top of or the side of the browser every time I visit a website.  It appears to be happening whether it's Internet Explorer or Google Chrome.  I was also redirected to a website telling me to call a toll-free number saying that I have adware on my computer.  I didn't write down the website, though, or the phone number.  Also, my computer seems to be a bit more sluggish than normal.  Not sure if this is related.
 
Thank you in advance!


Not to belittle your problem, but to install Adware to inform you that you have Adware is perverse.

Please download AdwCleaner by Xplode and save to your Desktop. This will only scan your computer. I like to know what will be removed before it is removed. Just cautious that way.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

To err is Human. To blame it on someone else is even more Human.

#3 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 20 August 2015 - 11:52 AM

# AdwCleaner v5.003 - Logfile created 20/08/2015 at 11:00:17
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Nancy M Home Built - NANCYMHOMEBUILT
# Running from : C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\Nancy M Home Built\AppData\Roaming\ShopAtHome
Folder Found : C:\Users\Nancy M Home Built\Desktop\Inbox

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : AmiUpdXp
Task Found : bench-sys

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{E4607B39-174A-44BA-AB08-8892366ECA13}]
Key Found : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

[C:\Users\Nancy M Home Built\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Nancy M Home Built\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1334 bytes] ##########


Edited by nlmiller1975, 20 August 2015 - 12:03 PM.


#4 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 27 August 2015 - 09:43 PM

Sorry to bump this, but it's been a week since I posted.  I understand there are tons of people hoping for help, but I don't remember the average timeline for waiting for a reply; so if I'm jumping the gun, please point me in the right direction of how long to wait next time.

 

Thank you.



#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:12:08 AM

Posted 28 August 2015 - 06:09 AM

Sorry, I forgot about this. My apologies. Please run AdwCleaner again. Note the extra step this time around.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
================================================

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Let me know if there is any improvement. Once more I'm very sorry that I didn't respond sooner.
To err is Human. To blame it on someone else is even more Human.

#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:12:08 AM

Posted 30 August 2015 - 03:36 PM

Do you still need help with this?
To err is Human. To blame it on someone else is even more Human.

#7 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 30 August 2015 - 08:20 PM

Yes, I do!!  Sorry.  Was out of town this weekend.

 

Here is the AdwCleaner log:

# AdwCleaner v5.003 - Logfile created 30/08/2015 at 19:18:20
# Updated 20/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Nancy M Home Built - NANCYMHOMEBUILT
# Running from : C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Nancy M Home Built\AppData\Roaming\ShopAtHome
[-] Folder Deleted : C:\Users\Nancy M Home Built\Desktop\Inbox

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : AmiUpdXp
[-] Task Deleted : bench-sys

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{E4607B39-174A-44BA-AB08-8892366ECA13}]
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

[-] [C:\Users\Nancy M Home Built\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Nancy M Home Built\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: IE policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1509 bytes] ##########

 

Here is the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Nancy M Home Built on Sun 08/30/2015 at 19:23:35.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ad-aware browsing protection

