Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adwcleaner keeps detecting /AppData/Roaming/productdata


  • Please log in to reply
5 replies to this topic

#1 junkbaggage

junkbaggage

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:05 PM

Posted 24 September 2015 - 09:21 AM

Hi, just joined this site.

 

This morning I scanned for malware with adwcleaner, to find that this folder has been coming back after deletion through the program. I scanned with Junkware removal tool as well, and the same has happened.

 

Seeing as it is apparent malware/adware, I would appreciate help getting rid of this.

 

 

# AdwCleaner v5.008 - Logfile created 24/09/2015 at 10:16:37
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Amanda - AMANDAPC
# Running from : C:\Users\Amanda\Downloads\Maintenance\adwcleaner_5.008.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\Amanda\AppData\Roaming\productdata

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner[S37].txt - [678 bytes] - [18/08/2015 07:28:48]
C:\AdwCleaner[S38].txt - [741 bytes] - [27/08/2015 16:36:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S56].txt - [773 bytes] ##########
 

 

Sincerely,

 

AM


Edited by hamluis, 24 September 2015 - 09:26 AM.
Moved from Win 10 Support to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:05 PM

Posted 24 September 2015 - 10:02 AM

Welcome to BC!

 

Let's see what CCleaner's Tools find.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Please post the THREE lists using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:05 PM

Posted 24 September 2015 - 10:11 AM

Here are the results via Ccleaner:

 

Windows Startup:

 

No    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\Amanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes    HKCU:Run    Spotify    Spotify Ltd    "C:\Users\Amanda\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
No    HKCU:Run    Spotify Web Helper    Spotify Ltd    "C:\Users\Amanda\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
No    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes    HKLM:Run    DT HPC    Portrait Displays, Inc.    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
No    HKLM:Run    LogMeIn Hamachi Ui    LogMeIn Inc.    "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Yes    HKLM:Run    NvBackend    NVIDIA Corporation    "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes    HKLM:Run    PivotSoftware    Portrait Displays, Inc.    "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes    HKLM:Run    ShadowPlay    Microsoft Corporation    C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    HKLM:Run    XboxStat    Microsoft Corporation    "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 

 

Scheduled tasks:

 

Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
No    Task    Game_Booster_AutoUpdate        C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe /AUTORUN
Yes    Task    HPCeeScheduleForAmanda    Hewlett-Packard    C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForAmanda (null)
No    Task    HPGenoobeReminder    Hewlett-Packard Company    "C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe" CLEAR
No    Task    Optimize Start Menu Cache Files-S-1-5-21-2875525695-916050678-498746763-1001        
 

Installed programs:

 

