Skip to main content

Pop Up Windows in browser

Customer


Hello, I have been getting pop up windows in my internet browser. Often times i will try to open something from an application, but instead of going to the page selected a different page will open. I have run AVG and adaware with no resolution. FRST files attached. Thank you for the help.

FRST.txt

Addition.txt

0

Comments

16 comments

Date Votes
  • Support



    12 minutes ago, Rising Unit said:




    Hello, I have been getting pop up windows in my internet browser. Often times i will try to open something from an application, but instead of going to the page selected a different page will open. I have run AVG and adaware with no resolution. FRST files attached. Thank you for the help.



    FRST.txt



    Addition.txt





    Hi @Rising Unit,



    I suggest that you follow this topic to receive an email when I reply.



    I can see that your internet connection uses a DNS server in Israel. Have you visited that country or is it a sign of an infection?

    Have you any particular requirements on the DNS server from you internet service provider or can you use the automatic setting (most common)?



    When did your problem with popups start?



     

    0
  • Customer


    Hello, and thank you for your help. I have not been to Israel, so I assume that is a sign of infection. I have no particular requirements/can use automatic setting. To be honest problems started about 2 years ago. I had purchased a new laptop as this one is old anyways, but I have recently cleaned it up and have been updating everything so that I can give it to my brother to use. I am hoping this issue can be solved before giving it to him.

    0
  • Support


    Hi, and you're welcome, @Rising Unit.



    Under those circumstances I recommend that you install Windows again since that would both remove any infections and all your private files and settings.



    That explains why I can't see any rather new infected files.Please, start Notepad.

    Copy all text that is in the box:




    Quote




    CreateRestorePoint:

    CloseProcesses:

    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

    SecurityProviders: credssp.dll, AztoltuWxusx.dll

    GroupPolicy: Restriction <==== ATTENTION

    Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File

    Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File

    Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178

    Tcpip\..\Interfaces\{30D27A2A-3593-45C6-BC83-2389E99CB97C}: [NameServer] 82.163.143.176 82.163.142.178

    Tcpip\..\Interfaces\{B740702B-4ACE-4DDA-A064-3BF6431DB166}: [NameServer] 82.163.143.176 82.163.142.178

    Tcpip\..\Interfaces\{DB4F9716-AB72-4021-A5C0-EC7E1C211538}: [NameServer] 82.163.143.176 82.163.142.178

    URLSearchHook: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 - (No Name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No File

    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =

    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    FF ProfilePath: 58960918 [not found] <==== ATTENTION

    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-25] (Pando Networks)

    CHR Extension: (Avira Browser Safety) - C:\Users\Afton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05]

    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-17] (IObit)

    S3 avchv; system32\DRIVERS\avchv.sys [X]

    S0 Lbd; system32\DRIVERS\Lbd.sys [X]

    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

    2013-10-15 02:10 - 2014-08-30 00:43 - 000000000 ____D () C:\Users\Guest\AppData\Local\Temp\avgnt.exe

    2017-11-28 20:02 - 2017-11-28 20:13 - 007649280 _____ () C:\Program Files (x86)\GUT8EE7.tmp

    Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION

    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

    ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)

    ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)

    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

    ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)

    Task: {04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

    Task: {3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} - \{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07} -> No File <==== ATTENTION

    Task: {A99F733F-847A-455F-A525-5472E65DB756} - System32\Tasks\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => C:\Windows\system32\pcalua.exe -a C:\Users\Afton\AppData\Local\Temp\Temp1_Remote_WIN7_32_WIN7_64_5101.zip\SETUP.EXE <==== ATTENTION

    Task: {AFF780CD-47B4-4F68-8575-3491B560DE74} - System32\Tasks\{471DCFC4-48A0-4ABF-811F-206A7767E068} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE

    Task: {B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} - System32\Tasks\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -c /autorun

    Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe"

    Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe"

    Task: {F82103C1-E4B1-4944-91FD-0ECF448A6D0D} - System32\Tasks\DNSPLUM => dnsplum.exe <==== ATTENTION

    Task: {FC8E42FA-05B1-4127-8D18-2F5D75CBF416} - \{A4708731-C006-61AD-B842-5C03F61AA453} -> No File <==== ATTENTION

    CMD: ipconfig /flushdns

    CMD: netsh winsock reset catalog

    CMD: netsh int ip reset c:\resetlog.txt

    Reboot:







    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.


