Help removing quickprivacycheck.com pop up
Hello,
I will get a new tab in Chrome that is going to quickprivacycheck.com. I did a deep scan earlier today and the window popped up again a few minutes later. I have attached the files from FRST.
Thanks, Dave
-
Hello,
I will get a new tab in Chrome that is going to quickprivacycheck.com. I did a deep scan earlier today and the window popped up again a few minutes later. I have attached the files from FRST.
Thanks, Dave
Hi Dave,
Please, save AdwCleaner on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/
Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.
Click on the Scan button.
Wait until the search has finished.
Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[s1].txt.
Please follow this topic to get subscription emails when I post replies.
0 -
Thanks for the quick reply. I only ran it once, but it created 2 files and I have attached them both.
Thanks, Dave
0 -
Thanks again for such a fast response! Attached please find the new FRST.txt and Addition.txt.
Thanks, Dave
0 -
You're welcome.
I see, you let the program delete everything it found. It's fine, but sometimes it deletes to much.
Please restart the computer, if you haven't done that since you ran AdwCleaner.
Run FRST again and select Addition.txt before letting it scan. Upload the two new log files and I'll check if anything more needs to be deleted..
0 -
No problem
Please, start Notepad.
Copy all text that is in the box:
CreateRestorePoint:
and paste in Notepad. Check that no files have been split on two lines.
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
U3 idsvc; no ImagePath
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
Task: {03FDDA79-BCDE-4D5A-A180-D49CDFF37CA9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {287DA2E2-4B76-4F45-BF0B-9E3A002CF162} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {43C0C3EB-515A-4802-A402-E710D2F6CF4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45969F15-6850-4A08-A1A7-0A93C22EAB62} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {466BE974-6A0D-4731-9CCE-327FB7A06BC8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5F59B5FD-8325-487A-B9BD-90FD2DA3DA4A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {626D218B-11FC-4C3B-BB98-86EB382E12CE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6ABB3B32-8458-4D52-9674-CA73F4E27BF9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {71F7B3B9-A4FB-4B59-8C03-66CAD38FF873} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9B681117-4AE4-46A7-9E24-C205F9A4C3C5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B7A48922-6F8E-45D1-81CF-AD1186A3C55D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D095E46E-0031-48F8-AF41-2994C5978240} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Dave.HP-PC\Desktop\licenses.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Dave.HP-PC\Desktop\licenses.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Debbie\Desktop\cookie.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Debbie\Desktop\cookie.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
Reboot:
Save the file as fixlist.txt on the desktop.
Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.
It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.
Do you still have popups or are they gone now?
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Those are two old versions of Java with known vulnerabilities that can bee exploited by a web page to infect the computer. If you really need to have Java installed, you should always have the latest version.
Quicktime is no longer supported and should be uninstalled to avoid exploits.
0 -
I did the FRST fix this morning and I have attached the log. I haven't had any popups since yesterday! Hopefully this nailed it. I wish I knew how I got it because usually I'm pretty careful.
I cannot thank you enough for all the help!!! You are fantastic!!!
Thanks, Dave
0 -
You're welcome
Very good indeed!
Time to uninstall FRST and AdwCleaner.
1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.
Click on the Uninstall button.
2. Please, download OTC http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
Close all programs.
Start OTC program.
Click the CleanUp! button.
Select Yes when asked "Begin cleanup process".
If you are asked to reboot, select Yes.
If any logs remain on the computer you can remove them.When did these popups start?
I can see that these folders are created during the second half of November.
2016-11-25 13:25 - 2016-11-25 13:27 - 00000000 ___HD C:\Program Files\CanonBJ
2016-11-22 13:38 - 2016-11-22 13:38 - 00000000 ____D C:\ProgramData\FFinder LTD
2016-11-22 13:07 - 2016-11-22 13:15 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-11-19 15:34 - 2016-11-19 15:34 - 00000000 ____D C:\Users\Dave.HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogitechAnd these were updated/changed:
2016-11-26 10:53 - 2015-01-20 16:36 - 00000000 ____D C:\Users\Dave.HP-PC\AppData\Local\Amazon Music
2016-11-22 10:54 - 2016-08-13 07:02 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-11-22 10:45 - 2015-10-27 09:01 - 00000000 ____D C:\Program Files (x86)\Flexible Retirement Planner
Usually you don't notice adware-popups directly after the installation, you have to restart computer and/or browsers first.0 -
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.Everyone else please begin a New Topic.Thank you !
0
Please sign in to leave a comment.
Comments
8 comments