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

 

~~~ Files

Successfully deleted: [File] C:\ProgramData\SPL10B0.tmp
Successfully deleted: [File] C:\ProgramData\SPL13A.tmp
Successfully deleted: [File] C:\ProgramData\SPL142F.tmp
Successfully deleted: [File] C:\ProgramData\SPL14E9.tmp
Successfully deleted: [File] C:\ProgramData\SPL1573.tmp
Successfully deleted: [File] C:\ProgramData\SPL1C7F.tmp
Successfully deleted: [File] C:\ProgramData\SPL1FF2.tmp
Successfully deleted: [File] C:\ProgramData\SPL2195.tmp
Successfully deleted: [File] C:\ProgramData\SPL231.tmp
Successfully deleted: [File] C:\ProgramData\SPL241.tmp
Successfully deleted: [File] C:\ProgramData\SPL2464.tmp
Successfully deleted: [File] C:\ProgramData\SPL25BA.tmp
Successfully deleted: [File] C:\ProgramData\SPL2636.tmp
Successfully deleted: [File] C:\ProgramData\SPL276D.tmp
Successfully deleted: [File] C:\ProgramData\SPL283C.tmp
Successfully deleted: [File] C:\ProgramData\SPL29A5.tmp
Successfully deleted: [File] C:\ProgramData\SPL2E2F.tmp
Successfully deleted: [File] C:\ProgramData\SPL36C8.tmp
Successfully deleted: [File] C:\ProgramData\SPL3775.tmp
Successfully deleted: [File] C:\ProgramData\SPL3788.tmp
Successfully deleted: [File] C:\ProgramData\SPL3A71.tmp
Successfully deleted: [File] C:\ProgramData\SPL3F35.tmp
Successfully deleted: [File] C:\ProgramData\SPL3FA.tmp
Successfully deleted: [File] C:\ProgramData\SPL423D.tmp
Successfully deleted: [File] C:\ProgramData\SPL44DC.tmp
Successfully deleted: [File] C:\ProgramData\SPL4654.tmp
Successfully deleted: [File] C:\ProgramData\SPL5142.tmp
Successfully deleted: [File] C:\ProgramData\SPL53F9.tmp
Successfully deleted: [File] C:\ProgramData\SPL57D0.tmp
Successfully deleted: [File] C:\ProgramData\SPL596D.tmp
Successfully deleted: [File] C:\ProgramData\SPL5AD3.tmp
Successfully deleted: [File] C:\ProgramData\SPL5E35.tmp
Successfully deleted: [File] C:\ProgramData\SPL5EE1.tmp
Successfully deleted: [File] C:\ProgramData\SPL6043.tmp
Successfully deleted: [File] C:\ProgramData\SPL666F.tmp
Successfully deleted: [File] C:\ProgramData\SPL6B7E.tmp
Successfully deleted: [File] C:\ProgramData\SPL6C2A.tmp
Successfully deleted: [File] C:\ProgramData\SPL6DB0.tmp
Successfully deleted: [File] C:\ProgramData\SPL6DF4.tmp
Successfully deleted: [File] C:\ProgramData\SPL6EB0.tmp
Successfully deleted: [File] C:\ProgramData\SPL6F5.tmp
Successfully deleted: [File] C:\ProgramData\SPL735A.tmp
Successfully deleted: [File] C:\ProgramData\SPL73A8.tmp
Successfully deleted: [File] C:\ProgramData\SPL7504.tmp
Successfully deleted: [File] C:\ProgramData\SPL7916.tmp
Successfully deleted: [File] C:\ProgramData\SPL7B03.tmp
Successfully deleted: [File] C:\ProgramData\SPL7C11.tmp
Successfully deleted: [File] C:\ProgramData\SPL7C90.tmp
Successfully deleted: [File] C:\ProgramData\SPL7C9E.tmp
Successfully deleted: [File] C:\ProgramData\SPL7DC7.tmp
Successfully deleted: [File] C:\ProgramData\SPL81A2.tmp
Successfully deleted: [File] C:\ProgramData\SPL82BC.tmp
Successfully deleted: [File] C:\ProgramData\SPL85FB.tmp
Successfully deleted: [File] C:\ProgramData\SPL8E1E.tmp
Successfully deleted: [File] C:\ProgramData\SPL905C.tmp
Successfully deleted: [File] C:\ProgramData\SPL94CF.tmp
Successfully deleted: [File] C:\ProgramData\SPL9A6B.tmp
Successfully deleted: [File] C:\ProgramData\SPL9A70.tmp
Successfully deleted: [File] C:\ProgramData\SPL9B28.tmp
Successfully deleted: [File] C:\ProgramData\SPLA3E.tmp
Successfully deleted: [File] C:\ProgramData\SPLA402.tmp
Successfully deleted: [File] C:\ProgramData\SPLA8BC.tmp
Successfully deleted: [File] C:\ProgramData\SPLA929.tmp
Successfully deleted: [File] C:\ProgramData\SPLAC9C.tmp
Successfully deleted: [File] C:\ProgramData\SPLB00E.tmp
Successfully deleted: [File] C:\ProgramData\SPLB4C2.tmp
Successfully deleted: [File] C:\ProgramData\SPLB7C4.tmp
Successfully deleted: [File] C:\ProgramData\SPLBEFC.tmp
Successfully deleted: [File] C:\ProgramData\SPLC3E5.tmp
Successfully deleted: [File] C:\ProgramData\SPLC873.tmp
Successfully deleted: [File] C:\ProgramData\SPLCA21.tmp
Successfully deleted: [File] C:\ProgramData\SPLCA53.tmp
Successfully deleted: [File] C:\ProgramData\SPLCAC6.tmp
Successfully deleted: [File] C:\ProgramData\SPLCC24.tmp
Successfully deleted: [File] C:\ProgramData\SPLCF34.tmp
Successfully deleted: [File] C:\ProgramData\SPLD1C7.tmp
Successfully deleted: [File] C:\ProgramData\SPLD2D.tmp
Successfully deleted: [File] C:\ProgramData\SPLD420.tmp
Successfully deleted: [File] C:\ProgramData\SPLD5F4.tmp
Successfully deleted: [File] C:\ProgramData\SPLD648.tmp
Successfully deleted: [File] C:\ProgramData\SPLD6FE.tmp
Successfully deleted: [File] C:\ProgramData\SPLD884.tmp
Successfully deleted: [File] C:\ProgramData\SPLDEB0.tmp
Successfully deleted: [File] C:\ProgramData\SPLDF69.tmp
Successfully deleted: [File] C:\ProgramData\SPLE027.tmp
Successfully deleted: [File] C:\ProgramData\SPLE189.tmp
Successfully deleted: [File] C:\ProgramData\SPLE2C1.tmp
Successfully deleted: [File] C:\ProgramData\SPLE30E.tmp
Successfully deleted: [File] C:\ProgramData\SPLE3FA.tmp
Successfully deleted: [File] C:\ProgramData\SPLE405.tmp
Successfully deleted: [File] C:\ProgramData\SPLE649.tmp
Successfully deleted: [File] C:\ProgramData\SPLE932.tmp
Successfully deleted: [File] C:\ProgramData\SPLEA12.tmp
Successfully deleted: [File] C:\ProgramData\SPLEA3F.tmp
Successfully deleted: [File] C:\ProgramData\SPLEC74.tmp
Successfully deleted: [File] C:\ProgramData\SPLF176.tmp
Successfully deleted: [File] C:\ProgramData\SPLFC0D.tmp
Successfully deleted: [File] C:\Users\Nancy M Home Built\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.zabasearch.com_0.localstorage
Successfully deleted: [File] C:\Users\Nancy M Home Built\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.zabasearch.com_0.localstorage-journal

 