    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.


    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your reply.

    0
  • Customer


    Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018

    Ran by Afton (25-02-2018 12:56:50) Run:1

    Running from C:\Users\Afton\Desktop

    Loaded Profiles: Afton & UpdatusUser (Available Profiles: Afton & Mcx1-ASUS & UpdatusUser & Guest)

    Boot Mode: Normal

    ==============================================



    fixlist content:

    *****************





        CreateRestorePoint:

        CloseProcesses:

        HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

        SecurityProviders: credssp.dll, AztoltuWxusx.dll

        GroupPolicy: Restriction <==== ATTENTION

        Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File

        Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File

        Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178

        Tcpip\..\Interfaces\{30D27A2A-3593-45C6-BC83-2389E99CB97C}: [NameServer] 82.163.143.176 82.163.142.178

        Tcpip\..\Interfaces\{B740702B-4ACE-4DDA-A064-3BF6431DB166}: [NameServer] 82.163.143.176 82.163.142.178

        Tcpip\..\Interfaces\{DB4F9716-AB72-4021-A5C0-EC7E1C211538}: [NameServer] 82.163.143.176 82.163.142.178

        URLSearchHook: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 - (No Name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No File

        SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

        SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

        SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =

        SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

        SearchScopes: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

        FF ProfilePath: 58960918 [not found] <==== ATTENTION

        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

        FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-25] (Pando Networks)

        CHR Extension: (Avira Browser Safety) - C:\Users\Afton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05]

        CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

        S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-17] (IObit)

        S3 avchv; system32\DRIVERS\avchv.sys [X]

        S0 Lbd; system32\DRIVERS\Lbd.sys [X]

        S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

        S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

        S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

        2013-10-15 02:10 - 2014-08-30 00:43 - 000000000 ____D () C:\Users\Guest\AppData\Local\Temp\avgnt.exe

        2017-11-28 20:02 - 2017-11-28 20:13 - 007649280 _____ () C:\Program Files (x86)\GUT8EE7.tmp

        Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION

        ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

        ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)

        ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)

        ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

        ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)

        Task: {04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

        Task: {3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} - \{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07} -> No File <==== ATTENTION

        Task: {A99F733F-847A-455F-A525-5472E65DB756} - System32\Tasks\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => C:\Windows\system32\pcalua.exe -a C:\Users\Afton\AppData\Local\Temp\Temp1_Remote_WIN7_32_WIN7_64_5101.zip\SETUP.EXE <==== ATTENTION

        Task: {AFF780CD-47B4-4F68-8575-3491B560DE74} - System32\Tasks\{471DCFC4-48A0-4ABF-811F-206A7767E068} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE

        Task: {B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} - System32\Tasks\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -c /autorun

        Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe"

        Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe"

        Task: {F82103C1-E4B1-4944-91FD-0ECF448A6D0D} - System32\Tasks\DNSPLUM => dnsplum.exe <==== ATTENTION

        Task: {FC8E42FA-05B1-4127-8D18-2F5D75CBF416} - \{A4708731-C006-61AD-B842-5C03F61AA453} -> No File <==== ATTENTION

        CMD: ipconfig /flushdns

        CMD: netsh winsock reset catalog

        CMD: netsh int ip reset c:\resetlog.txt

        Reboot:





    *****************



    Restore point was successfully created.

    Processes closed successfully.

