Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit/Spyware infection hidden from scans - Windows 7


  • Please log in to reply
26 replies to this topic

#1 Paranoidguy

Paranoidguy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 April 2018 - 03:58 PM

I would like to start off saying this is my first time posting here and that my knowledge regarding this subject is sparse, mostly due to the fact that I just recently started to learn about this subject in detail right after I got infested, which happened on 19/4/18. So I would greatly appreciate it if things were explained to me in a simple and understandable way. I also need to add that I am not completely helpless at all, but I am definitely not an expert (which is why i need to consult real pros on this board). As I am writing this I am using my mother's laptop instead of my own PC.

 

Alright, I will begin describing my situation as best as I possibly can so that I can receive as much help at possible.

3 days ago I was infested with a virus that unleashed a large amount of mixed threats on my system. I quickly powered off my computer, booted it up again (this wasn't in safe-mode) and launched Malwarebytes. I did a threat scan and Malwarebytes managed to identify and remove 27 dangerous files, half of those were adware while the other half was Malware from the virus I downloaded. I went on the web and downloaded AVAST and did a normal scan through it. AVAST didnt find anything. Before I was planning to do a full system scan I was still fairly paranoid and sure that there are more remnants of the virus on my system, so I booted up Task Manager and looked at my processes which revealed that I had some suspicious processes running that I did not identify straight away. I searched up the suspicious processes and it was some sort of Spyware; the type that logs keystrokes and gathers info. I then did a full system scan with AVAST and it removed it together with some adware.

At that moment I thought I had removed all dangerous threats on my system, so I relaxed and played a videogame for some hours on my PC. The next day 2 days ago I booted up again and downloaded autoruns and process explorer in order to easier find and identify unrecognized and suspicious processes but I didnt find anything that I thought was malware. It was then that I went to "programs and functions" (my OS language is not English so sorry for any typos) and it was there that I found a program-file called WAHIVER.exe that was installed on my system the same day I got my virus infection... I panicked and tried to search the web for any information pertaining to WAHIVER.exe but I did not receive many results except from it being potentially a rootkit virus. I did not find any processes related to it either... So I thought that maybe it was a Rootkit. I couldnt find the location of WAHIVER.exe on my system files either... so I panicked and went into safemode and launched Malwarebytes and did a full system scan but it didnt find anything. I then tried to un-install WAHIVER through programs and functions but instead of a usual uninstall wizard saying "are you sure you want to uninstall" I instead got a default uninstall window with unintelligible gibberish text. I was kinda scared but I chose "yes" to uninstall it.... I was pretty sure that it wasn't really gone so I did a rootkit ONLY scan with Malwarebytes... but it didnt find anything.

 

So now I am certain that I have been infected with a rootkit virus and I have decided I wanted to restore my windows 7 to factory condition.(i am using a self-built computer btw).

Will a factory reset remove the rootkit? Are there any chances that my network has been somehow infested? Is it safe for me to transfer some videogames and small files over to an SSD or a USB without the fear of the rootkit being transferred as well? And my last worrying question: is there anything more I can do to remove the virus from my system once and for all?

 
Thank you all in advance for reading through my paranoid post and I hope that someone real smart could help me out... I am really scared because even though I have been infested before with malware it hasn't been nearly as bad as this. I do think that my personal info and credentials are safe... but I am worried about my PC....


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 AM

Posted 22 April 2018 - 05:10 PM

Welcome to BC...

 

Before doing factory reset try using the programs below. That is never any fun to do though a reformat and reinstall of Windows would remove

any malware existing on the hdd.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Paranoidguy

Paranoidguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 April 2018 - 05:22 PM

 

Welcome to BC...

 

Before doing factory reset try using the programs below. That is never any fun to do though a reformat and reinstall of Windows would remove

any malware existing on the hdd.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply

 

Thank you so much for your reply. Its getting quite late where I live so I will do as instructed as soon as I possibly can tomorrow. It will probably be around noon in your state when I get back to you with results.


