Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Popup "Web Demographic Survey" on inherited work Asus laptop


  • Please log in to reply
14 replies to this topic

#1 gravymatt

gravymatt

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 18 May 2017 - 04:10 PM

Hi All,

 

Thanks for taking a look at this screen capture of a random popup

 

https://drive.google.com/open?id=0B38RyQ_19K6jM0JDMlg5YTlYWkE

 

Thanks,

Matt



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:03 AM

Posted 18 May 2017 - 07:21 PM

Welcome to BC....

 

Okay, I took a look. Is this something that you want to get rid of? 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 gravymatt

gravymatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 19 May 2017 - 07:54 AM

1) Is is virus, worm, trojan, keylogger, so is it something bad? Or is it something from the manufacturer ASUS?

 --- If it is the manufacturer's blotware, not a major problem

2) If it is a malware, I need to get rid of it because I am handling client log ins and security is important!



#4 buddy215

buddy215

  • Moderator
  • 13,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:03 AM

Posted 19 May 2017 - 08:03 AM

I have no idea whether it is a Asus popup or other. Many have viewed your post without commenting so I think it might be some type of adware.

Does it show up when a browser is opened or does it show up without opening a browser?

 

Run some scans using the programs below.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 buddy215

buddy215

  • Moderator
  • 13,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:03 AM

Posted 19 May 2017 - 08:07 AM

If those programs aren't finding anything...you may be able to spot the cause by using CCleaner Tools.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 gravymatt

gravymatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 19 May 2017 - 08:11 AM

Awesome, thanks. 

 

Additional Info

- I was using Chrome to do WordPress Admin and web research and couple of web app sites



#7 buddy215

buddy215

  • Moderator
  • 13,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:03 AM

Posted 19 May 2017 - 08:25 AM

Then it is likely adware in Chrome or you are not using an ad blocker in your browser(s) such as Adblock Plus.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 gravymatt

gravymatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 19 May 2017 - 01:18 PM

I ran CC Clearner - Check
I ran Malwarebytes - Check ( report below)
 
Malware Report 01
 
Malwarebytes
 
-Log Details-
Protection Event Date: 5/19/17
Protection Event Time: 9:27 AM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1976
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Blocked Malware Details-
File: 1
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [8446], [299817],1.0.1976
 
 
(end)
 
----------------------------------
 
Malwarebytes
 
-Log Details-
Protection Event Date: 5/19/17
Protection Event Time: 9:27 AM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 
Update Package Version: 
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Blocked Malware Details-
File: 1
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [8446], [299817],
 
 
(end)
 
-------------------------------------------------
 
Malwarebytes
 
-Log Details-
Scan Date: 5/19/17
Scan Time: 9:17 AM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1976
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: BigFishResults\Christian
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368339
Threats Detected: 124
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 10 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 20
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
 