    "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully

    HKLM\System\CurrentControlSet\Control\SecurityProviders\\SecurityProviders => value restored successfully

    C:\Windows\system32\GroupPolicy\Machine => moved successfully

    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully

    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully

    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011" => removed successfully

    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012" => removed successfully

    "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully

    "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30D27A2A-3593-45C6-BC83-2389E99CB97C}\\NameServer" => removed successfully

    "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B740702B-4ACE-4DDA-A064-3BF6431DB166}\\NameServer" => removed successfully

    "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB4F9716-AB72-4021-A5C0-EC7E1C211538}\\NameServer" => removed successfully

    "HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86}" => removed successfully

    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully

    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully

    HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found

    "HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully

    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully

    "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => removed successfully

    C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => moved successfully

    CHR Extension: (Avira Browser Safety) - C:\Users\Afton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05] => Error: No automatic fix found for this entry.

    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully

    "HKLM\System\CurrentControlSet\Services\LiveUpdateSvc" => removed successfully

    LiveUpdateSvc => service removed successfully

    "HKLM\System\CurrentControlSet\Services\avchv" => removed successfully

    avchv => service removed successfully

    "HKLM\System\CurrentControlSet\Services\Lbd" => removed successfully

    Lbd => service removed successfully

    "HKLM\System\CurrentControlSet\Services\SBRE" => removed successfully

    SBRE => service removed successfully

    "HKLM\System\CurrentControlSet\Services\VMnetAdapter" => removed successfully

    VMnetAdapter => service removed successfully

    "HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0" => removed successfully

    WinRing0_1_2_0 => service removed successfully

    C:\Users\Guest\AppData\Local\Temp\avgnt.exe => moved successfully

    C:\Program Files (x86)\GUT8EE7.tmp => moved successfully

    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent" => removed successfully

    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully

    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found

    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully

    "HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}" => removed successfully

    "HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully

    HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found

    "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully

    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found

    "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully

    HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} => could not remove key. ErrorCode1: 0x00000002

    C:\Windows\System32\Tasks\LaunchSignup => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A99F733F-847A-455F-A525-5472E65DB756} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99F733F-847A-455F-A525-5472E65DB756} => could not remove key. ErrorCode1: 0x00000002

    C:\Windows\System32\Tasks\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF780CD-47B4-4F68-8575-3491B560DE74} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF780CD-47B4-4F68-8575-3491B560DE74} => could not remove key. ErrorCode1: 0x00000002

    C:\Windows\System32\Tasks\{471DCFC4-48A0-4ABF-811F-206A7767E068} => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471DCFC4-48A0-4ABF-811F-206A7767E068} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} => could not remove key. ErrorCode1: 0x00000002

    C:\Windows\System32\Tasks\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => could not remove key. ErrorCode1: 0x00000002

    C:\Windows\System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => could not remove key. ErrorCode1: 0x00000002

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8}" => removed successfully

    "C:\Windows\System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE}" => not found

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE}" => removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D} => could not remove key. ErrorCode1: 0x00000002

    C:\Windows\System32\Tasks\DNSPLUM => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSPLUM => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416} => could not remove key. ErrorCode1: 0x00000002

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4708731-C006-61AD-B842-5C03F61AA453} => could not remove key. ErrorCode1: 0x00000002



    ========= ipconfig /flushdns =========





    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.



    ========= End of CMD: =========





    ========= netsh winsock reset catalog =========



    Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107



    Sucessfully reset the Winsock Catalog.

    You must restart the computer in order to complete the reset.





    ========= End of CMD: =========





    ========= netsh int ip reset c:\resetlog.txt =========



    Reseting Global, OK!

    Reseting Interface, OK!

    Reseting Unicast Address, OK!

    Restart the computer to complete this action.





