Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Optional.ASK removal help


  • This topic is locked This topic is locked
14 replies to this topic

#1 mag1

mag1

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 21 October 2017 - 01:49 PM

This morning, my desktop had a completely different look. My personal stuff is all gone. I tried malwarebytes and their suggested fixes. . Malwarebytes itself found two files : and quarantined them and i deleted them. Restarted the computer, they came right back. Malwaretips.com  gives three other tools to try which i already did, to no avail (they found nothing wrong).  I just want to remove this permanently. I can find my files in hidden folders, and sure I could recreate my entire computer, but it would not resolve those pesky ask.com issues. Can someone send me instructions on how to do this ? Thank you.



BC AdBot (Login to Remove)

 


#2 mag1

mag1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 21 October 2017 - 01:50 PM

The files are called pup.optional.ask toolbar from what malware bytes reported



#3 mag1

mag1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 21 October 2017 - 01:52 PM

sorry... one more piece of into. I followed the steps in this website already

https://malwarefixes.com/threats/pup-optional-ask-a/



#4 buddy215

buddy215

  • BC Advisor
  • 12,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:38 AM

Posted 21 October 2017 - 02:11 PM

Welcome to BC...

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Rerun those two programs...Malwarebytes and AdwCleaner. Post the results per instructions below.

 

To post MBAM log:

  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply.

To post the AdwCleaner log:

  • When the scan has finished click on Clean button. (Click Clean if scan finds something to clean)
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 mag1

mag1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 21 October 2017 - 03:33 PM

Thank you will try all but CCleaner and will post the logs.

 

I heard CCleaner was compromised a few weeks ago.

Found this on the issue : https://www.theverge.com/2017/9/18/16325202/ccleaner-hack-malware-security



#6 buddy215

buddy215

  • BC Advisor
  • 12,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:38 AM

Posted 21 October 2017 - 03:46 PM

I wouldn't ask you to run CCleaner if I didn't know that the hack has been long since resolved. The threat was only on 32 bit Windows XXXX. Likely

you have a 64 bit Windows OS.

Please use it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 mag1

mag1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 21 October 2017 - 08:16 PM

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Home (Administrator) on Sat 10/21/2017 at 17:57:09.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\191T9PSS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IR2YZUKH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6TY12F2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBSPXRVW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\191T9PSS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IR2YZUKH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6TY12F2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBSPXRVW (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{396CA3D4-849D-4AC0-AAF5-564BD5C064C0} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/21/2017 at 17:59:05.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
CC CLEANER LOG:
 
Cleaning Complete - (76.680 secs)
------------------------------------------------------------------------------------------
40.7 MB removed.
------------------------------------------------------------------------------------------
 