Registry Key: 29
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, No Action By User, [5895], [169013],1.0.1976
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, No Action By User, [5895], [169013],1.0.1976
PUP.Optional.WebSteroids, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, No Action By User, [5895], [169013],1.0.1976
PUP.Optional.SweetIM, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, No Action By User, [1144], [168883],1.0.1976
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, No Action By User, [3963], [168908],1.0.1976
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\APTAB, No Action By User, [1019], [254525],1.0.1976
PUP.Optional.eShield, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dkmjljdbbgogihjcapfhgkonfmccbffp, No Action By User, [210], [238147],1.0.1976
PUP.Optional.Cassiopesa, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143E921-7C9A-4D27-AC43-EACCC78CC55A}, No Action By User, [14434], [253732],1.0.1976
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}, No Action By User, [14434], [253732],1.0.1976
PUP.Optional.Cassiopesa, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [14434], [236406],1.0.1976
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [14434], [236406],1.0.1976
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, [14434], [236406],1.0.1976
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PROPCCleanerSoftware_Popup, No Action By User, [345], [390929],1.0.1976
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PROPCCleanerSoftware_Start, No Action By User, [345], [390929],1.0.1976
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UpdateAdmin, No Action By User, [9454], [244353],1.0.1976
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{581C8ECA-D521-42CB-A91B-A5D1510B7759}, No Action By User, [345], [390928],1.0.1976
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{66561845-C929-4796-96AA-5600B4156167}, No Action By User, [9454], [258223],1.0.1976
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C7445758-8F87-4E96-8C96-3591242A2DA5}, No Action By User, [345], [390928],1.0.1976
PUP.Optional.UpdateAdmin, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\DOWNLOADADMIN\UpdateAdmin, No Action By User, [9454], [244351],1.0.1976
PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\playthruplayer.com, No Action By User, [12273], [255015],1.0.1976
PUP.Optional.TNT, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{629D4F01-F915-4343-9CD3-A382D7499757}, No Action By User, [15053], [244085],1.0.1976
PUP.Optional.TNT, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7C380075-2624-4AAF-95BC-B57435666E54}, No Action By User, [15053], [244085],1.0.1976
PUP.Optional.InstantSupport, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\ISTab, No Action By User, [9209], [254396],1.0.1976
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\PCAcceleratePro, No Action By User, [1019], [251881],1.0.1976
PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\PlaythruPlayer, No Action By User, [12273], [241719],1.0.1976
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\PROPCCleanerSoftwareConfig, No Action By User, [345], [246832],1.0.1976
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\PROPCCleanerSoftwareLanguage, No Action By User, [345], [242065],1.0.1976
PUP.Optional.TNT, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\TNT2, No Action By User, [15053], [244086],1.0.1976
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}, No Action By User, [9454], [244354],1.0.1976
 
Registry Value: 24
PUP.Optional.DownLoadAdmin, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|UpdateAdmin, No Action By User, [5], [301032],1.0.1976
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\APTAB|HB, No Action By User, [1019], [254525],1.0.1976
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, No Action By User, [1019], [255023],1.0.1976
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [14434], [236406],1.0.1976
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURLFALLBACK, No Action By User, [14434], [236406],1.0.1976
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FAVICONPATH, No Action By User, [14434], [236406],1.0.1976
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|, No Action By User, [14434], [236406],1.0.1976
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DISPLAYNAME, No Action By User, [14434], [236406],1.0.1976
PUP.Optional.PremierOpinion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{A5AAC5A2-5C28-49C6-9FAC-F800C873A476}, No Action By User, [12287], [257568],1.0.1976
PUP.Optional.PremierOpinion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{F2D4E392-9567-4E32-ACDD-C9BEDC150B4F}, No Action By User, [12287], [257568],1.0.1976
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{581C8ECA-D521-42CB-A91B-A5D1510B7759}|PATH, No Action By User, [345], [390928],1.0.1976
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{66561845-C929-4796-96AA-5600B4156167}|PATH, No Action By User, [9454], [258223],1.0.1976
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C7445758-8F87-4E96-8C96-3591242A2DA5}|PATH, No Action By User, [345], [390928],1.0.1976
PUP.Optional.Cassiopesa, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [14434], [236404],1.0.1976
PUP.Optional.Cassiopesa, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURLFALLBACK, No Action By User, [14434], [236404],1.0.1976
PUP.Optional.Cassiopesa, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FAVICONPATH, No Action By User, [14434], [236404],1.0.1976
PUP.Optional.Cassiopesa, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|, No Action By User, [14434], [236404],1.0.1976
PUP.Optional.Cassiopesa, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DISPLAYNAME, No Action By User, [14434], [236404],1.0.1976
PUP.Optional.TNT, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{629D4F01-F915-4343-9CD3-A382D7499757}|OSDFILEURL, No Action By User, [15053], [244085],1.0.1976
PUP.Optional.TNT, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{629D4F01-F915-4343-9CD3-A382D7499757}|FAVICONURL, No Action By User, [15053], [244085],1.0.1976
PUP.Optional.eShield, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{629D4F01-F915-4343-9CD3-A382D7499757}|URL, No Action By User, [210], [316519],1.0.1976
PUP.Optional.TNT, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7C380075-2624-4AAF-95BC-B57435666E54}|OSDFILEURL, No Action By User, [15053], [244085],1.0.1976
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}|PUBLISHER, No Action By User, [9454], [244354],1.0.1976
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}|DISPLAYNAME, No Action By User, [9454], [261935],1.0.1976
 