Edited by Paranoidguy, 22 April 2018 - 05:23 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 AM

Posted 22 April 2018 - 05:29 PM

No hurry...see you tomorrow.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Paranoidguy

Paranoidguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 April 2018 - 09:59 AM

Alright, Malwarebytes Anti-Rootkit didnt find anything malicious, so I will post the results from AdwCleaner first

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-22.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-23-2018
# Duration: 00:00:11
# OS:       Windows 7 Home Premium
# Scanned:  40705
# Detected: 87


***** [ Services ] *****

PUP.Optional.Legacy             WCAssistantService

***** [ Folders ] *****

PUP.Adware.Heuristic            C:\ProgramData\C2A2E648C6F3ED6D
PUP.Adware.Heuristic            C:\ProgramData\AVG_UPDATE_0215TB
PUP.Optional.Ask                C:\ProgramData\AskPartnerNetwork
PUP.Optional.Ask                C:\Program Files (x86)\AskPartnerNetwork
PUP.Optional.Ask                C:\Users\Micheal\AppData\Local\AskPartnerNetwork
PUP.Optional.ByteFence          C:\Program Files\ByteFence
PUP.Optional.Conduit.A          C:\Users\Micheal\AppData\Roaming\RHEng
PUP.Optional.Legacy             C:\ProgramData\lavasoft\web companion
PUP.Optional.Legacy             C:\Program Files (x86)\lavasoft\web companion
PUP.Optional.Legacy             C:\Users\Micheal\AppData\Roaming\lavasoft\web companion
PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
PUP.Optional.Legacy             C:\Program Files (x86)\Toolbar Cleaner
PUP.Optional.Legacy             C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy             C:\Users\Micheal\AppData\LocalLow\adawaretb
PUP.Optional.WebCompanion       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Rogue.ForcedExtension           C:\ProgramData\apn

***** [ Files ] *****

PUP.Optional.Legacy             C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\x9c4pxis.default\searchplugins\yahoo-lavasoft.xml

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic            C:\Windows\Tasks\AVG-SECURE-SEARCH-UPDATE_0215TB_RMV.JOB
PUP.Adware.Heuristic            C:\Windows\Tasks\AVG-SECURE-SEARCH-UPDATE_0215TB_REL.JOB
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\AVG-SECURE-SEARCH-UPDATE_0215TB_RMV
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\AVG-SECURE-SEARCH-UPDATE_0215TB_REL

***** [ Registry ] *****

Adware.DNSUnlocker              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0215tb_rmv
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0215tb_rel
PUP.MyWebSearch.Heuristic       HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com\Plugin
PUP.Optional.APNToolBar.Gen     HKLM\Software\Microsoft\Shared Tools\MSConfig\services\APNMCP
PUP.Optional.ByteFence          HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence          HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence          HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy             HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Toolbar Cleaner
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\adawaretb
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
PUP.Optional.Legacy             HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy             HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy             HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy             HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy             HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
PUP.Optional.Legacy             HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy             HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
PUP.Optional.Legacy             HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
PUP.Optional.MindSpark.A        HKLM\Software\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP
PUP.Optional.SofTonicAssistant  HKCU\Software\Softonic

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



#6 Paranoidguy

Paranoidguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 April 2018 - 10:04 AM

I also need to admit that the ESET scan was without an archive scan and scan for potential unwanted applications. Sorry I forgot to tick them off... but I will post the result anyway and then post the second result with the instructed boxes ticked off when the scan is complete. Thank you for your patience, man.

ESET

 

C:\Users\All Users\Soda PDF 6\Installation\adawareTb_lulu_3.9.0.14.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    
C:\AdwCleaner\Quarantine\v1\20180423.140309\6\web companion\Application\Lavasoft.Utils.dll#9AD30F788DCE0961    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20180423.140309\6\web companion\Application\Lavasoft.WCAssistant.WinService.exe#15B1301DF9C55566    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20180423.140309\6\web companion\Application\WebCompanion.exe#0A40221CF0E9D2C8    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20180423.140309\6\web companion\Application\WebCompanionInstaller.exe#C4A30326681F81BC    a variant of MSIL/WebCompanion.C potentially unwanted application    cleaned by deleting
C:\ProgramData\Soda PDF 6\Installation\adawareTb_lulu_3.9.0.14.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    cleaned by deleting
C:\Users\Micheal\AppData\Local\SpaceKace\Setup_FileViewPro_2015\Setup_FileViewPro_2015.exe    Win32/Solvusoft.A potentially unwanted application    cleaned by deleting
C:\Users\Micheal\Downloads\uTorrent.exe    MSIL/WebCompanion.A potentially unwanted application    cleaned by deleting
 



#7 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 AM

Posted 23 April 2018 - 11:18 AM

Rerun AdwCleaner and be sure to click on Clean when scan finishes if it finds anything.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Paranoidguy

Paranoidguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 April 2018 - 11:31 AM

There was nothing in Scheduled tasks list. Here the Windows Startup one

 