    ========= End of CMD: =========





    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-02-2018 13:00:41)





    Result of scheduled keys to remove after reboot:



    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A99F733F-847A-455F-A525-5472E65DB756}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99F733F-847A-455F-A525-5472E65DB756}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36588209-319C-43AF-A4F7-F3E7A8DA73E9}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF780CD-47B4-4F68-8575-3491B560DE74}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF780CD-47B4-4F68-8575-3491B560DE74}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471DCFC4-48A0-4ABF-811F-206A7767E068}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{821C54DD-DFFE-4407-A14F-7B877C746BB5}" => removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => key removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => key removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => key removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSPLUM" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416}" => removed successfully

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4708731-C006-61AD-B842-5C03F61AA453}" => removed successfully



    ==== End of Fixlog 13:00:41 ====

    0
  • Customer


    There are definitely less. I am still getting some popups, but AVG has been able to detect and block them at least.

    0
  • Support


    Do you have less popups in the browsers now?

    0
  • Customer


    # AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 28 03:22:35 2018

    # Updated on 2018/08/02 by Malwarebytes

    # Database: 02-27-2018.1

    # Running on Windows 7 Ultimate (X64)

    # Mode: scan

    # Support: https://www.malwarebytes.com/support



    ***** [ Services ] *****



    No malicious services found.



    ***** [ Folders ] *****



    PUP.Optional.Legacy, C:\Users\Afton\AppData\Roaming\download Manager

    PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader

    PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader

    PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader

    Rogue.ForcedExtension, C:\ProgramData\apn

    Rogue.ForcedExtension, C:\ProgramData\Application Data\apn

    Rogue.ForcedExtension, C:\Users\All Users\apn

    PUP.Optional.DriverSupport, C:\ProgramData\UAB

    PUP.Adware.Heuristic, C:\Program Files (x86)\DNSPLUM

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-00c7-1

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-07c5-1

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-11f7-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-1f61-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-25e5-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-2805-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-2e23-1

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-3497-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-4443-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-45b5-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-5365-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-6141-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-6255-1

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-66d3-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-66f3-0

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-72d1-1

    PUP.Adware.Heuristic, C:\ProgramData\035c42b8-74e5-1

    PUP.Adware.Heuristic, C:\ProgramData\23c32d83-6717-1

    PUP.Adware.Heuristic, C:\ProgramData\23c32d83-6a05-0

    PUP.Adware.Heuristic, C:\ProgramData\{002b54e9-412c-1}

    PUP.Adware.Heuristic, C:\ProgramData\{01a53d1c-312c-0}

    PUP.Adware.Heuristic, C:\ProgramData\{03bc46f9-612c-0}

    PUP.Adware.Heuristic, C:\ProgramData\{03c72e34-212c-1}

    PUP.Adware.Heuristic, C:\ProgramData\{060f55ec-012c-1}

    PUP.Adware.Heuristic, C:\ProgramData\{09b725a9-012c-0}

    PUP.Adware.Heuristic, C:\ProgramData\{0a75d451-712c-1}

    PUP.Adware.Heuristic, C:\ProgramData\{0d141b14-012c-0}

    PUP.Adware.Heuristic, C:\ProgramData\{139e1bbe-012c-0}

    PUP.Adware.Heuristic, C:\ProgramData\{157e7f19-212c-1}

    PUP.Adware.Heuristic, C:\ProgramData\{16ea4226-612c-0}

    PUP.Adware.Heuristic, C:\ProgramData\{426f1577-612c-0}





    ***** [ Files ] *****



    No malicious files found.



    ***** [ DLL ] *****



    No malicious DLLs found.



    ***** [ WMI ] *****



    No malicious WMI found.



    ***** [ Shortcuts ] *****



    No malicious shortcuts found.



    ***** [ Tasks ] *****



    No malicious tasks found.