Registry Data: 1
PUP.Optional.eShield, HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, No Action By User, [210], [293071],1.0.1976
 
Data Stream: 0
(No malicious items detected)
 
Folder: 17
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\database, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\PROGRAMDATA\PCAcceleratePro, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\USERS\CHRISTIAN\APPDATA\ROAMING\PCAcceleratePro, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPDownloader, No Action By User, [1019], [181159],1.0.1976
PUP.Optional.PremierOpinion, C:\PROGRAM FILES (X86)\PremierOpinion, No Action By User, [12287], [178970],1.0.1976
PUP.Optional.InstantSupport, C:\USERS\CHRISTIAN\APPDATA\ROAMING\INSTANTSUPPORT, No Action By User, [9209], [246482],1.0.1976
PUP.Optional.ProPCCleaner, C:\Users\Christian\AppData\Local\PRO_PC_Cleaner_Software\PROPCCleanerSoftware.exe_Url_jtu4wmlhwegl4pdydcofmqdh5dssv2ck\3.0.1.0, No Action By User, [345], [179053],1.0.1976
PUP.Optional.ProPCCleaner, C:\Users\Christian\AppData\Local\PRO_PC_Cleaner_Software\PROPCCleanerSoftware.exe_Url_jtu4wmlhwegl4pdydcofmqdh5dssv2ck, No Action By User, [345], [179053],1.0.1976
PUP.Optional.ProPCCleaner, C:\USERS\CHRISTIAN\APPDATA\LOCAL\PRO_PC_Cleaner_Software, No Action By User, [345], [179053],1.0.1976
PUP.Optional.UpdateAdmin, C:\USERS\CHRISTIAN\APPDATA\LOCAL\UpdateAdmin, No Action By User, [9454], [180175],1.0.1976
PUP.Optional.ProPCCleaner, C:\USERS\CHRISTIAN\DOCUMENTS\PROPCCleaner, No Action By User, [345], [179054],1.0.1976
PUP.Optional.ProPCCleaner, C:\USERS\CHRISTIAN\DOCUMENTS\PROPCCleanerSoftware, No Action By User, [345], [179054],1.0.1976
PUP.Optional.RelevantKnowledge, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0, No Action By User, [1175], [179185],1.0.1976
PUP.Optional.RelevantKnowledge, C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MKNDCBHCGPHCFKKDDANAKJIEPEKNBGLE, No Action By User, [1175], [179185],1.0.1976
PUP.Optional.PCProCleaner, C:\USERS\CHRISTIAN\APPDATA\ROAMING\UPDATES, No Action By User, [8303], [246034],1.0.1976
PUP.Optional.UpdateAdmin, C:\WINDOWS\INSTALLER\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}, No Action By User, [9454], [254226],1.0.1976
PUP.Optional.UpdateAdmin, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UPDATEADMIN, No Action By User, [9454], [244347],1.0.1976
 