Details of files deleted
------------------------------------------------------------------------------------------
Internet Explorer - Temporary Internet Files 1 KB 4 files
Internet Explorer - Cookies Skipped
Windows Explorer - Recent Documents 1 KB 1 files
Windows Explorer - Thumbnail Cache 1,028 KB 6 files
System - Windows Log Files 67 KB 8 files
Google Chrome - Internet Cache 38,858 KB 195 files
Google Chrome - Internet History 356 KB 6 files
Google Chrome - Cookies 0 KB 58 files
Google Chrome - Download History 6 KB 1 files
Google Chrome - Session 291 KB 14 files
Windows - MS Search 1,024 KB 1 files
------------------------------------------------------------------------------------------
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\191T9PSS\installcheck[1].htm 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Feeds Cache\J5UJZRLY\fwlink[1] 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Feeds Cache\OLOGYZVF\fwlink[1] 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Feeds Cache\W23O97FZ\fwlink[1] 0 KB
Internet Explorer Cookies cleaning was skipped.
C:\Users\TEMP.Home-HP.000\AppData\Roaming\Microsoft\Windows\Recent\JRT log.lnk 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 1,024 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 4 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 1 KB
C:\Windows\PFRO.log 1 KB
C:\Windows\setupact.log 1 KB
C:\Windows\setuperr.log 0 KB
C:\Windows\security\logs\scecomp.log 1 KB
C:\Windows\security\logs\scecomp.old 1 KB
C:\Windows\Logs\CBS\CBS.log 20 KB
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log 11 KB
C:\Windows\inf\setupapi.app.log 35 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 44 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 520 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 1,032 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 8,200 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001 33 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003 23 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004 37 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005 32 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006 18 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007 42 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008 18 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009 130 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a 72 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b 18 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c 28 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d 23 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e 29 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f 22 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010 29 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011 18 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012 20 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013 52 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014 65 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015 47 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016 30 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017 102 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018 41 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019 64 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a 22 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c 27 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d 31 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e 53 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f 28 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020 106 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021 65 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023 25 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024 76 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025 54 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026 30 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027 20 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028 43 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029 59 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a 40 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b 31 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c 31 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d 21 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e 48 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f 74 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030 74 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032 22 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033 25 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034 126 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035 69 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036 67 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038 20 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039 35 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b 146 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c 20 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d 39 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e 63 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f 115 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041 18 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042 61 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043 46 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044 26 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045 44 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000047 106 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000048 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000049 112 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004a 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004b 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004c 89 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004d 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004e 81 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004f 24 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000050 76 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000051 81 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000052 63 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000053 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000054 33 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000055 83 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000056 113 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000057 38 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000059 98 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005a 56 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005b 60 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005c 50 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005d 48 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005e 64 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005f 139 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000060 48 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000061 39 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000062 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000063 85 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000064 65 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066 56 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000068 26 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000069 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006a 316 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006b 48 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006c 230 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006d 22 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006e 53 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006f 24 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000070 75 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000071 76 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000072 33 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000073 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000074 26 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000076 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000077 18 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000078 70 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000079 110 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007a 20 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007b 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007c 79 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007d 18 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007e 20 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007f 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000080 19 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000081 72 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000082 47 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000083 222 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000084 20 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000085 63 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000086 35 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000087 106 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000088 18 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000089 56 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008a 36 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008b 45 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008c 56 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cache\index 513 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0 44 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1 264 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2 8 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3 4,104 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000001 694 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000002 1,024 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000003 1,024 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000004 1,024 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000005 777 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index 513 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0 44 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 264 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2 1,032 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3 4,104 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index 257 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\1157fee2e2dc1968_0 4 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\1b50f081c2940762_0 50 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\4b708aa6fca448c3_0 8 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\5051e52d463fccd6_0 292 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\5051e52d463fccd6_1 342 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\6e1f96a4e88a0545_0 42 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\de5032c33a16f1da_0 15 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\fdf2cfeb8ad0eeac_0 3 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\index 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\06e4c279-fb2b-45ef-b163-1142cb78d043\index-dir\the-real-index 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log 2 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0 9 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1 3 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0 44 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 264 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2 1,032 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3 4,104 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\f_000001 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\f_000002 17 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index 257 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\History-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Visited Links 128 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 65 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Last Tabs 58 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Top Sites 20 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache 6 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor 80 KB
Cookie: adaptv.advertising.com 0 KB
Cookie: addthis.com 0 KB
Cookie: adnxs.com 0 KB
Cookie: adsrvr.org 0 KB
Cookie: advertising.com 0 KB
Cookie: bing.com 0 KB
Cookie: bleepingcomputer.com 0 KB
Cookie: bleepstatic.com 0 KB
Cookie: bluekai.com 0 KB
Cookie: btrll.com 0 KB
Cookie: c.bing.com 0 KB
Cookie: casalemedia.com 0 KB
Cookie: crwdcntrl.net 0 KB
Cookie: demdex.net 0 KB
Cookie: disqus.com 0 KB
Cookie: doubleclick.net 0 KB
Cookie: dpm.demdex.net 0 KB
Cookie: iasds01.com 0 KB
Cookie: imrworldwide.com 0 KB
Cookie: infolinks.com 0 KB
Cookie: linkedin.com 0 KB
Cookie: mathtag.com 0 KB
Cookie: media6degrees.com 0 KB
Cookie: mookie1.com 0 KB
Cookie: netmng.com 0 KB
Cookie: netshelter.net 0 KB
Cookie: openx.net 0 KB
Cookie: pixel.rubiconproject.com 0 KB
Cookie: quantserve.com 0 KB
Cookie: reddit.com 0 KB
Cookie: reson8.com 0 KB
Cookie: rfihub.com 0 KB
Cookie: rlcdn.com 0 KB
Cookie: rubiconproject.com 0 KB
Cookie: scorecardresearch.com 0 KB
Cookie: sitescout.com 0 KB
Cookie: spotxchange.com 0 KB
Cookie: tapad.com 0 KB
Cookie: tubemogul.com 0 KB
Cookie: turn.com 0 KB
Cookie: w55c.net 0 KB
Cookie: weborama.com 0 KB
Cookie: weborama.fr 0 KB
Cookie: zdbb.net 0 KB
Cookie: beacon.walmart.com 0 KB
Cookie: cdn.firstimpression.io 0 KB
Cookie: io.narrative.io 0 KB
Cookie: www.bleepingcomputer.com 0 KB
Cookie: www.googleapis.com 0 KB
Cookie: fonts.googleapis.com 0 KB
Cookie: googlesyndication.com 0 KB
Cookie: googletagmanager.com 0 KB
Cookie: google-analytics.com 0 KB
Cookie: ytimg.com 0 KB
Cookie: googletagservices.com 0 KB
Cookie: gstatic.com 0 KB
Cookie: 2mdn.net 0 KB
Cookie: googleadservices.com 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata 6 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Current Session 156 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Last Session 129 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log 4 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log 2 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK 0 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old 1 KB
C:\Users\TEMP.Home-HP.000\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001 1 KB
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS004D9.log 1,024 KB
 
