Rising Unit

Pop Up Windows in browser

Recommended Posts

Hello, I have been getting pop up windows in my internet browser. Often times i will try to open something from an application, but instead of going to the page selected a different page will open. I have run AVG and adaware with no resolution. FRST files attached. Thank you for the help.

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites
12 minutes ago, Rising Unit said:

Hello, I have been getting pop up windows in my internet browser. Often times i will try to open something from an application, but instead of going to the page selected a different page will open. I have run AVG and adaware with no resolution. FRST files attached. Thank you for the help.

FRST.txt

Addition.txt

Hi @Rising Unit,

I suggest that you follow this topic to receive an email when I reply.

I can see that your internet connection uses a DNS server in Israel. Have you visited that country or is it a sign of an infection?
Have you any particular requirements on the DNS server from you internet service provider or can you use the automatic setting (most common)?

When did your problem with popups start?

 

Share this post


Link to post
Share on other sites

Hello, and thank you for your help. I have not been to Israel, so I assume that is a sign of infection. I have no particular requirements/can use automatic setting. To be honest problems started about 2 years ago. I had purchased a new laptop as this one is old anyways, but I have recently cleaned it up and have been updating everything so that I can give it to my brother to use. I am hoping this issue can be solved before giving it to him.

Share this post


Link to post
Share on other sites

Hi, and you're welcome, @Rising Unit.

Under those circumstances I recommend that you install Windows again since that would both remove any infections and all your private files and settings.

That explains why I can't see any rather new infected files.Please, start Notepad.
Copy all text that is in the box:

Quote

CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SecurityProviders: credssp.dll, AztoltuWxusx.dll
GroupPolicy: Restriction <==== ATTENTION
Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{30D27A2A-3593-45C6-BC83-2389E99CB97C}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{B740702B-4ACE-4DDA-A064-3BF6431DB166}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{DB4F9716-AB72-4021-A5C0-EC7E1C211538}: [NameServer] 82.163.143.176 82.163.142.178
URLSearchHook: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 - (No Name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: 58960918 [not found] <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-25] (Pando Networks)
CHR Extension: (Avira Browser Safety) - C:\Users\Afton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-17] (IObit)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2013-10-15 02:10 - 2014-08-30 00:43 - 000000000 ____D () C:\Users\Guest\AppData\Local\Temp\avgnt.exe
2017-11-28 20:02 - 2017-11-28 20:13 - 007649280 _____ () C:\Program Files (x86)\GUT8EE7.tmp
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)
Task: {04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} - \{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07} -> No File <==== ATTENTION
Task: {A99F733F-847A-455F-A525-5472E65DB756} - System32\Tasks\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => C:\Windows\system32\pcalua.exe -a C:\Users\Afton\AppData\Local\Temp\Temp1_Remote_WIN7_32_WIN7_64_5101.zip\SETUP.EXE <==== ATTENTION
Task: {AFF780CD-47B4-4F68-8575-3491B560DE74} - System32\Tasks\{471DCFC4-48A0-4ABF-811F-206A7767E068} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} - System32\Tasks\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -c /autorun
Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe"
Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe"
Task: {F82103C1-E4B1-4944-91FD-0ECF448A6D0D} - System32\Tasks\DNSPLUM => dnsplum.exe <==== ATTENTION
Task: {FC8E42FA-05B1-4127-8D18-2F5D75CBF416} - \{A4708731-C006-61AD-B842-5C03F61AA453} -> No File <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
Reboot:


and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

Edited by CeciliaB

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Afton (25-02-2018 12:56:50) Run:1
Running from C:\Users\Afton\Desktop
Loaded Profiles: Afton & UpdatusUser (Available Profiles: Afton & Mcx1-ASUS & UpdatusUser & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************