Yes    HKCU:Run    AVG-Secure-Search-Update_0215tb        "C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe" /PROMPT /CMPID=0215tb
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Chromium        "c:\users\micheal\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
Yes    HKCU:Run    CyberGhost        "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
Yes    HKCU:Run    GameCompanion        "C:\Users\Micheal\AppData\Roaming\GameCompanion\GameCompanion.exe"
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes    HKCU:Run    World of Warships    Wargaming.net    "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
Yes    HKLM:Run    ANIWZCS2Service    Wireless Service    C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
Yes    HKLM:Run    AvastUI.exe    AVAST Software    "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
Yes    HKLM:Run    BtTray    Qualcomm Atheros    "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
Yes    HKLM:Run    BtvStack    Atheros Communications    "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Yes    HKLM:Run    ControlCenterCount    MSI CO.,LTD.    C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
Yes    HKLM:Run    D-Link D-Link Wireless G DWL-G122_DWA-110    D-Link Corp.    C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
Yes    HKLM:Run    FAHConsole    Nico Mak Computing    C:\Program Files\File Association Helper\FAHConsole.exe
Yes    HKLM:Run    Fast Boot    MICRO-STAR INTERNATIONAL CO., LTD.    C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
Yes    HKLM:Run    Live Update    Micro-Star International    C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
Yes    HKLM:Run    Razer Synapse    Razer Inc.    "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes    HKLM:Run    RUSB3MON    Renesas Electronics Corporation    "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    HKLM:Run    Super Charger    MSI    C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
Yes    HKLM:Run    THX Audio Control Panel    Creative Technology Ltd    "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
Yes    HKLM:Run    THXCfg64    Microsoft Corporation    C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
Yes    HKLM:Run    UpdReg    Creative Technology Ltd.    C:\Windows\UpdReg.EXE
Yes    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    HKLM:Run    WZCSLDR2        C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe
Yes    Startup Common    iSCTsysTray.lnk    Intel Corporation    C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe



#9 Paranoidguy

Paranoidguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 April 2018 - 11:32 AM

List of Programs installed.... hope this helps...

 