MALWARE BYTES LOG:
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/21/17
Scan Time: 6:19 PM
Log File: f94ec662-b6ad-11e7-9edc-38607740843f.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3064
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Home-HP\Home
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388950
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 40 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
ADWCLEANER LOG:
 
# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 21 22:33:38 2017
# Updated on 2017/29/09 by Malwarebytes 
# Database: 10-17-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [952 B] - [2017/10/21 17:7:27]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
 
ESET ANTI-VIRUS CLEANER (I SELECTED "CLEAN ALL"):
 
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\4elementssetup.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_123memor_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_Bejeweled2Setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_inv78-02_zip.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_jewelup_setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_samegame_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_SBFull_eng_rar.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_TextTwistSetup_exe(1).exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_TextTwistSetup_exe(2).exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_TextTwistSetup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cradleofromesetup.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application
C:\Users\Home\Desktop\BACKUP\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\jewelquest2setup.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application
C:\Users\Home\Desktop\BACKUP\My Documents 11-30-14\Downloads\4shared_Desktop_3.3.5.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application
C:\Users\Home\Desktop\BACKUP\TERRYS BACKUP COMPUTER 8-8-14\DOCUMENTS (FROM TERRYS COMPUTER) 8-8-14\Downloads\4shared_Desktop_3.3.5.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application
C:\Users\Home\Desktop\BACKUP\TERRYS COMPUTER- my documents 6-27-2015\Downloads\4shared_Desktop_3.3.5.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\4elementssetup.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_123memor_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_Bejeweled2Setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_inv78-02_zip.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_jewelup_setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_samegame_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_SBFull_eng_rar.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_TextTwistSetup_exe(1).exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_TextTwistSetup_exe(2).exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cnet2_TextTwistSetup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\cradleofromesetup.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application
C:\Users\Home\Documents\LAPTOP BACKUP 11-30-14\LAPTOP PICTURES\jewelquest2setup.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application
Autostart locations a variant of Win32/Toolbar.Softomate.A potentially unwanted application,a variant of Win32/InstallCore.D potentially unwanted application,a variant of Win32/Toolbar.Conduit.AU potentially unwanted application
 
 


#8 buddy215

buddy215

  • BC Advisor
  • 12,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:38 AM

Posted 22 October 2017 - 08:28 AM

I suggest you not download from Cnet. As you can see several downloads contained adware and potentially unwanted applications.