    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    SecurityProviders: credssp.dll, AztoltuWxusx.dll
    GroupPolicy: Restriction <==== ATTENTION
    Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File
    Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll => No File
    Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{30D27A2A-3593-45C6-BC83-2389E99CB97C}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{B740702B-4ACE-4DDA-A064-3BF6431DB166}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{DB4F9716-AB72-4021-A5C0-EC7E1C211538}: [NameServer] 82.163.143.176 82.163.142.178
    URLSearchHook: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 - (No Name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No File
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1486800303-1932691566-1282320748-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF ProfilePath: 58960918 [not found] <==== ATTENTION
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-25] (Pando Networks)
    CHR Extension: (Avira Browser Safety) - C:\Users\Afton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-17] (IObit)
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
    2013-10-15 02:10 - 2014-08-30 00:43 - 000000000 ____D () C:\Users\Guest\AppData\Local\Temp\avgnt.exe
    2017-11-28 20:02 - 2017-11-28 20:13 - 007649280 _____ () C:\Program Files (x86)\GUT8EE7.tmp
    Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)
    ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-11] (Lavasoft Limited)
    Task: {04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} - \{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07} -> No File <==== ATTENTION
    Task: {A99F733F-847A-455F-A525-5472E65DB756} - System32\Tasks\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => C:\Windows\system32\pcalua.exe -a C:\Users\Afton\AppData\Local\Temp\Temp1_Remote_WIN7_32_WIN7_64_5101.zip\SETUP.EXE <==== ATTENTION
    Task: {AFF780CD-47B4-4F68-8575-3491B560DE74} - System32\Tasks\{471DCFC4-48A0-4ABF-811F-206A7767E068} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
    Task: {B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} - System32\Tasks\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -c /autorun
    Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe"
    Task: {EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} - System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe"
    Task: {F82103C1-E4B1-4944-91FD-0ECF448A6D0D} - System32\Tasks\DNSPLUM => dnsplum.exe <==== ATTENTION
    Task: {FC8E42FA-05B1-4127-8D18-2F5D75CBF416} - \{A4708731-C006-61AD-B842-5C03F61AA453} -> No File <==== ATTENTION
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: netsh int ip reset c:\resetlog.txt
    Reboot:


*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
HKLM\System\CurrentControlSet\Control\SecurityProviders\\SecurityProviders => value restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30D27A2A-3593-45C6-BC83-2389E99CB97C}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B740702B-4ACE-4DDA-A064-3BF6431DB166}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB4F9716-AB72-4021-A5C0-EC7E1C211538}\\NameServer" => removed successfully
"HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86}" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => removed successfully
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => moved successfully
CHR Extension: (Avira Browser Safety) - C:\Users\Afton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully
"HKLM\System\CurrentControlSet\Services\LiveUpdateSvc" => removed successfully
LiveUpdateSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\avchv" => removed successfully
avchv => service removed successfully
"HKLM\System\CurrentControlSet\Services\Lbd" => removed successfully
Lbd => service removed successfully
"HKLM\System\CurrentControlSet\Services\SBRE" => removed successfully
SBRE => service removed successfully
"HKLM\System\CurrentControlSet\Services\VMnetAdapter" => removed successfully
VMnetAdapter => service removed successfully
"HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0" => removed successfully
WinRing0_1_2_0 => service removed successfully
C:\Users\Guest\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Program Files (x86)\GUT8EE7.tmp => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully
"HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}" => removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\LaunchSignup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A99F733F-847A-455F-A525-5472E65DB756} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99F733F-847A-455F-A525-5472E65DB756} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36588209-319C-43AF-A4F7-F3E7A8DA73E9} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF780CD-47B4-4F68-8575-3491B560DE74} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF780CD-47B4-4F68-8575-3491B560DE74} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{471DCFC4-48A0-4ABF-811F-206A7767E068} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471DCFC4-48A0-4ABF-811F-206A7767E068} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{821C54DD-DFFE-4407-A14F-7B877C746BB5} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8}" => removed successfully
"C:\Windows\System32\Tasks\{E5665AD1-3B53-4D20-984D-9B53F2458AFE}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\DNSPLUM => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSPLUM => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4708731-C006-61AD-B842-5C03F61AA453} => could not remove key. ErrorCode1: 0x00000002

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.