File: 33
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, No Action By User, [8446], [299817],1.0.1976
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [8446], [299817],1.0.1976
PUP.Optional.DownLoadAdmin, C:\USERS\CHRISTIAN\APPDATA\LOCAL\UPDATEADMIN\UPDATEADMIN.EXE, No Action By User, [5], [301032],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\database\bytecode.cvd, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\database\daily.cvd, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\database\main.cvd, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\database\mirrors.dat, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\dwsm.dat, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\PCAccelerateProUpdater.conf, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\RPCAcceleratePro.conf, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\RPCAcceleratePro.pid, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\ProgramData\PCAcceleratePro\wsm.dat, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PCAcceleratePro, C:\Users\Christian\AppData\Roaming\PCAcceleratePro\PCAcceleratePro.cfg, No Action By User, [1019], [181157],1.0.1976
PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, No Action By User, [12287], [178970],1.0.1976
PUP.Optional.InstantSupport, C:\USERS\CHRISTIAN\APPDATA\ROAMING\INSTANTSUPPORT\INSTANTSUPPORT.CFG, No Action By User, [9209], [246482],1.0.1976
PUP.Optional.Conduit, C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX5LJDT0.DEFAULT\USER.JS, No Action By User, [563], [302741],1.0.1976
PUP.Optional.ProPCCleaner, C:\Users\Christian\AppData\Local\PRO_PC_Cleaner_Software\PROPCCleanerSoftware.exe_Url_jtu4wmlhwegl4pdydcofmqdh5dssv2ck\3.0.1.0\user.config, No Action By User, [345], [179053],1.0.1976
PUP.Optional.ProPCCleaner, C:\Users\Christian\Documents\PROPCCleanerSoftware\log.txt, No Action By User, [345], [179054],1.0.1976
PUP.Optional.ProPCCleaner, C:\Users\Christian\Documents\PROPCCleanerSoftware\logerror.txt, No Action By User, [345], [179054],1.0.1976
PUP.Optional.RelevantKnowledge, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\background.js, No Action By User, [1175], [179185],1.0.1976
PUP.Optional.RelevantKnowledge, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\contentscript.js, No Action By User, [1175], [179185],1.0.1976
PUP.Optional.RelevantKnowledge, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\icon128.png, No Action By User, [1175], [179185],1.0.1976
PUP.Optional.RelevantKnowledge, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\icon48.png, No Action By User, [1175], [179185],1.0.1976
PUP.Optional.RelevantKnowledge, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\manifest.json, No Action By User, [1175], [179185],1.0.1976
PUP.Optional.PCProCleaner, C:\USERS\CHRISTIAN\APPDATA\ROAMING\UPDATES\UPDATES.AIU, No Action By User, [8303], [246034],1.0.1976
PUP.Optional.UpdateAdmin, C:\WINDOWS\INSTALLER\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}\ICON.ICO, No Action By User, [9454], [254226],1.0.1976
PUP.Optional.Cassiopesa, C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX5LJDT0.DEFAULT\SEARCHPLUGINS\cassiopesa.xml, No Action By User, [14434], [236395],1.0.1976
PUP.Optional.ProPCCleaner, C:\WINDOWS\SYSTEM32\TASKS\PROPCCleanerSoftware_Popup, No Action By User, [345], [390931],1.0.1976
PUP.Optional.ProPCCleaner, C:\WINDOWS\SYSTEM32\TASKS\PROPCCleanerSoftware_Start, No Action By User, [345], [390931],1.0.1976
PUP.Optional.Cassiopesa, C:\USERS\CHRISTIAN\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\TNY_CASSIOPESA.ICO, No Action By User, [14434], [246544],1.0.1976
PUP.Optional.UpdateAdmin, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UPDATEADMIN\UPDATEADMIN.LNK, No Action By User, [9454], [244347],1.0.1976
PUP.Optional.UpdateAdmin, C:\WINDOWS\SYSTEM32\TASKS\UPDATEADMIN, No Action By User, [9454], [244348],1.0.1976
PUP.Optional.WinYahoo, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\EXTENSIONS\JID1-G80EC8LLEBK5FQ@JETPACK.XPI, No Action By User, [88], [256139],1.0.1976
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#9 gravymatt

gravymatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 19 May 2017 - 02:02 PM