~~~ Folders

Failed to delete: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\ad-aware browsing protection
Successfully deleted: [Folder] C:\Users\Nancy M Home Built\Appdata\Local\adawarebp

 

~~~ Chrome

[C:\Users\Nancy M Home Built\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Nancy M Home Built\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Nancy M Home Built\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Nancy M Home Built\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/30/2015 at 19:26:18.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Thank you so much for your time!  As for working better.  I haven't had a ton of time to test it, but it seems better so far.  Can we also discuss security and maintenance at some point when we're done with this part?

Also, I had something pop up requesting me to download it:  loadus.exelator.


Edited by nlmiller1975, 30 August 2015 - 08:32 PM.


#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:12:08 AM

Posted 31 August 2015 - 01:33 AM

First, avoid loadus.exelator like the plague! Second, I'm happy to hear that things are better.

I hope you won't mind putting up with 3 more scans, the first 2 just to make sure we nailed everything, the last to get an idea of your overall security setup.

:step1:
Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply. .
    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
    -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
    -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd



    ==============================================
    :step2:
    ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
When ESET is finished, turn your antivirus and antimalware software back on!
========================================================

 Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
To err is Human. To blame it on someone else is even more Human.

#9 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 14 September 2015 - 10:06 PM

Again, thank you for the help on this.

 

Here is the Scan Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/14/2015
Scan Time: 8:41 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.15.01
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nancy M Home Built

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437505
Time Elapsed: 11 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.BenchUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bench-S-1-5-21-3338567975-2302980196-3939936843-1000, Delete-on-Reboot, [f934969a068592a413153051c93bb14f],
PUP.Optional.GetSavin, HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\SOFTWARE\GetSavin, Quarantined, [eb4271bf404b49ed1804e8ae0afaa858],
PUP.Optional.GetSavin, HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\SOFTWARE\APPDATALOW\SOFTWARE\GetSavin, Quarantined, [2409230d206ba0968d8ec0d6e02430d0],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

I don't know if you need this or not, but here is the "Protection Log":

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 9/14/2015 8:38 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Remediation Database, 2015.3.9.1, 2015.9.11.1,
Update, 9/14/2015 8:38 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Rootkit Database, 2015.2.25.1, 2015.8.16.1,
Update, 9/14/2015 8:38 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Domain Database, 0.0.0.0, 2015.9.14.9,
Update, 9/14/2015 8:38 PM, SYSTEM, NANCYMHOMEBUILT, Manual, IP Database, 0.0.0.0, 2015.9.14.4,
Update, 9/14/2015 8:38 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Malware Database, 2015.3.9.5, 2015.9.15.1,
Update, 9/14/2015 8:39 PM, SYSTEM, NANCYMHOMEBUILT, Manual, program, 2.1.6.1022, 2.1.8.0,
Error, 9/14/2015 8:40 PM, SYSTEM, NANCYMHOMEBUILT, Update, Bad md5 or size: akadomains, 11,
Error, 9/14/2015 8:40 PM, SYSTEM, NANCYMHOMEBUILT, Update, Bad md5 or size: akaips, 11,
Update, 9/14/2015 8:40 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Remediation Database, 2015.5.13.1, 2015.9.11.1,
Update, 9/14/2015 8:40 PM, SYSTEM, NANCYMHOMEBUILT, Manual, AKA Domain Database, 0.0.0.0, 2015.9.11.2,
Update, 9/14/2015 8:40 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 9/14/2015 8:40 PM, SYSTEM, NANCYMHOMEBUILT, Manual, AKA IP Database, 0.0.0.0, 2015.9.11.2,
Update, 9/14/2015 8:41 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Domain Database, 0.0.0.0, 2015.9.14.9,
Update, 9/14/2015 8:41 PM, SYSTEM, NANCYMHOMEBUILT, Manual, IP Database, 0.0.0.0, 2015.9.14.4,