3DMark    Futuremark    22/12/2014        
7-Zip 16.04 (x64)    Igor Pavlov    05/09/2017    4.75 MB    16.04
7-Zip 18.01 (x64 edition)    Igor Pavlov    19/04/2018    5.00 MB    18.01.00.0
Adobe Flash Player 29 ActiveX    Adobe Systems Incorporated    19/04/2018    19.3 MB    29.0.0.140
Adobe Flash Player 29 NPAPI    Adobe Systems Incorporated    19/04/2018    19.8 MB    29.0.0.140
ANIWZCS2 Service        21/12/2013        
Assetto Corsa    Kunos Simulazioni    15/01/2018        
Atheros Driver Installation Program    Atheros    21/09/2013        9.2
Avast Premier    AVAST Software    19/04/2018        18.3.2333
Beyond Divinity    Larian Studios    24/12/2017        
BOSS    BOSS Development Team    07/02/2015        2.1.1
CCleaner    Piriform    19/04/2018        5.41
CleanMem    PcWinTech.com    20/12/2017        v2.5.0
CLICKBIOSII    MSI    01/01/2014    58.8 MB    1.0.123
ControlCenter    MSI    01/01/2014    154 MB    2.5.060
D-Link Wireless G DWL-G122_DWA-110    D-Link    21/12/2013        
DEEP SPACE WAIFU    Neko Climax Studios    03/03/2018        
Divine Divinity    Larian Studios    24/12/2017        
Divinity II: Developer's Cut    Larian Studios    24/12/2017        
Epic Games Launcher    Epic Games, Inc.    06/03/2015    107 MB    1.1.24.0
Everlasting Summer    Soviet Games    25/02/2018        
Fallout    Interplay Inc.    01/01/2018        
Fallout 2    Black Isle Studios    05/11/2017        
Fallout Mod Manager 0.12.6    Timeslip, Q    29/08/2015    3.87 MB    
Fallout Mod Manager 0.13.21    Q, Timeslip    23/12/2015    3.86 MB    
Fallout Tactics    14° East    01/01/2018        
File Association Helper        19/08/2014        
FO2 Restoration Project 2.3.3    killap    10/12/2017    1.01 GB    
FOMM 0.14.11.13    Prideslayer    07/01/2018    4.83 MB    
Fraps        01/11/2014        
Futuremark SystemInfo    Futuremark    06/02/2018    5.84 MB    5.5.646.0
Google Chrome    Google Inc.    12/12/2014        65.0.3325.181
Intel® Control Center    Intel Corporation    21/09/2013        1.2.1.1011
Intel® Management Engine Components    Intel Corporation    15/07/2014        9.5.15.1730
Intel® Smart Connect Technology 3.0 x64    Intel    21/09/2013    24.6 MB    3.0.42.1767
Intel® USB 3.0 eXtensible Host Controller Driver    Intel Corporation    21/09/2013        1.0.8.251
Intel® Watchdog Timer Driver (Intel® WDT)    Intel Corporation    21/09/2013    5.03 MB    
Intel® Watchdog Timer Driver (Intel® WDT)    Intel Corporation    21/09/2013        
Java 8 Update 101    Oracle Corporation    22/07/2016    25.4 MB    8.0.1010.13
Java 8 Update 172    Oracle Corporation    19/04/2018    100 MB    8.0.1720.11
Katawa Shoujo        16/04/2018        
Kodi    XBMC-Foundation    23/12/2017        
Lets Meow Meow    Yamikumo    27/02/2018        1.1
LOOT version 0.11.0    LOOT Team    23/11/2017    113 MB    0.11.0
Love, Money, Rock'n'Roll Demo    Soviet Games    04/04/2018        
Lucy -The Eternity She Wished For-    Modern Visual Arts Laboratory    01/02/2018        
Malwarebytes versjon 3.4.4.2398    Malwarebytes    14/03/2018    177 MB    3.4.4.2398
McAfee WebAdvisor    McAfee, Inc.    25/01/2018        4.0.163
Metro: Last Light    4A Games    15/01/2018        
Microsoft .NET Framework 4.7.1    Microsoft Corporation    03/03/2018    38.8 MB    4.7.02558
Microsoft .NET Framework 4.7.1 (norsk språkpakke)    Microsoft Corporation    14/03/2018    2.93 MB    4.7.02558
Microsoft Chart Controls for Microsoft .NET Framework 3.5    Microsoft Corporation    29/07/2016    13.8 MB    3.5.30730.0
Microsoft Games for Windows - LIVE Redistributable    Microsoft Corporation    29/08/2015    32.5 MB    2.0.672.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    01/02/2015    300 KB    8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    21/09/2013    572 KB    8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    30/04/2014    250 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    21/09/2013    788 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    05/04/2014    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    26/09/2013    238 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    21/09/2013    596 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    28/09/2013    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    23/01/2018    20.7 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    15/07/2014    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610    Microsoft Corporation    20/12/2015        11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    21/02/2015    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610    Microsoft Corporation    20/12/2015        11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    08/02/2015    17.3 MB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501    Microsoft Corporation    12/10/2015    20.5 MB    12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501    Microsoft Corporation    09/06/2015    17.1 MB    12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506    Microsoft Corporation    19/03/2016    24.5 MB    14.0.23506.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215    Microsoft Corporation    24/11/2017    21.5 MB    14.0.24215.1