# AdwCleaner v6.047 - Logfile created 19/05/2017 at 14:26:07
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Christian - BIGFISHRESULTS
# Running from : C:\Users\Christian\Downloads\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Christian\AppData\Local\UpdateAdmin
[-] Folder deleted: C:\Users\Christian\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Christian\AppData\Roaming\InstantSupport
[-] Folder deleted: C:\Users\Christian\AppData\Roaming\PCAcceleratePro
[-] Folder deleted: C:\Users\Christian\Documents\PROPCCleaner
[-] Folder deleted: C:\ProgramData\VideoDownloaderUltimateWinApp
[-] Folder deleted: C:\ProgramData\PCAcceleratePro
[#] Folder deleted on reboot: C:\ProgramData\Application Data\VideoDownloaderUltimateWinApp
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PCAcceleratePro
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
[-] Folder deleted: C:\Program Files (x86)\PCAPDownloader
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Users\Christian\AppData\Roaming\updates
[-] Folder deleted: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
[-] Folder deleted: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc
[-] Folder deleted: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dx5ljdt0.default\searchplugins\cassiopesa.xml
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: UpdateAdmin
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\DownloadAdmin
[-] Key deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\TNT2
[-] Key deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\PCAcceleratePro
[-] Key deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\Link64
[-] Key deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\PlaythruPlayer
[#] Key deleted on reboot: HKCU\Software\DownloadAdmin
[#] Key deleted on reboot: HKCU\Software\TNT2
[#] Key deleted on reboot: HKCU\Software\PCAcceleratePro
[#] Key deleted on reboot: HKCU\Software\Link64
[#] Key deleted on reboot: HKCU\Software\PlaythruPlayer
[-] Key deleted: HKLM\SOFTWARE\PCAcceleratePro
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}
[#] Key deleted on reboot: [x64] HKCU\Software\DownloadAdmin
[#] Key deleted on reboot: [x64] HKCU\Software\TNT2
[#] Key deleted on reboot: [x64] HKCU\Software\PCAcceleratePro
[#] Key deleted on reboot: [x64] HKCU\Software\Link64
[#] Key deleted on reboot: [x64] HKCU\Software\PlaythruPlayer
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E
[-] Data restored: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Key deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\Microsoft\Internet Explorer\SearchScopes\{629D4F01-F915-4343-9CD3-A382D7499757}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{629D4F01-F915-4343-9CD3-A382D7499757}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{629D4F01-F915-4343-9CD3-A382D7499757}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Value deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\Microsoft\Windows\CurrentVersion\Run [UpdateAdmin]
[-] Value deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [UpdateAdmin]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateAdmin]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateAdmin]
[-] Value deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\Microsoft\Windows\CurrentVersion\Run [VideoDownloaderUltimate]
[-] Value deleted: HKU\S-1-5-21-1260071569-4103301059-4049194413-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [VideoDownloaderUltimate]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [VideoDownloaderUltimate]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [VideoDownloaderUltimate]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp
 
 
***** [ Web browsers ] *****
 
[-] Firefox preferences cleaned: "plugin.state.npconduitfirefoxplugin" -  0
[-] Firefox preferences cleaned: "plugin.state.npconduitfirefoxplugin" -  0
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: cassiopesa.com
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chklaanhfefbnpoihckbnefhakgolnmc
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cpngackimfmofbokmjmljamhdncknpmg
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: dkmjljdbbgogihjcapfhgkonfmccbffp
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mkndcbhcgphcfkkddanakjiepeknbgle
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: dkmjljdbbgogihjcapfhgkonfmccbffp
[-] [C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: oadboiipflhobonjjffjbfekfjcgkhco
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [10875 Bytes] - [19/05/2017 14:26:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [10946 Bytes] - [19/05/2017 14:20:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11023 Bytes] ##########


#10 gravymatt

gravymatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 19 May 2017 - 02:19 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Christian (Administrator) on Fri 05/19/2017 at 15:04:06.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dx5ljdt0.default\user.js (File) 
Successfully deleted: C:\Windows\system32\Tasks\PROPCCleanerSoftware_Popup (Task)
Successfully deleted: C:\Windows\system32\Tasks\PROPCCleanerSoftware_Start (Task)
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/19/2017 at 15:15:10.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 gravymatt

gravymatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 19 May 2017 - 02:27 PM

CC Cleaner - Startup

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Google Update Google Inc. C:\Users\Christian\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
Yes HKCU:Run GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
Yes HKCU:Run join.me.launcher LogMeIn, Inc C:\Users\Christian\AppData\Local\join.me.launcher\join.me.launcher.exe
No HKCU:Run Lync Microsoft Corporation "C:\Program Files\Microsoft Office\root\Office16\lync.exe" /fromrunkey
Yes HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run AvgUi AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
Yes HKLM:Run Malwarebytes TrayApp Malwarebytes C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
No HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
 