========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-02-2018 13:00:41)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CA2ED5-E5F6-4FAC-BDED-1E49962FB7B9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D57B3FB-0CA9-4F67-BCD8-0430D0452A42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B6D2C4C-DCC6-9BE7-E154-2E0E88A63C07}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A99F733F-847A-455F-A525-5472E65DB756}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99F733F-847A-455F-A525-5472E65DB756}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36588209-319C-43AF-A4F7-F3E7A8DA73E9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF780CD-47B4-4F68-8575-3491B560DE74}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF780CD-47B4-4F68-8575-3491B560DE74}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471DCFC4-48A0-4ABF-811F-206A7767E068}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B78AC23D-F2C9-4F4C-BB66-7DBA223BE6D2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{821C54DD-DFFE-4407-A14F-7B877C746BB5}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE730CA-D2F2-4A89-B7E4-BF285AE3C8F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5665AD1-3B53-4D20-984D-9B53F2458AFE} => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82103C1-E4B1-4944-91FD-0ECF448A6D0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSPLUM" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC8E42FA-05B1-4127-8D18-2F5D75CBF416}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4708731-C006-61AD-B842-5C03F61AA453}" => removed successfully

==== End of Fixlog 13:00:41 ====

Share this post


Link to post
Share on other sites

Do you have less popups in the browsers now?

Share this post


Link to post
Share on other sites

Good!

Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.
Click on I agree to agree to the EULA.

Click on the Scan button.
Wait until the search has finished.

Click on the Logfile button.
Go to the "Scan" tab and open the first logfile (it should be in blue) by double-clicking on it.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[S1].txt.

Share this post


Link to post
Share on other sites

# AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 28 03:22:35 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 02-27-2018.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Afton\AppData\Roaming\download Manager
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
Rogue.ForcedExtension, C:\ProgramData\apn
Rogue.ForcedExtension, C:\ProgramData\Application Data\apn
Rogue.ForcedExtension, C:\Users\All Users\apn
PUP.Optional.DriverSupport, C:\ProgramData\UAB
PUP.Adware.Heuristic, C:\Program Files (x86)\DNSPLUM
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-00c7-1
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-07c5-1
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-11f7-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-1f61-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-25e5-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-2805-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-2e23-1
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-3497-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-4443-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-45b5-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-5365-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-6141-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-6255-1
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-66d3-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-66f3-0
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-72d1-1
PUP.Adware.Heuristic, C:\ProgramData\035c42b8-74e5-1
PUP.Adware.Heuristic, C:\ProgramData\23c32d83-6717-1
PUP.Adware.Heuristic, C:\ProgramData\23c32d83-6a05-0
PUP.Adware.Heuristic, C:\ProgramData\{002b54e9-412c-1}
PUP.Adware.Heuristic, C:\ProgramData\{01a53d1c-312c-0}
PUP.Adware.Heuristic, C:\ProgramData\{03bc46f9-612c-0}
PUP.Adware.Heuristic, C:\ProgramData\{03c72e34-212c-1}
PUP.Adware.Heuristic, C:\ProgramData\{060f55ec-012c-1}
PUP.Adware.Heuristic, C:\ProgramData\{09b725a9-012c-0}
PUP.Adware.Heuristic, C:\ProgramData\{0a75d451-712c-1}
PUP.Adware.Heuristic, C:\ProgramData\{0d141b14-012c-0}
PUP.Adware.Heuristic, C:\ProgramData\{139e1bbe-012c-0}
PUP.Adware.Heuristic, C:\ProgramData\{157e7f19-212c-1}
PUP.Adware.Heuristic, C:\ProgramData\{16ea4226-612c-0}
PUP.Adware.Heuristic, C:\ProgramData\{426f1577-612c-0}


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\WebDiscoverBrowser
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\WebDiscoverBrowser
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\WebDiscoverBrowser
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\WebDiscoverBrowser
PUP.Optional.Legacy, [Key] - HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\YahooPartnerToolbar
PUP.Optional.Legacy, [Key] - HKCU\Software\YahooPartnerToolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Link64
PUP.Optional.Legacy, [Key] - HKCU\Software\Link64
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1007\Software\One System Care
PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1012\Software\One System Care
PUP.Optional.OneSystemCare, [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-501\Software\One System Care
PUP.Optional.Spoutly, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Adware.DNSUnlocker, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
PUP.Optional.CloudScout, [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
PUP.Optional.DNSUnlocker.ACMB2, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
PUP.Optional.DNSUnlocker, [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Share this post