Microsoft Xbox One Controller for Windows    Microsoft Corporation    13/09/2014    1.75 MB    1.0.2
Microsoft XNA Framework Redistributable 4.0 Refresh    Microsoft Corporation    01/09/2014    8.03 MB    4.0.30901.0
MiKTeX 2.9    MiKTeX.org    24/12/2017        2.9
Mozilla Firefox 59.0.2 (x64 en-US)    Mozilla    28/03/2018    144 MB    59.0.2
Mozilla Maintenance Service    Mozilla    15/09/2017    278 KB    55.0.3
MSI Afterburner 4.3.0    MSI Co., LTD    18/09/2017        4.3.0
MSI Fast Boot    MSI    18/10/2014    9.09 MB    1.0.1.5
MSI Intel Extreme Tuning Utility    Intel Corporation    21/09/2013    124 MB    4.0.6.305
MSI Live Update    MSI    18/10/2014    41.2 MB    6.0.010
MSI Super Charger    MSI    15/07/2014    12.2 MB    1.2.025
My Game Long Name    Epic Games, Inc.    24/01/2015        
NetworkGenie    MSI    21/09/2013        1.00.0000
Nexus Mod Manager    Black Tree Gaming    30/10/2017    24.0 MB    0.63.14
Notepad++    Notepad++ Team    08/11/2015        6.8.6
NVIDIA 3D Vision-driver 391.01    NVIDIA Corporation    17/03/2018        391.01
NVIDIA Driver for HD-lyd 1.3.35.1    NVIDIA Corporation    17/03/2018        1.3.35.1
NVIDIA Driver til 3D Vision-kontroller 390.41    NVIDIA Corporation    17/03/2018        390.41
NVIDIA Grafikkdriver 391.01    NVIDIA Corporation    17/03/2018        391.01
NVIDIA PhysX systemprogramvare 9.17.0524    NVIDIA Corporation    10/12/2017        9.17.0524
OpenAL        14/06/2014        
Origin    Electronic Arts, Inc.    26/02/2014        9.4.5.195
OTPService    MSI    21/09/2013    6.69 MB    1.0.004
Pillars of Eternity    Obsidian Entertainment    04/01/2016        
PunkBuster Services    Even Balance, Inc.    13/01/2018        0.986
qBittorrent 4.0.4    The qBittorrent project    15/03/2018    109 MB    4.0.4
qTox    The qTox Project    02/01/2018        1.13.0
Qualcomm Atheros Bluetooth Suite (64)    Qualcomm Atheros Communications    21/09/2013    110 MB    8.0.0.208
Razer Synapse    Razer Inc.    17/12/2017    20.2 MB    2.21.00.830
Realtek Ethernet Controller Driver    Realtek    01/01/2014        7.72.410.2013
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    21/09/2013        6.0.1.7069
Renesas Electronics USB 3.0 Host Controller Driver    Renesas Electronics Corporation    21/09/2013    885 KB    3.0.23.0
RivaTuner Statistics Server 6.5.0    Unwinder    18/09/2017        6.5.0
S.T.A.L.K.E.R.: Shadow of Chernobyl    GSC Game World    23/01/2018        
Search App by Ask        20/04/2017        
Security Task Manager 2.1k    Neuber Software    20/04/2018        2.1k
Soda PDF 6    LULU Software Limited    07/09/2014        6.3.2.17086
SpeedFan (remove only)        24/01/2018        
Steam    Valve Corporation    21/09/2013    1.77 MB    1.0.0.0
Super RAID    MSI    21/09/2013    76.4 MB    1.0.006
TeamingGenie    MSI    21/09/2013    8.57 MB    1.0.1.3
The Elder Scrolls V: Skyrim    Bethesda Game Studios    20/11/2017        
The Witcher 2: Assassins of Kings Enhanced Edition    CD PROJEKT RED    01/11/2017        
The Witcher 3 HD Reworked Project    HalkHoganPL    21/03/2018        5.0
The Witcher 3: Wild Hunt    CD PROJEKT RED    30/10/2017        
The Witcher: Enhanced Edition    CD PROJEKT RED    15/01/2018        
THX TruStudio Pro    Creative Technology Limited    21/09/2013        1.04.03
Trend Micro SafeSync    Trend Micro    01/01/2014    57.4 MB    5.1.0.1173
Unity Web Player    Unity Technologies ApS    24/07/2015    12.0 MB    5.0.3f2
VideoGenie    MSI    21/09/2013    8.77 MB    1.0.0.12
Visual Studio 2012 x64 Redistributables    AVG Technologies    10/12/2014    1.89 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    10/12/2014    1.69 MB    14.0.0.1
VLC media player    VideoLAN    03/04/2018        3.0.1
Vulkan Run Time Libraries 1.0.11.1    LunarG, Inc.    28/06/2016    1.66 MB    1.0.11.1
Vulkan Run Time Libraries 1.0.3.0    LunarG, Inc.    24/03/2016    1.66 MB    1.0.3.0
Web Companion    Lavasoft    14/03/2018        4.1.1808.3370
Winki    MSI    21/09/2013    574 MB    3.2.126
WinRAR 5.50 (64-bit)    win.rar GmbH    19/04/2018        5.50.0
World of Warships    Wargaming.net    26/07/2017    20.9 MB    
Wrye Bash    Wrye & Wrye Bash Development Team    14/02/2015        0.3.0.5