That is generally true of all third party download sites. They will bundle unwanted junk with their downloads.

 

Is the ASK problem still showing up in Chrome?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 mag1

mag1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 22 October 2017 - 09:20 AM

The ASK program is not in Chrome. Never was. It still shows up after I restart the computer and re-run Malware Bytes. Same two show issues show up every single time. I even re-started in SAFE mode, re-ran Malware Bytes, deleted the 2 that showed up, restarted the computer and are still there. Is there a way for me to remove them right from the registry? If yes, how? I don't use the registry, it's scary to me, but if you give me detailed instructions I can do that. 

Further info for you... The USERS are strange. My personal USER is not active. When I restart the computer it always goes to a TEMPORARY user. That is why my desktop is different and none of my files show up there.



#10 buddy215

buddy215

  • BC Advisor
  • 12,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:38 AM

Posted 22 October 2017 - 09:59 AM

There is a program on your computer that is reinstalling those registry entries. One that does that is Avira Antivirus. It's possible to

find the culprit by doing this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 mag1

mag1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 22 October 2017 - 11:20 AM

Three files from CCleaner :

List of Winddows programs :

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run BeatsOSDApp Hewlett-Packard C:\Program Files\IDT\WDM\beats64.exe
Yes HKLM:Run HP Remote Solution Hewlett-Packard %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run hpsysdrv Hewlett-Packard c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run LWS Logitech Inc. C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run PDF Complete PDF Complete Inc C:\Program Files (x86)\PDF Complete\pdfsty.exe
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
 
SCHEDULED TASKS:
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-315982126-2019898074-2732753089-1001Core Google Inc. C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-315982126-2019898074-2732753089-1001UA Google Inc. C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForHome Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForHome (null)
Yes Task HPCustParticipation HP Photosmart 5520 series Hewlett-Packard Co. "C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe" /UA 11.0 /DDV 0x0a00
 