Link to post
Share on other sites

Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Clean button, please.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, please copy its content and paste into your reply.
If the report isn't displayed, it exists as C:\AdwCleaner\AdwCleaner[C1].txt
 

Share this post


Link to post
Share on other sites

# AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 28 15:13:58 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Ultimate (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Afton\AppData\Roaming\download Manager
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\ProgramData\\UAB
Deleted: C:\Program Files (x86)\DNSPLUM
Deleted: C:\ProgramData\035c42b8-00c7-1
Deleted: C:\ProgramData\035c42b8-07c5-1
Deleted: C:\ProgramData\035c42b8-11f7-0
Deleted: C:\ProgramData\035c42b8-1f61-0
Deleted: C:\ProgramData\035c42b8-25e5-0
Deleted: C:\ProgramData\035c42b8-2805-0
Deleted: C:\ProgramData\035c42b8-2e23-1
Deleted: C:\ProgramData\035c42b8-3497-0
Deleted: C:\ProgramData\035c42b8-4443-0
Deleted: C:\ProgramData\035c42b8-45b5-0
Deleted: C:\ProgramData\035c42b8-5365-0
Deleted: C:\ProgramData\035c42b8-6141-0
Deleted: C:\ProgramData\035c42b8-6255-1
Deleted: C:\ProgramData\035c42b8-66d3-0
Deleted: C:\ProgramData\035c42b8-66f3-0
Deleted: C:\ProgramData\035c42b8-72d1-1
Deleted: C:\ProgramData\035c42b8-74e5-1
Deleted: C:\ProgramData\23c32d83-6717-1
Deleted: C:\ProgramData\23c32d83-6a05-0
Deleted: C:\ProgramData\{002b54e9-412c-1}
Deleted: C:\ProgramData\{01a53d1c-312c-0}
Deleted: C:\ProgramData\{03bc46f9-612c-0}
Deleted: C:\ProgramData\{03c72e34-212c-1}
Deleted: C:\ProgramData\{060f55ec-012c-1}
Deleted: C:\ProgramData\{09b725a9-012c-0}
Deleted: C:\ProgramData\{0a75d451-712c-1}
Deleted: C:\ProgramData\{0d141b14-012c-0}
Deleted: C:\ProgramData\{139e1bbe-012c-0}
Deleted: C:\ProgramData\{157e7f19-212c-1}
Deleted: C:\ProgramData\{16ea4226-612c-0}
Deleted: C:\ProgramData\{426f1577-612c-0}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\WebDiscoverBrowser
Deleted: [Key] - HKU\.DEFAULT\Software\WebDiscoverBrowser
Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\WebDiscoverBrowser
Deleted: [Key] - HKU\S-1-5-18\Software\WebDiscoverBrowser
Deleted: [Key] - HKCU\Software\WebDiscoverBrowser
Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\AppDataLow\Software\adawarebp
Deleted: [Key] - HKCU\Software\AppDataLow\Software\adawarebp
Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\YahooPartnerToolbar
Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1000\Software\Link64
Deleted: [Key] - HKCU\Software\Link64
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1007\Software\One System Care
Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-1012\Software\One System Care
Deleted: [Key] - HKU\S-1-5-21-1486800303-1932691566-1282320748-501\Software\One System Care
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted: [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted: [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [5334 B] - [2018/2/28 3:22:35]
C:/AdwCleaner/AdwCleaner[S1].txt - [5401 B] - [2018/2/28 15:13:25]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Share this post


Link to post
Share on other sites

That's great!

How to uninstall AdwCleaner and FRST, and purge System Restore points (since old ones contain the infection):
Please, save Delfix on the Desktop: http://www.bleepingcomputer.com/download/delfix/
Start the program.

Make sure that the following items are selected, and nothing else:
* Remove disinfection tools
* Create registry backup
* Purge system restore
* Reset System Settings

Click on the Run button.

Share this post


Link to post
Share on other sites

Done! Have yet to see popups, thanks again.

 

# DelFix v1.010 - Logfile created 03/03/2018 at 07:30:23
# Updated 26/04/2015 by Xplode
# Username : Afton - ASUS
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hijackthis
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\Users\Afton\Desktop\adwcleaner_7.0.8.0.exe
Deleted : C:\Users\Afton\Desktop\FRST64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now