0 A.D.    Wildfire Games            r16411P-alpha
7-Zip 9.20 (x64 edition)    Igor Pavlov    2015-01-07    4.53 MB    9.20.00.0
Adobe Flash Player 19 NPAPI    Adobe Systems Incorporated            19.0.0.185
Alcor Micro USB Card Reader Driver    Alcor Micro Corp.    2015-01-07        20.21.3317.03861
AMD Catalyst Install Manager    Advanced Micro Devices, Inc.    2015-01-07    26.5 MB    8.0.916.0
ASUS Product Register Program    ASUSTek Computer Inc.    2015-03-25    19.2 MB    1.0.026
Borderlands 2    Gearbox Software            
Broadcom 802.11 Wireless LAN Adapter    Broadcom Corporation            
Broadcom Bluetooth Drivers    Broadcom Corporation    2015-01-07    14.7 MB    12.0.0.9850
CCleaner    Piriform            5.06
Connect    Cisco Consumer Products LLC            1.4.14232.0
CyberLink Media Suite 10    CyberLink Corp.    2015-01-07        10.0.8.4420
Cyberlink PhotoDirector    CyberLink Corp.            5.0.3.5529
CyberLink Power Media Player 12    CyberLink Corp.    2015-01-07        12.0.5.4505
CyberLink Power2Go 8    CyberLink Corp.    2015-01-07        8.0.8.4316
CyberLink PowerBackup 2.6    CyberLink Corp.    2015-01-07        2.6.1.0903
CyberLink PowerDirector 12    CyberLink Corp.            12.0.2.3317
Diablo II    Blizzard Entertainment            
Divinity: Original Sin    Larian Studios            
Foxit PhantomPDF    Foxit Corporation    2015-01-07    579 MB    6.0.33.715
Garry's Mod    Facepunch Studios            
Gauntlet™    Arrowhead Game Studios            
Grand Theft Auto V    Rockstar North            
HP Documentation    Hewlett-Packard    2015-01-07    222 MB    1.3.0.0
HP My Display    Portrait Displays, Inc.    2015-03-25        2.10.009
HP Registration Service    Hewlett-Packard    2015-01-07    30.1 MB    1.2.7745.4851
HP Support Assistant    Hewlett-Packard Company    2015-01-07    65.1 MB    7.7.34.34
HP Support Information    Hewlett-Packard    2015-01-07    1.69 MB    13.00.0000
HP Support Solutions Framework    Hewlett-Packard Company    2015-03-25    7.48 MB    11.51.0048
Java 8 Update 60    Oracle Corporation    2015-08-27    20.6 MB    8.0.600.27
Life is Feudal: Your Own    Bitbox Ltd.            
LogMeIn Hamachi    LogMeIn, Inc.    2015-08-07        2.2.0.383
Malwarebytes Anti-Malware version 2.1.8.1057    Malwarebytes Corporation    2015-07-04        2.1.8.1057
Microsoft Office    Microsoft Corporation    2015-01-07    321 MB    15.0.4641.1005
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    2015-01-07    4.28 MB    8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    2014-04-02    7.00 MB    8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    2015-07-13    13.2 MB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    2015-08-18    5.95 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    2014-04-02    10.2 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    2015-01-07    10.1 MB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    2015-07-13    10.1 MB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    2015-07-02    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    2015-07-02    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation            11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation            11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501    Microsoft Corporation            12.0.30501.0
Microsoft Xbox 360 Accessories 1.2    Microsoft    2015-05-15    7.78 MB    1.20.146.0
Minecraft    Mojang    2015-07-22    1.22 MB    1.0.3.0
Minion    ZAM Network LLC    2015-05-03        2.0
Mozilla Firefox 40.0.3 (x86 en-US)    Mozilla            40.0.3
Mozilla Maintenance Service    Mozilla            40.0.3.5716
NVIDIA 3D Vision Controller Driver 352.65    NVIDIA Corporation    2015-09-24        352.65
NVIDIA 3D Vision Driver 355.98    NVIDIA Corporation    2015-09-24        355.98
NVIDIA GeForce Experience 2.5.14.5    NVIDIA Corporation    2015-09-01        2.5.14.5
NVIDIA Graphics Driver 355.98    NVIDIA Corporation    2015-09-24        355.98
NVIDIA HD Audio Driver 1.3.34.3    NVIDIA Corporation    2015-09-24        1.3.34.3
NVIDIA Miracast Virtual Audio 355.82    NVIDIA Corporation    2015-09-01        355.82
NVIDIA PhysX System Software 9.15.0428    NVIDIA Corporation    2015-07-29        9.15.0428
PhotoDirector    CyberLink Corp.        439 MB    5.0.3.5529
PowerDirector    CyberLink Corp.        910 MB    12.0.2.3317
PowerLine Utility    TP-LINK    2015-07-12    2.70 MB    1.1.830
Realtek Card Reader    Realtek Semiconductor Corp.    2015-01-07        6.2.9200.30164
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.            6.0.1.7525
Rockstar Games Social Club    Rockstar Games            1.1.6.1
Skype™ 7.8    Skype Technologies S.A.    2015-09-10    71.1 MB    7.8.102
Spotify    Spotify AB    2015-09-18        1.0.14.124.g4dfabc51
Steam    Valve Corporation            2.10.91.91
The Elder Scrolls Online    Zenimax Online Studios            1.0.0.0
WinPcap 4.1.3    Riverbed Technology, Inc.            4.1.0.2980
WinRAR 5.21 (64-bit)    win.rar GmbH            5.21.0
 

 

--

 

Thank you



#4 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:05 PM

Posted 24 September 2015 - 10:29 AM

Nothing there screams malware or adware. Suggest you run a scan using Eset Online Scanner which will take more than hour. Plan accordingly.

I see you have MBAM installed. If you haven't scanned recently with it and allowed it to remove PUPS....do that.

 

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:05 PM

Posted 24 September 2015 - 11:37 AM

Hello, I completed your instructions, and at the end of the scan nothing had been detected. There was no log.



#6 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:05 PM

Posted 24 September 2015 - 12:22 PM

You can start a new topic in the Malware Removal Forum. They can use tools and have more expertise to use them than is allowed in this forum.

Suggest you do that if for nothing else but peace of mind.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users