 

hmm.... I never installed "search app by ask".... day after i got the virus too. what the...

there used to be WAHIVER.exe in that list as well before I uninstalled it. That is what I expect was a Rootkit... but why would a Rootkit hide in the installed programs directory... damn I dont this stuff as well as you
 


Edited by Paranoidguy, 23 April 2018 - 11:35 AM.


#10 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 AM

Posted 23 April 2018 - 12:18 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    AVG-Secure-Search-Update_0215tb        "C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe" /PROMPT /CMPID=0215tb (This is adware)
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Chromium        "c:\users\micheal\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
Yes    HKCU:Run    CyberGhost        "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
Yes    HKCU:Run    GameCompanion        "C:\Users\Micheal\AppData\Roaming\GameCompanion\GameCompanion.exe"
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes    HKCU:Run    World of Warships    Wargaming.net    "C:\Games\World_of_Warships\WargamingGameUpdater.exe"

Yes    HKLM:Run    BtTray    Qualcomm Atheros    "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"

Yes    HKLM:Run    FAHConsole    Nico Mak Computing    C:\Program Files\File Association Helper\FAHConsole.exe
Yes    HKLM:Run    Fast Boot    MICRO-STAR INTERNATIONAL CO., LTD.    C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
Yes    HKLM:Run    Live Update    Micro-Star International    C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER

Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

Uninstall these programs:

CleanMem    PcWinTech.com    20/12/2017        v2.5.0

Java 8 Update 101    Oracle Corporation    22/07/2016    25.4 MB    8.0.1010.13
Java 8 Update 172    Oracle Corporation    19/04/2018    100 MB    8.0.1720.11 (Most users don't need Java...but if you are sure you do...keep this one and uninstall the older one)

McAfee WebAdvisor    McAfee, Inc.    25/01/2018        4.0.163

qBittorrent 4.0.4    The qBittorrent project    15/03/2018    109 MB    4.0.4 (very risky to use...more than 60% of free downloads will contain malware and or adware)

Search App by Ask        20/04/2017    

Trend Micro SafeSync    Trend Micro    01/01/2014    57.4 MB    5.1.0.1173 (keep...if you actually use it)
Unity Web Player    Unity Technologies ApS    24/07/2015    12.0 MB    5.0.3f2

Web Companion    Lavasoft    14/03/2018        4.1.1808.3370

 

WAHIVER.exe is adware...not a rootkit.

 

Look in your browsers' list of extensions/ add-ons for anything related to search protect, AVG, ASK or Avast....Disable/ Delete if found.

 

After completing above and reruning AdwCleaner....let me know how the computer is performing.  


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Paranoidguy

Paranoidguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 April 2018 - 12:40 PM

Allright... there seems to be a problem when uninstalling both Java versions. When I try to uninstall java update 101  and 172 I get a "cant access Windows Installer. this can happen if Windows Installer is not installed correctly" translated from my mother tongue.

and when i try to uninstall webcompanion it says that it was already uninstalled apparently... it's been removed now. 

 

I am currently running ESET online scanner and its at 28% and detected 18 new infected files... this is with all the previously stated boxes ticked. 

I will be running AdwCleaner again after ESET is finished (might take a couple of hours). I checked my browser extensions and there is only adguard which I added many months ago. 

Also this is all being done in Safemode - network.

 

Thank you very much for helping me, buddy

 

EDIT: "Search App by ASK" is also displaying the same message I get when trying to uninstall JAVA update 101 and 172!


Edited by Paranoidguy, 23 April 2018 - 12:45 PM.


#12 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 AM

Posted 23 April 2018 - 12:52 PM

My guess is that Eset is hitting on what AdwCleaner has already quarantined....no problem with that. You will see if that is the case.

 

You can use Revo to uninstall Java....Use the the portable free one...Download Revo Uninstaller Freeware


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Paranoidguy

Paranoidguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 April 2018 - 01:16 PM

The 18 threats that were found right now by ESET are new. I deleted the quarantined files that AdwCleaner caught hours ago. Will post an updated list of ESET.txt when its done scanning. 

Also Revo portable displays the same error message as encountered before when I try to uninstall Java update 101 and update 172 and Search App by Ask.



#14 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 AM

Posted 23 April 2018 - 01:31 PM

Haven't seen that happen before....Revo not being able to uninstall Java.

 

Try this one...How do I uninstall Java on my Windows computer? after Eset completes its scan and reboots the computer if it asks you to.

Windows Users: Improve the security of your computer by checking for old versions of Java and removing them when you install Java 8 (8u20 and later versions) or by using the Java Uninstall Tool.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Paranoidguy

Paranoidguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 April 2018 - 02:16 PM

I know now why I cant uninstall Java and Search App by Ask... Windows Installer removes applications with a Windows Installer-pack (.msi) but it wont work in safemode... Trying to start up Windows Installer through Services.msc gives error 1084: "this service could not start in safemode".

But why Search App by Ask requires Windows Installer to uninstall I do not know...

 

Anyway, I will enter normal boot up to uninstall those three programs after ESET is finished and after I have posted the second report to you. Then I will run AdwCleaner again. 


Edited by Paranoidguy, 23 April 2018 - 02:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users