CC Cleaner - Scheduled

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes Task AdobeAAMUpdater-1.0-BigFishResults-Christian Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task ASUS Live Update1 C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -critical
Yes Task ASUS Live Update2 C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -check
Yes Task ASUS Smart Gesture Launcher C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Yes Task ASUS Splendid ACMON ASUS C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Yes Task ASUS USB Charger Plus ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
Yes Task ATK Package 36D18D69AFC3 ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" -CancelShutdown
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task G2MUpdateTask-S-1-5-21-1260071569-4103301059-4049194413-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\Christian\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe
Yes Task G2MUploadTask-S-1-5-21-1260071569-4103301059-4049194413-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\Christian\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1260071569-4103301059-4049194413-1001Core Google Inc. C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-1260071569-4103301059-4049194413-1001UA Google Inc. C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Java Platform SE Auto Updater Oracle Corporation C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
No Task Optimize Start Menu Cache Files-S-1-5-21-1260071569-4103301059-4049194413-1001
Yes Task Optimize Start Menu Cache Files-S-1-5-21-1260071569-4103301059-4049194413-500
Yes Task RtHDVBg Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
Yes Task RTKCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes Task Update Checker C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
 

CC Cleaner - Installed

3D Builder Microsoft Corporation 5/17/2017 14.1.1302.0

Adobe Acrobat Reader DC Adobe Systems Incorporated 5/18/2017 390 MB 17.009.20044
Adobe AIR Adobe Systems Incorporated 5/19/2017 13.7 MB 25.0.0.134
Adobe Creative Cloud Adobe Systems Incorporated 9/21/2016 352 MB 3.6.0.248
Adobe Photoshop CC 2015 Adobe Systems Incorporated 9/21/2016 1.55 GB 16.0.1
AdWords Editor Google 5/17/2017 80.8 MB 11.8.0.0
Alarms & Clock Microsoft Corporation 4/30/2017 10.1704.1013.0
Apowersoft Online Launcher version 1.4.4 APOWERSOFT LIMITED 7/8/2016 1.80 MB 1.4.4
App connector Microsoft Corporation 9/21/2016 1.3.3.0
App Installer Microsoft Corporation 4/30/2017 1.0.10332.0
ASUS GIFTBOX ASUSTeK COMPUTER INC. 9/21/2016 1.1.1.1
ASUS GIFTBOX Desktop ASUS 9/11/2015 3.54 MB 1.1.6
ASUS Live Update ASUS 9/2/2016 16.7 MB 3.4.3
ASUS Screen Saver ASUS 6/27/2015 64.0 KB 1.0.3
ASUS Splendid Video Enhancement Technology ASUS 6/27/2015 14.5 MB 3.01.0003
ASUS USB Charger Plus ASUS 6/27/2015 18.9 MB 3.1.9
ASUS WebStorage ASUS Cloud Corporation 9/21/2016 1.0.24.190
ASUS Welcome ASUSTeK COMPUTER INC. 9/21/2016 1.0.1.0
ATK Package ASUS 6/27/2015 14.1 MB 1.0.0034
AVG AVG Technologies 5/18/2017 1.181.3.3057
AVG PC TuneUp AVG Technologies 5/19/2017 71.7 MB 16.74.2.60831
Bluefish 2.2.9 The Bluefish Developers 10/24/2016 2.2.9
Calculator Microsoft Corporation 4/30/2017 10.1703.601.0
Camera Microsoft Corporation 5/17/2017 2017.308.50.0
Candy Crush Soda Saga king.com 5/17/2017 1.89.700.0
CCleaner Piriform 5/19/2017 20.2 MB 5.30
Citrix Online Launcher Citrix 3/17/2016 592 KB 1.0.408
Device Setup ASUSTek Computer Inc. 10/2/2014 5.73 MB 1.0.18
Feedback Hub Microsoft Corporation 4/30/2017 1.1703.971.0
FileZilla Client 3.22.1 Tim Kosse 10/12/2016 22.3 MB 3.22.1
Foxit PhantomPDF Foxit Corporation 10/2/2014 757 MB 6.0.62.801
Fresh Paint Microsoft Corporation 9/21/2016 3.1.10156.0
Get Office Microsoft Corporation 4/30/2017 17.8107.7600.0
Google Chrome Google Inc. 9/11/2015 350 MB 58.0.3029.110
GoToMeeting 8.5.0.6956 CitrixOnline 5/18/2017 8.5.0.6956
Groove Music Microsoft Corporation 4/30/2017 10.17032.10331.0