LIST OF UNINSTALL PROGRAMS:
Adobe Acrobat Reader DC Adobe Systems Incorporated 8/29/2017 250 MB 17.012.20098
Adobe AIR Adobe Systems Incorporated 10/8/2014 15.0.0.249
Adobe Flash Player 27 ActiveX Adobe Systems Incorporated 10/16/2017 5.01 MB 27.0.0.170
Adobe Flash Player 27 NPAPI Adobe Systems Incorporated 10/16/2017 5.54 MB 27.0.0.170
Apple Application Support (32-bit) Apple Inc. 9/30/2015 114 MB 4.0.3
Apple Application Support (64-bit) Apple Inc. 9/30/2015 121 MB 4.0.3
Apple Mobile Device Support Apple Inc. 9/30/2015 28.0 MB 9.0.0.26
Apple Software Update Apple Inc. 9/30/2015 2.40 MB 2.1.4.131
Bonjour Apple Inc. 9/30/2015 2.01 MB 3.1.0.1
CCleaner Piriform 10/21/2017 5.35
CyberLink PowerDVD 10 CyberLink Corp. 10/4/2014 245 MB 10.0.1.2925
DVD Flick 1.3.0.7 Dennis Meuwissen 8/3/2015 1.3.0.7
Google Chrome Google Inc. 2/24/2015 61.0.3163.100
Google Toolbar for Internet Explorer Google Inc. 10/21/2017 7.5.8231.2252
HP LinkUp Hewlett-Packard 10/4/2014 71.8 MB 2.01.028
HP MovieStore Hewlett-Packard Company 10/4/2014 96.6 MB 2.0
HP Odometer Hewlett-Packard 10/4/2014 48.0 KB 2.10.0000
HP Photo Creations HP 10/5/2014 14.6 MB 1.0.0.7702
HP Photosmart 5520 series Basic Device Software Hewlett-Packard Co. 10/5/2014 120 MB 28.0.1315.0
HP Photosmart 5520 series Help Hewlett Packard 10/5/2014 12.1 MB 27.0.0
HP Photosmart 5520 series Product Improvement Study Hewlett-Packard Co. 10/5/2014 8.31 MB 28.0.1315.0
HP Remote Solution Hewlett-Packard 10/4/2014 1.1.14.0
HP Setup Hewlett-Packard Company 10/4/2014 118 MB 8.7.4747.3786
HP Setup Manager Hewlett-Packard Company 10/4/2014 8.32 MB 1.1.13880.3792
HP SimplePass PE 2011 Hewlett-Packard 10/4/2014 65.4 MB 5.3.0.194
HP Support Assistant Hewlett-Packard Company 10/22/2014 80.2 MB 7.4.45.4
HP Support Information Hewlett-Packard 10/4/2014 156 KB 10.1.1000
HP Support Solutions Framework Hewlett-Packard Company 10/5/2014 8.05 MB 11.51.0027
HP Update Hewlett-Packard 10/5/2014 4.04 MB 5.005.002.002
HP Vision Hardware Diagnostics Hewlett-Packard 10/4/2014 11.7 MB 2.9.0.0
IDT Audio IDT 10/4/2014 1.0.6346.0
Intel® Identity Protection Technology 1.1.2.0 Intel Corporation 10/4/2014 1.13 MB 1.1.2.0
Intel® Management Engine Components Intel Corporation 10/4/2014 7.0.0.1144
iTunes Apple Inc. 9/30/2015 218 MB 12.3.0.44
Kobo Kobo Inc. 10/4/2014 1.6
LabelPrint CyberLink Corp. 10/4/2014 229 MB 2.5.3925
Logitech Webcam Software Logitech Inc. 5/29/2017 2.51
Malwarebytes version 3.2.2.2029 Malwarebytes 10/21/2017 172 MB 3.2.2.2029
Microsoft .NET Framework 4.5.2 Microsoft Corporation 12/18/2015 38.8 MB 4.5.51209
Microsoft Mathematics Microsoft Corporation 10/4/2014 17.5 MB 4.0
Microsoft Office 2010 Microsoft Corporation 10/4/2014 6.40 MB 14.0.4763.1000
Microsoft Office Click-to-Run 2010 Microsoft Corporation 7/1/2015 14.0.4763.1000
Microsoft Office Professional Plus 2010 Microsoft Corporation 9/12/2015 14.0.7015.1000
Microsoft Office Starter 2010 - English Microsoft Corporation 7/1/2015 14.0.4763.1000
Microsoft Security Essentials Microsoft Corporation 2/24/2016 4.9.218.0
Microsoft Silverlight Microsoft Corporation 1/13/2016 249 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10/4/2014 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10/6/2014 300 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 10/4/2014 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2/11/2011 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 10/4/2014 784 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10/7/2014 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2/11/2011 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/4/2014 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10/7/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 9/12/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 9/12/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 5/29/2017 21.5 MB 14.0.24215.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 9/12/2015 10.0.50903
Mozilla Firefox 56.0.1 (x64 en-US) Mozilla 10/20/2017 140 MB 56.0.1
Mozilla Maintenance Service Mozilla 10/20/2017 220 KB 56.0.1.6484
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10/7/2014 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 10/7/2014 1.33 MB 4.20.9876.0
NVIDIA 3D Vision Driver 267.95 NVIDIA Corporation 10/4/2014 267.95
NVIDIA Graphics Driver 267.95 NVIDIA Corporation 10/4/2014 267.95
NVIDIA PhysX System Software 9.10.0514 NVIDIA Corporation 10/4/2014 9.10.0514
PDF Complete Special Edition PDF Complete, Inc 10/4/2014 4.0.54
PlayReady PC Runtime amd64 Microsoft Corporation 10/4/2014 2.05 MB 1.3.0
PlayReady PC Runtime x86 Microsoft Corporation 10/4/2014 1.65 MB 1.3.0
Power2Go CyberLink Corp. 10/4/2014 175 MB 6.1.5331
PressReader NewspaperDirect Inc. 10/4/2014 9.26 MB 5.10.1217.0
Ralink 802.11n Wireless LAN Card Ralink 10/7/2014 4.0.3.0
Remote Graphics Receiver Hewlett-Packard 10/4/2014 5.4.5
RoxioNow Player RoxioNow 10/4/2014 10.9 MB 1.9.5.103
Skype™ 7.37 Skype Technologies S.A. 6/24/2017 87.9 MB 7.37.103
VIP Access SDK (1.0.1.4) Symantec Inc. 10/4/2014 1.0.1.4
VLC media player VideoLAN 8/3/2015 2.2.1
Windows Live Essentials Microsoft Corporation 10/4/2014 15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 10/4/2014 5.57 MB 15.4.5722.2
Zinio Reader 4 Zinio LLC 10/4/2014 4.2.4164
 