Update, 9/14/2015 8:41 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Malware Database, 2015.6.3.3, 2015.9.15.1,
Scan, 9/14/2015 8:55 PM, SYSTEM, NANCYMHOMEBUILT, Manual, Start:9/14/2015 8:41 PM, Duration:11 min 12 sec, Threat Scan, Completed, 0 Malware Detections, 3 Non-Malware Detections,
Error, 9/14/2015 8:57 PM, SYSTEM, NANCYMHOMEBUILT, Protection, IsLicensed, 13,
Protection, 9/14/2015 8:57 PM, SYSTEM, NANCYMHOMEBUILT, Protection, Malware Protection, Stopping,
Protection, 9/14/2015 8:57 PM, SYSTEM, NANCYMHOMEBUILT, Protection, Malware Protection, Stopped,

(end)



#10 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 15 September 2015 - 10:13 AM

Here is what I got in the ESET scan/document:

 

C:\FRST\Quarantine\C\Users\Nancy M Home Built\AppData\Local\Deal Slider\SoftwareDetector.exe a variant of Win32/AdWare.SmartApps.A application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.66.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Scribe\scribe.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Scribe\scribesetup_v5.59.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
E:\X - Docs, Photos and Downloads\Downloads\Adobe Acrobat Pro X v10.0 Multilingual\AcrobatPro_10_Web_WWEFD.exe multiple threats cleaned by deleting - quarantined
E:\X - Docs, Photos and Downloads\Downloads\Adobe Download\Downloaded\AcrobatPro_10_Web_WWEFD.exe multiple threats cleaned by deleting - quarantined
E:\X - Docs, Photos and Downloads\Downloads\Audio Converter\Setup_FreeConverter.exe Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
E:\X - Docs, Photos and Downloads\Downloads\Audio Converter\Setup_FreeConverter2.exe Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

 

 

And here is the file from SecurityCheck:

 

 Results of screen317's Security Check version 1.008 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
  Adobe Flash Player 14.0.0.125 Flash Player out of Date! 
 Adobe Reader XI 
 Google Chrome 42.0.2311.152 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

I see a note in here that says not to defragment if I have an SSD.  Is this true?  How do I clean it up, if so?

 

Thanks again!

 



#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:12:08 AM

Posted 17 September 2015 - 10:55 PM

I see a note in here that says not to defragment if I have an SSD.  Is this true?  How do I clean it up, if so?
 
Thanks again!

That message about the fragmentation can, and should be ignored. Fragmentation refers to the phenomena of files being broken up and stored in different clusters on the drive. On old mechanical drives this is a problem because the Drive Head has to go searching around different clusters if you want to play that particularly large video file that is in pieces over several clusters on a mechanical drive. SSDs, on the other hand, access all parts of the drive at the same time, so fragmentation isn't a concern. One drawback to SSD is that excessive reads and writes to the drive can cause premature failure. When you defrag a drive the computer has to read thousands of pieces of fragmented files, and write them again so that they are contiguous, producing unnecessary wear and tear on the SSD drive.

As for Ad-Aware I would uninstall it. Stick with MSE. Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.

To remove Ad-Aware

We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.
  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Ad Aware
    Lavasoft
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
While you're at it:

Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Important Note: Your Google Chrome Installation is outdated. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Chrome Vulnerabilities
  • Chrome Knowledge based about Vulnerabilities
  • Please follow steps below to update your Google Chrome to the latest version.
  • Go to this link, you may set Chrome as default Browser or let Chrome send usage statistics and crash report to Google automatically.
  • Click Accept and Install.
  • Please download the file to your desktop.
  • Run the installer and follow the instructions.

Edited by Bezukhov, 17 September 2015 - 11:02 PM.

To err is Human. To blame it on someone else is even more Human.

#12 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 30 September 2015 - 12:05 AM

I have done what you had asked in the above post.  Is there something to follow?  TIA!



#13 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 06 October 2015 - 09:07 PM

I apologize for bumping, but it's been one week today.  TIA






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users