Sign in to follow this  
dmedli

Help removing quickprivacycheck.com pop up

Recommended Posts

Hello,

I will get a new tab in Chrome that is going to quickprivacycheck.com. I did a deep scan earlier today and the window popped up again a few minutes later. I have attached the files from FRST.

 

Thanks, Dave

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hello,

I will get a new tab in Chrome that is going to quickprivacycheck.com. I did a deep scan earlier today and the window popped up again a few minutes later. I have attached the files from FRST.

 

Thanks, Dave

 

Hi Dave,

 

Please, save AdwCleaner on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Log file button.

A report will be displayed, copy its content and paste into your reply.

If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[s1].txt.

 

 

Please follow this topic to get subscription emails when I post replies.

Share this post


Link to post
Share on other sites

You're welcome.

 

I see, you let the program delete everything it found. It's fine, but sometimes it deletes to much.

 

Please restart the computer, if you haven't done that since you ran AdwCleaner.

Run FRST again and select Addition.txt before letting it scan. Upload the two new log files and I'll check if anything more needs to be deleted..

Share this post


Link to post
Share on other sites

No problem :)

 

Please, start Notepad.

Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
U3 idsvc; no ImagePath
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
Task: {03FDDA79-BCDE-4D5A-A180-D49CDFF37CA9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {287DA2E2-4B76-4F45-BF0B-9E3A002CF162} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {43C0C3EB-515A-4802-A402-E710D2F6CF4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45969F15-6850-4A08-A1A7-0A93C22EAB62} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {466BE974-6A0D-4731-9CCE-327FB7A06BC8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5F59B5FD-8325-487A-B9BD-90FD2DA3DA4A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {626D218B-11FC-4C3B-BB98-86EB382E12CE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6ABB3B32-8458-4D52-9674-CA73F4E27BF9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {71F7B3B9-A4FB-4B59-8C03-66CAD38FF873} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9B681117-4AE4-46A7-9E24-C205F9A4C3C5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B7A48922-6F8E-45D1-81CF-AD1186A3C55D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D095E46E-0031-48F8-AF41-2994C5978240} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Dave.HP-PC\Desktop\licenses.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Dave.HP-PC\Desktop\licenses.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Debbie\Desktop\cookie.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Debbie\Desktop\cookie.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
Reboot:
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your reply.

 

 

Do you still have popups or are they gone now?

 

 

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)

Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

Those are two old versions of Java with known vulnerabilities that can bee exploited by a web page to infect the computer. If you really need to have Java installed, you should always have the latest version.

 

Quicktime is no longer supported and should be uninstalled to avoid exploits.

Share this post


Link to post
Share on other sites

I did the FRST fix this morning and I have attached the log. I haven't had any popups since yesterday! Hopefully this nailed it. I wish I knew how I got it because usually I'm pretty careful.

 

I cannot thank you enough for all the help!!! You are fantastic!!!

 

Thanks, Dave

Fixlog.txt

Share this post


Link to post
Share on other sites

You're welcome :)

 

Very good indeed!

 

Time to uninstall FRST and AdwCleaner.

 

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

2. Please, download OTC http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
Close all programs.
Start OTC program.
Click the CleanUp! button.
Select Yes when asked "Begin cleanup process".
If you are asked to reboot, select Yes.
If any logs remain on the computer you can remove them.

 

When did these popups start?

I can see that these folders are created during the second half of November.

2016-11-25 13:25 - 2016-11-25 13:27 - 00000000 ___HD C:\Program Files\CanonBJ
2016-11-22 13:38 - 2016-11-22 13:38 - 00000000 ____D C:\ProgramData\FFinder LTD
2016-11-22 13:07 - 2016-11-22 13:15 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-11-19 15:34 - 2016-11-19 15:34 - 00000000 ____D C:\Users\Dave.HP-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech

And these were updated/changed:

2016-11-26 10:53 - 2015-01-20 16:36 - 00000000 ____D C:\Users\Dave.HP-PC\AppData\Local\Amazon Music
2016-11-22 10:54 - 2016-08-13 07:02 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-11-22 10:45 - 2015-10-27 09:01 - 00000000 ____D C:\Program Files (x86)\Flexible Retirement Planner



Usually you don't notice adware-popups directly after the installation, you have to restart computer and/or browsers first.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.Everyone else please begin a New Topic.Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this