Intel® Processor Graphics Intel Corporation 4/21/2016 10.18.10.4276
Intel® Sideband Fabric Device Driver Intel Corporation 9/21/2016 1.10 MB 1.0.0.1002
Intel® Trusted Execution Engine Intel Corporation 6/27/2015 1.0.0.1064
Java 8 Update 131 Oracle Corporation 5/18/2017 190 MB 8.0.1310.11
Java 8 Update 71 Oracle Corporation 1/22/2016 41.6 MB 8.0.710.15
join.me LogMeIn, Inc. 12/16/2016 3.0.0.4054
LINE LINE Corporation 4/30/2017 5.4.9.0
Mail and Calendar Microsoft Corporation 5/17/2017 17.8126.42377.0
Malwarebytes version 3.1.2.1733 Malwarebytes 5/19/2017 130 MB 3.1.2.1733
Maps Microsoft Corporation 4/30/2017 5.1703.762.0
Messaging Microsoft Corporation 9/21/2016 3.19.1001.0
Microsoft Office 365 Business - en-us Microsoft Corporation 5/18/2017 222 MB 16.0.7967.2161
Microsoft Project Professional 2010 Microsoft Corporation 5/18/2017 222 MB 14.0.4763.1000
Microsoft Solitaire Collection Microsoft Studios 4/30/2017 3.16.3302.0
Microsoft Sticky Notes Microsoft Corporation 4/30/2017 1.8.0.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 7/8/2016 9.69 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 4/13/2016 9.19 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 4/13/2016 23.5 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 4/13/2016 16.7 MB 9.0.30729
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 11/19/2015 27.7 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 11/19/2015 22.2 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 9/21/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 9/21/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 9/21/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 9/21/2016 17.1 MB 12.0.30501.0
Microsoft Wi-Fi Microsoft Corporation 9/21/2016 1.1604.4.0
Money Microsoft Corporation 4/30/2017 4.20.1102.0
Movies & TV Microsoft Corporation 5/17/2017 10.17032.10341.0
Mozilla Firefox 53.0.2 (x86 en-US) Mozilla 5/19/2017 90.3 MB 53.0.2
Mozilla Maintenance Service Mozilla 12/27/2016 461 KB 50.1.0
MSN Food & Drink Microsoft Corporation 9/21/2016 3.0.4.336
News Microsoft Corporation 4/30/2017 4.20.1102.0
OneNote Microsoft Corporation 5/17/2017 17.8241.57591.0
Paid Wi-Fi & Cellular Microsoft Corporation 9/21/2016 1.1607.6.0
People Microsoft Corporation 5/17/2017 10.2.831.0
Phone Microsoft Corporation 9/21/2016 2.17.27003.0
Phone Companion Microsoft Corporation 9/29/2016 10.1609.2561.0
Photos Microsoft Corporation 5/17/2017 17.425.10010.0
Qualcomm Atheros Client Installation Program Qualcomm Atheros 6/27/2015 41.1 MB 10.0
Reader Microsoft Corporation 4/30/2017 6.4.9926.18589
Realtek Ethernet Controller Driver Realtek 6/27/2015 15.1 MB 8.25.108.2014
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 9/22/2016 38.2 MB 6.0.1.7514
Screaming Frog SEO Spider Screaming Frog Ltd 9/21/2016 5.0
ScreenSteps 3.0 Blue Mango Learning Systems 9/18/2015 41.7 MB 3.0
Skype Skype 5/17/2017 11.15.597.0
Skype Web Plugin Skype Technologies S.A. 3/29/2016 76.3 MB 7.17.0.43
Skype WiFi Skype 9/21/2016 1.2.0.7
SolarWinds SCP Server SolarWinds 10/7/2016 2.82 MB 1.0.4.9
Sports Microsoft Corporation 4/30/2017 4.20.1102.0
Store Microsoft Corporation 5/17/2017 11703.1001.45.0
Store Purchase App Microsoft Corporation 9/28/2016 11608.1000.2431.0
Sway Microsoft Corporation 4/30/2017 17.8067.45101.0
Tips Microsoft Corporation 5/17/2017 5.9.1042.0
Twitter Twitter Inc. 5/17/2017 5.7.1.0
VideoDownloaderUltimate Link64 9/21/2016 22.4 MB 1.0.1.87
Voice Recorder Microsoft Corporation 4/30/2017 10.1704.952.0
Weather Microsoft Corporation 4/30/2017 4.20.1102.0
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) ASUS 9/21/2016 03/17/2014 1.0.0.207
Windows Reading List Microsoft Corporation 9/21/2016 6.3.9654.21234
Windows Scan Microsoft Corporation 9/21/2016 6.3.9654.17133
WinFlash ASUS 6/27/2015 1.68 MB 2.42.0
Xbox Microsoft Corporation 5/18/2017 29.29.17002.0
Xbox Identity Provider Microsoft Corporation 9/21/2016 11.19.19003.0
Zinio Reader Zinio LLC 9/21/2016 2.1.0.317
 
