Jump to content

Recommended Posts

Posted this under user to user but have heard nothing so will try here -

 

OK - I have BitDefender and have some 230+ days left on present contract.  They have not been any help with this problem.

 

Several weeks ago I started to get a redirect when I opened a web site and then clicked on something that would take me to a different part of that site - would get this even on my bank web site when I clicked on the signin button.  Yesterday, used my laptop several times during the day and then shut down.  Later last night I turned it on and it came up as per normal but MS edge would not come up when I clicked on the icon.  Firefox and other icons worked as normal.

 

Went to close laptop down and when I clicked on the little MS window icon  in the lower left corner nothing happened.  Tried several times.  Rt clicked on it and it brought up a different menu and shut the laptop down.

 

This morning I turned the laptop on and nothing - just a dark screen.  Shut down and tried again, several times.  Sometimes the dark screen and sometimes the "Acer" logo comes up as per normal, the little wheel spins and then goes to dark screen.  I can hear the fan until the screen goes dark.

 

Long story short, plugged charger in to make sure it was not a batt problem and tried maybe 12 times total with same result.  Took the laptop to a computer shop and - you guessed it - it powered right up as per normal.  Guy check a few things, said both SSD and HD were good but I had some malware/virus on machine.

 

So my question - will PC pitstop solve my problems?  Will it replace my BitDefender?  If so, what program of Pitstop do I need?

 

Tks for the help - jb

Share this post


Link to post
Share on other sites

Hi;

I moved your original post to the AV forum so I'll delete it as you have posted this as well. Be patient for a response; all our AV techs are volunteers (like us moderators)and fit this is around our real jobs and lives!! and these are not the only forums we all help out on.

Share this post


Link to post
Share on other sites

Hi jeb1

 

Lets see if we can get the machine to download and run a couple of tools.

 

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

 

************************************************************************************

 

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here

  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
  • After the installation IS complete let it update if it asks.
  • Under SETTINGS.....APPLICATIONS leave everything at default
  • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
  • Then go to the Dashboard and click on SCAN NOW
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
  • Then click on POST
  • Exit Malwarebytes


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

 

Share this post


Link to post
Share on other sites

Did not realize Nigsy had replied to this post so just answered him in the user to user part as follows -

 

"Nigsy, I sent my email to  PC PitStop support and received a reply that included a link to "Adware Removal Tool"  Ran it and it came up with 5 files - all "pokki".  I followed their way to delete the files and then wanted to ask a question as to why my local computer shop said I had several mal/virus but their program only found "pokki".  The link to ask a question sent me to TechSupportAll site and as I was trying to registering I was redirected twice so the Adware Removal didn't fix some  things.

 

I have yet been able to get an answer from PC PitStop as to if it will clean my laptop and does it replace my BitDefender anti-virus.

 

Appreciate any help you can give. - jb"

 

Juliet, I will follow what you have posted and post results.  Tks - jb

Share this post


Link to post
Share on other sites

Juliet, here are the 3 reports from the AdwCleaner -

 

1 -

# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-02-2018
# Duration: 00:00:21
# OS:       Windows 10 Home
# Cleaned:  43
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Public\Pokki
Deleted       C:\Users\PCPitstopSVC\AppData\Local\Pokki
Deleted       C:\ProgramData\Auslogics\BoostSpeed
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\BoostSpeed
Deleted       C:\Program Files (x86)\Auslogics\BoostSpeed
Deleted       C:\Windows\System32\Tasks\Auslogics\BoostSpeed

***** [ Files ] *****

Deleted       C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
Deleted       C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
Deleted       C:\Users\jbrow_000\Favorites\Booking.com.url
Deleted       C:\Users\PCPitstopSVC\Favorites\Booking.com.url
Deleted       C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
Deleted       HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
Deleted       HKLM\Software\Wow6432Node\Auslogics\BoostSpeed
Deleted       HKLM\Software\Wow6432Node\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}
Deleted       HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8571F8E-5A4C-48FA-8E80-50BFF9BF57ED}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8571F8E-5A4C-48FA-8E80-50BFF9BF57ED}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Scan and Repair
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
Deleted       HKLM\Software\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted       HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Deleted       HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

Deleted       Search-Encrypt
Deleted       Classifieds

***** [ Firefox URLs ] *****

Not Deleted   search.searchinfast.com


*************************

[+] remove_folder_Auslogics
[+] remove_folder_Auslogics(2)
[+] remove_folder_Auslogics(3)
[+] remove_folder_Auslogics(4)
[+] remove_regKey_Auslogics
[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6122 octets] - [02/11/2018 13:11:48]
AdwCleaner[S01].txt - [6183 octets] - [02/11/2018 13:13:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

 

2 -

# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-02-2018
# Duration: 00:00:28
# OS:       Windows 10 Home
# Scanned:  32026
# Detected: 44


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.pokki                    C:\Users\Public\Pokki
Adware.pokki                    C:\Users\PCPitstopSVC\AppData\Local\Pokki
PUP.Optional.AuslogicsBoostSpeed C:\ProgramData\Auslogics\BoostSpeed
PUP.Optional.AuslogicsBoostSpeed C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\BoostSpeed
PUP.Optional.AuslogicsBoostSpeed C:\Program Files (x86)\Auslogics\BoostSpeed
PUP.Optional.AuslogicsBoostSpeed C:\Windows\System32\Tasks\Auslogics\BoostSpeed