 
 


#12 buddy215

buddy215

  • BC Advisor
  • 12,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:38 AM

Posted 22 October 2017 - 12:20 PM

It did not show up in the Malwarebytes log you posted. If it shows up again in the log please post the log.

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run HP Remote Solution Hewlett-Packard %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run PDF Complete PDF Complete Inc C:\Program Files (x86)\PDF Complete\pdfsty.exe
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
 
Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-315982126-2019898074-2732753089-1001Core Google Inc. C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-315982126-2019898074-2732753089-1001UA Google Inc. C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForHome Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForHome (null)
Yes Task HPCustParticipation HP Photosmart 5520 series Hewlett-Packard Co. "C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe" /UA 11.0 /DDV 0x0a00
 
Uninstall these programs:
Adobe AIR Adobe Systems Incorporated 10/8/2014 15.0.0.249
Google Toolbar for Internet Explorer Google Inc. 10/21/2017 7.5.8231.2252
iTunes Apple Inc. 9/30/2015 218 MB 12.3.0.44 (Or update it)
RoxioNow Player RoxioNow 10/4/2014 10.9 MB 1.9.5.103
Windows Live Essentials Microsoft Corporation 10/4/2014 15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 10/4/2014 5.57 MB 15.4.5722.2
 
 

Edited by buddy215, 22 October 2017 - 12:20 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 mag1

mag1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 22 October 2017 - 02:19 PM

Malwarebytes results (with the 2 files I can't seem to get rid of. they come back after re-start every single time:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/22/17
Scan Time: 9:04 AM
Log File: 8e0b8f1d-b729-11e7-985d-38607740843f.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3069
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427076
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 40 min, 31 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.ASK, HKU\S-1-5-21-315982126-2019898074-2732753089-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}, Removal Failed, [525], [341071],1.0.3069
 
Registry Value: 1
PUP.Optional.ASK, HKU\S-1-5-21-315982126-2019898074-2732753089-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Removal Failed, [525], [341071],1.0.3069
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#14 buddy215

buddy215

  • BC Advisor
  • 12,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:38 AM

Posted 22 October 2017 - 02:28 PM

Have you completed the CCleaner disabling of startups, tasks and uninstalling of programs?

If you have and still see those two items I suggest you start a new topic in the Malware Removal Forum. That is your

best chance of doing what Malwarebytes can't do....removing those registry entries.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


Edited by buddy215, 22 October 2017 - 02:41 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#15 Platypus

Platypus

  • Moderator
  • 13,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:38 PM

Posted 22 October 2017 - 09:46 PM

New topic posted here:

https://www.bleepingcomputer.com/forums/t/660830/pupoptionalask-returns-over-and-over-again/

Top 5 things that never get done:

1.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users