Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New PC - junk detected - am I clear now?


  • This topic is locked This topic is locked
8 replies to this topic

#1 Phil_LHT

Phil_LHT

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 16 November 2017 - 04:41 AM

Hi all. My old PC gave up the ghost so I bought a new one. Ran MWB ADWCleaner and Zemana Ant-malware.

 

In order, this is what they found:

MALWAREBYTES:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/15/17
Scan Time: 8:52 PM
Log File: da2b335e-ca46-11e7-9a5e-88d7f6270890.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3266
License: Trial
 
-System Information-
OS: Windows 10 (Build 14393.351)
CPU: x64
File System: NTFS
User: DESKTOP-4PLDOO3\L402N
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372003
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 55 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.ProductSetup, HKU\S-1-5-21-4030740432-2847353917-2522418536-1001\SOFTWARE\PRODUCTSETUP, No Action By User, [14411], [242047],1.0.3266
 
Registry Value: 1
PUP.Optional.ProductSetup, HKU\S-1-5-21-4030740432-2847353917-2522418536-1001\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [14411], [242047],1.0.3266
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
 
ADWCLEANER:
 
# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 16 08:57:42 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-15-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\L402N\AppData\Local\YSearchUtil
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
 
 
ZEMANA:
 
Zemana AntiMalware 2.74.2.150 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/11/16
Operating System       : Windows 10 64-bit
Processor              : 2X Intel® Celeron® CPU N3350 @ 1.10GHz
BIOS Mode              : UEFI
CUID                   : 12FC7B8AEA31D7F20FFF1F
Scan Type              : System Scan
Duration               : 3m 14s
Scanned Objects        : 57893
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Search and new tab by Yahoo
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\dbiedhgodcehlaaikjdedhdafceplbad
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Search and new tab by Yahoo
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 
 
Is there anything else I need to do?
 
Thanks for reading.

Phil

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 16 November 2017 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We need additional information to give you sound advice.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#3 Phil_LHT

Phil_LHT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 November 2017 - 07:16 AM

Hello Nasdaq, thanks for your reply. Here's the documents attached. 

Attached Files



#4 Phil_LHT

Phil_LHT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 18 November 2017 - 05:13 AM

This will also sound like a dim question but can my router 'save' things like adware from the last machine and transfer to this one?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 18 November 2017 - 08:06 AM

Hi,

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Please disable one of the Antivirus program. When more than one is enabled it only slows down your system.
 

AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKU\S-1-5-21-4030740432-2847353917-2522418536-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dbiedhgodcehlaaikjdedhdafceplbad] - hxxps://clients2.google.com/service/update2/crx
U3 mfeaack01; no ImagePath
U3 mfeavfk02; no ImagePath
U3 mfehidk01; no ImagePath
U3 iswSvc; no ImagePath
U0 msahci; system32\drivers\msahci.sys [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.
===

p.s.
There is no such things as a dim questions.

This will also sound like a dim question but can my router 'save' things like adware from the last machine and transfer to this one?


The adware may not be transferred but the server can be compromised. As such all connected computers will be affected.

#6 Phil_LHT

Phil_LHT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 November 2017 - 01:23 PM

Thanks, Nasdaq, all done. Thanks for answering the question.

Here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by L402N (19-11-2017 18:11:15) Run:1
Running from C:\Users\L402N\Downloads\FRST
Loaded Profiles: L402N (Available Profiles: defaultuser0 & L402N)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKU\S-1-5-21-4030740432-2847353917-2522418536-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dbiedhgodcehlaaikjdedhdafceplbad] - hxxps://clients2.google.com/service/update2/crx
U3 mfeaack01; no ImagePath
U3 mfeavfk02; no ImagePath
U3 mfehidk01; no ImagePath
U3 iswSvc; no ImagePath
U0 msahci; system32\drivers\msahci.sys [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-4030740432-2847353917-2522418536-1001\SOFTWARE\Google\Chrome\Extensions\dbiedhgodcehlaaikjdedhdafceplbad => key removed successfully
mfeaack01 => service not found.
mfeavfk02 => service not found.
mfehidk01 => service not found.
HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
iswSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\msahci => key removed successfully
msahci => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13858144 B
Java, Flash, Steam htmlcache => 610 B
Windows/system/drivers => 959066 B
Edge => 6205652 B
Chrome => 388431932 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 37 B
systemprofile32 => 0 B
LocalService => 16682 B
NetworkService => 3410 B
defaultuser0 => 17604 B
L402N => 7129739 B
 
RecycleBin => 2392684 B
EmptyTemp: => 399.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:12:24 ====
 
There are no more issues if you can't spot anything lurking! 


#7 Phil_LHT

Phil_LHT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 November 2017 - 01:46 PM

Update: actually, I have lost sound since I spplied the fix, both on headphones and the laptop's speaker. YouTube videos are silent. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 19 November 2017 - 01:57 PM


Hi,

Nothing about the sound was fixed by me.

Open you control panel and look at the Hardware and Sound section and check your settings?

If you are missing the Sound Icon on your task bar have a look at this article.
https://www.top-password.com/blog/fix-sound-icon-missing-from-taskbar-in-windows-10/

#9 Phil_LHT

Phil_LHT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 20 November 2017 - 04:56 PM

HI Nasdaq, I didn't do anything but the sound is now back. So all is good and I am happy with the computer if you are! 

Thanks again for all your help, heartfelt thanks. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users