    ***** [ Registry ] *****



    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\WebDiscoverBrowser

    PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\WebDiscoverBrowser

    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\WebDiscoverBrowser

    PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\WebDiscoverBrowser

    PUP.Optional.Legacy, [Key] - HKCU\Software\WebDiscoverBrowser

    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\AppDataLow\Software\adawarebp

    PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\adawarebp

    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\YahooPartnerToolbar

    PUP.Optional.Legacy, [Key] - HKCU\Software\YahooPartnerToolbar

    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Link64

    PUP.Optional.Legacy, [Key] - HKCU\Software\Link64

    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4

    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4

    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4

    PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1007\Software\One System Care

    PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1012\Software\One System Care

    PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-501\Software\One System Care

    PUP.Optional.Spoutly, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}

    Adware.DNSUnlocker, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564

    PUP.Optional.CloudScout, [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b

    PUP.Optional.DNSUnlocker.ACMB2, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1

    PUP.Optional.DNSUnlocker, [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E

    PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan





    ***** [ Firefox (and derivatives) ] *****



    No malicious Firefox entries.



    ***** [ Chromium (and derivatives) ] *****



    No malicious Chromium entries.



    *************************



     



    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

    0
  • Support


    Good!



    Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/


    Turn off all programs, including browsers.

    Double-click on AdwCleaner to start the program.

    Click on I agree to agree to the EULA.


    Click on the Scan button.

    Wait until the search has finished.


    Click on the Logfile button.

    Go to the "Scan" tab and open the first logfile (it should be in blue) by double-clicking on it.

    A report will be displayed, copy its content and paste into your reply.

    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[S1].txt.

    0
  • Support


    Please, turn off all programs, including browsers.

    Double-click on AdwCleaner to start the program.


    Click on the Clean button, please.


    Click on OK.

    Click on OK on any message that pops up.

    The computer will be restarted.


    A report will be displayed, please copy its content and paste into your reply.

    If the report isn't displayed, it exists as C:\AdwCleaner\AdwCleaner[C1].txt

     

    0
  • Customer


    # AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 28 15:13:58 2018

    # Updated on 2018/08/02 by Malwarebytes

    # Running on Windows 7 Ultimate (X64)

    # Mode: clean

    # Support: https://www.malwarebytes.com/support



    ***** [ Services ] *****



    No malicious services deleted.