 
 
 


#12 buddy215

buddy215

  • Moderator
  • 13,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:03 AM

Posted 19 May 2017 - 03:38 PM

Please rerun both MBAM and AdwCleaner. Be sure to allow MBAM to quarantine/ delete what it finds. Both programs often find more and the MBAM log

doesn't show you removed what it found.

 

I will be reviewing the CCleaner logs you posted. Looks like you inherited a laptop with a lot of adware and crapware.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 buddy215

buddy215

  • Moderator
  • 13,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:03 AM

Posted 19 May 2017 - 04:10 PM

Delete these Windows Startups: Use CCleaner by clicking on each item and choosing Delete on the right.

Yes HKCU:Run GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run join.me.launcher LogMeIn, Inc C:\Users\Christian\AppData\Local\join.me.launcher\join.me.launcher.exe

Yes HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
 
Disable these Tasks:

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes Task AdobeAAMUpdater-1.0-BigFishResults-Christian Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task ASUS Live Update1 C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -critical
Yes Task ASUS Live Update2 C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -check
Yes Task G2MUpdateTask-S-1-5-21-1260071569-4103301059-4049194413-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\Christian\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe
Yes Task G2MUploadTask-S-1-5-21-1260071569-4103301059-4049194413-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\Christian\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1260071569-4103301059-4049194413-1001Core Google Inc. C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-1260071569-4103301059-4049194413-1001UA Google Inc. C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Optimize Start Menu Cache Files-S-1-5-21-1260071569-4103301059-4049194413-500
Yes Task Update Checker C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
 
Uninstall these programs:
AVG PC TuneUp AVG Technologies 5/19/2017 71.7 MB 16.74.2.60831
Candy Crush Soda Saga king.com 5/17/2017 1.89.700.0
Java 8 Update 71 Oracle Corporation 1/22/2016 41.6 MB 8.0.710.15
 
After posting the new scan results of MBAM and AdwCleaner and completing the above, please let me know if popup is gone and any problems that still exist.
 
 
 
 
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 gravymatt

gravymatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 21 May 2017 - 04:00 PM

  1. From the Malwarebytes I had quarantined and deleted the malware but I will run the software again.
     
  2. Nutshell - Is there program(s) that you folks at Bleeping Coumputer suggest users run to avoid getting malware/spyware/trojans/worms/adware?
    Long winded - For myself at home, I have a Windows 10 Microsoft surface which I only have Windows Defender on, I usually do a good job staying away from bad sites (Chrome does a good job making them in search), emails, attachments, and downloads. I don't like to run big programs like Norton, Kaspersky, etc because in the past I have felt they have been memory hogs and take away system/application memory from what I am doing in my already heavy graphic apps like Adobe Photoshop, Illustrator, and my multiple tabs in Chrome.


#15 buddy215

buddy215

  • Moderator
  • 13,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:03 AM

Posted 22 May 2017 - 04:40 AM

To be sure that there is no trojan that was used to download the adware and crapware found on the computer, run a scan using

Eset Online scanner. It will take more than hour to run the scan so plan accordingly.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Other than installing an ad blocker such as Adblock Plus, Windows Defender should be okay. The user is always the weakest link in securing a computer.

As long as you are careful and are aware of how malware and adware get on the computer, you should be okay. Those programs you used to find

and remove adware are free and will update before using to scan.

 

If you don't have an ad blocker I suggest using Adblock Plus. Once it is installed in each browser click on the ABP icon at the top of the browsers.

Choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.

Adblock Plus - Chrome Web Store    Adblock Plus for Edge browser   Adblock Plus :: Add-ons for Firefox


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users