    ***** [ Folders ] *****



    Deleted: C:\Users\Afton\AppData\Roaming\download Manager

    Deleted: C:\ProgramData\IObit\ASCDownloader

    Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader

    Deleted: C:\Users\All Users\IObit\ASCDownloader

    Deleted: C:\ProgramData\apn

    Deleted: C:\ProgramData\Application Data\apn

    Deleted: C:\Users\All Users\apn

    Deleted: C:\ProgramData\\UAB

    Deleted: C:\Program Files (x86)\DNSPLUM

    Deleted: C:\ProgramData\035c42b8-00c7-1

    Deleted: C:\ProgramData\035c42b8-07c5-1

    Deleted: C:\ProgramData\035c42b8-11f7-0

    Deleted: C:\ProgramData\035c42b8-1f61-0

    Deleted: C:\ProgramData\035c42b8-25e5-0

    Deleted: C:\ProgramData\035c42b8-2805-0

    Deleted: C:\ProgramData\035c42b8-2e23-1

    Deleted: C:\ProgramData\035c42b8-3497-0

    Deleted: C:\ProgramData\035c42b8-4443-0

    Deleted: C:\ProgramData\035c42b8-45b5-0

    Deleted: C:\ProgramData\035c42b8-5365-0

    Deleted: C:\ProgramData\035c42b8-6141-0

    Deleted: C:\ProgramData\035c42b8-6255-1

    Deleted: C:\ProgramData\035c42b8-66d3-0

    Deleted: C:\ProgramData\035c42b8-66f3-0

    Deleted: C:\ProgramData\035c42b8-72d1-1

    Deleted: C:\ProgramData\035c42b8-74e5-1

    Deleted: C:\ProgramData\23c32d83-6717-1

    Deleted: C:\ProgramData\23c32d83-6a05-0

    Deleted: C:\ProgramData\{002b54e9-412c-1}

    Deleted: C:\ProgramData\{01a53d1c-312c-0}

    Deleted: C:\ProgramData\{03bc46f9-612c-0}

    Deleted: C:\ProgramData\{03c72e34-212c-1}

    Deleted: C:\ProgramData\{060f55ec-012c-1}

    Deleted: C:\ProgramData\{09b725a9-012c-0}

    Deleted: C:\ProgramData\{0a75d451-712c-1}

    Deleted: C:\ProgramData\{0d141b14-012c-0}

    Deleted: C:\ProgramData\{139e1bbe-012c-0}

    Deleted: C:\ProgramData\{157e7f19-212c-1}

    Deleted: C:\ProgramData\{16ea4226-612c-0}

    Deleted: C:\ProgramData\{426f1577-612c-0}





    ***** [ Files ] *****



    No malicious files deleted.



    ***** [ DLL ] *****



    No malicious DLLs cleaned.



    ***** [ WMI ] *****



    No malicious WMI cleaned.



    ***** [ Shortcuts ] *****



    No malicious shortcuts cleaned.



    ***** [ Tasks ] *****



    No malicious tasks deleted.



    ***** [ Registry ] *****



    Deleted: [Key] - HKLM\SOFTWARE\WebDiscoverBrowser

    Deleted: [Key] - HKU\.DEFAULT\Software\WebDiscoverBrowser

    Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\WebDiscoverBrowser

    Deleted: [Key] - HKU\S-1-5-18\Software\WebDiscoverBrowser

    Deleted: [Key] - HKCU\Software\WebDiscoverBrowser

    Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\AppDataLow\Software\adawarebp

    Deleted: [Key] - HKCU\Software\AppDataLow\Software\adawarebp

    Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\YahooPartnerToolbar

    Deleted: [Key] - HKCU\Software\YahooPartnerToolbar

    Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Link64

    Deleted: [Key] - HKCU\Software\Link64

    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4

    Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4

    Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4

    Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1007\Software\One System Care

    Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1012\Software\One System Care

    Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-501\Software\One System Care

    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}

    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564

    Deleted: [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b

    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1

    Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E

    Deleted: [Key] - HKLM\SOFTWARE\MimarSinan





    ***** [ Firefox (and derivatives) ] *****



    No malicious Firefox entries deleted.



    ***** [ Chromium (and derivatives) ] *****



    No malicious Chromium entries deleted.



    *************************



    ::Tracing keys deleted

    ::Winsock settings cleared

    ::Additional Actions: 0



     



    *************************



    C:/AdwCleaner/AdwCleaner[S0].txt - [5334 B] - [2018/2/28 3:22:35]

    C:/AdwCleaner/AdwCleaner[S1].txt - [5401 B] - [2018/2/28 15:13:25]





    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

    0
  • Support


    Good!



    Any progress regarding the popups?

    0
  • Support


    That's great!



    How to uninstall AdwCleaner and FRST, and purge System Restore points (since old ones contain the infection):

    Please, save Delfix on the Desktop: http://www.bleepingcomputer.com/download/delfix/

    Start the program.


    Make sure that the following items are selected, and nothing else:

    * Remove disinfection tools

    * Create registry backup

    * Purge system restore

    * Reset System Settings


    Click on the Run button.

    0
  • Customer


    I have only done a limited test browse but so far so good! Thank you!

    0
  • Customer


    Done! Have yet to see popups, thanks again.



     



    # DelFix v1.010 - Logfile created 03/03/2018 at 07:30:23

    # Updated 26/04/2015 by Xplode

    # Username : Afton - ASUS

    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)



    ~ Removing disinfection tools ...



    Deleted : C:\FRST

    Deleted : C:\AdwCleaner

    Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hijackthis

    Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis

    Deleted : C:\Users\Afton\Desktop\adwcleaner_7.0.8.0.exe

    Deleted : C:\Users\Afton\Desktop\FRST64.exe



    ~ Creating registry backup ... OK



    ~ Cleaning system restore ...





    New restore point created !



    ~ Resetting system settings ... OK



    ########## - EOF - ##########



     

    0
  • Support


    You're welcome

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.Everyone else please begin a New Topic.Thank you !

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post