***** [ Files ] *****

PUP.Optional.Booking            C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Users\jbrow_000\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Users\PCPitstopSVC\Favorites\Booking.com.url
PUP.Optional.Reimage            C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Amazon1Button      HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\Auslogics\BoostSpeed
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8571F8E-5A4C-48FA-8E80-50BFF9BF57ED}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8571F8E-5A4C-48FA-8E80-50BFF9BF57ED}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Scan and Repair
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL

***** [ Firefox (and derivatives) ] *****

PUP.Optional.SearchEncrypt      Search-Encrypt
PUP.Optional.Spigot             Classifieds

***** [ Firefox URLs ] *****

PUP.Optional.Legacy             search.searchinfast.com

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

And 3 -

# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-02-2018
# Duration: 00:00:25
# OS:       Windows 10 Home
# Scanned:  32026
# Detected: 44


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.pokki                    C:\Users\Public\Pokki
Adware.pokki                    C:\Users\PCPitstopSVC\AppData\Local\Pokki
PUP.Optional.AuslogicsBoostSpeed C:\ProgramData\Auslogics\BoostSpeed
PUP.Optional.AuslogicsBoostSpeed C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\BoostSpeed
PUP.Optional.AuslogicsBoostSpeed C:\Program Files (x86)\Auslogics\BoostSpeed
PUP.Optional.AuslogicsBoostSpeed C:\Windows\System32\Tasks\Auslogics\BoostSpeed

***** [ Files ] *****

PUP.Optional.Booking            C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Users\jbrow_000\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Users\PCPitstopSVC\Favorites\Booking.com.url
PUP.Optional.Reimage            C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Amazon1Button      HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\Auslogics\BoostSpeed
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8571F8E-5A4C-48FA-8E80-50BFF9BF57ED}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8571F8E-5A4C-48FA-8E80-50BFF9BF57ED}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Scan and Repair
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL

***** [ Firefox (and derivatives) ] *****

PUP.Optional.SearchEncrypt      Search-Encrypt
PUP.Optional.Spigot             Classifieds

***** [ Firefox URLs ] *****

PUP.Optional.Legacy             search.searchinfast.com


AdwCleaner[S00].txt - [6122 octets] - [02/11/2018 13:11:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 

Share this post


Link to post
Share on other sites

Juliet, here is the Malwarebytes log -

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/2/18
Scan Time: 1:29 PM
Log File: e5a4d864-dec4-11e8-a2f6-3065ec6fac43.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7659
License: Trial

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: JIM\jbrow_000

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 333922
Threats Detected: 24
Threats Quarantined: 24
Time Elapsed: 4 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\WOW6432NODE\AUSLOGICS\stub_installer_boost-speed, Quarantined, [3596], [464145],1.0.7659
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE89B230-A28D-4E6A-8ADC-652740A92353}, Quarantined, [3596], [383082],1.0.7659
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AUSLOGICS\BoostSpeed, Quarantined, [3596], [383076],1.0.7659

Registry Value: 3
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE89B230-A28D-4E6A-8ADC-652740A92353}|PATH, Quarantined, [3596], [383082],1.0.7659
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [2755], [-1],0.0.0
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [2755], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Quarantined, [2755], [464595],1.0.7659
PUP.Optional.SearchEncrypt, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\BROWSER-EXTENSION-DATA\@SEARCH-ENCRYPT, Quarantined, [1698], [506346],1.0.7659
PUP.Optional.AdvertisingExt, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\BROWSER-EXTENSION-DATA\{D6F11F95-A27B-47CD-BBCF-A9B5F2DD2A36}, Quarantined, [1714], [524756],1.0.7659
PUP.Optional.PolarityTech.Generic, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\BROWSER-EXTENSION-DATA\WEB@CLASSIFIEDS, Quarantined, [1709], [508613],1.0.7659
PUP.Optional.PolarityTech.Generic, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\BROWSER-EXTENSION-DATA\WEB@PACKAGES, Quarantined, [1709], [508613],1.0.7659

File: 13
PUP.Optional.PolarityTech.Generic, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\EXTENSIONS\WEB@PACKAGES.XPI, Quarantined, [1709], [508623],1.0.7659
PUP.Optional.AdvertisingExt, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\EXTENSIONS\{D6F11F95-A27B-47CD-BBCF-A9B5F2DD2A36}.XPI, Quarantined, [1714], [524769],1.0.7659
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe, Quarantined, [2755], [464595],1.0.7659
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonUpdater.exe, Quarantined, [2755], [464595],1.0.7659
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll, Quarantined, [2755], [464595],1.0.7659
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\InstallAction.exe, Quarantined, [2755], [464595],1.0.7659
PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\Amazon.lnk, Quarantined, [2755], [464595],1.0.7659
PUP.Optional.SearchEncrypt, C:\Users\jbrow_000\AppData\Roaming\Mozilla\Firefox\Profiles\65jeqecv.default\browser-extension-data\@search-encrypt\storage.js, Quarantined, [1698], [506346],1.0.7659
PUP.Optional.AdvertisingExt, C:\Users\jbrow_000\AppData\Roaming\Mozilla\Firefox\Profiles\65jeqecv.default\browser-extension-data\{d6f11f95-a27b-47cd-bbcf-a9b5f2dd2a36}\storage.js, Quarantined, [1714], [524756],1.0.7659
PUP.Optional.Spigot.Generic, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\PREFS.JS, Replaced, [223], [361538],1.0.7659
Rootkit.Fileless.MTGen, C:\USERS\JBROW_000\APPDATA\LOCAL\CC223\632DE.BAT, Delete-on-Reboot, [6414], [327457],1.0.7659
PUP.Optional.PolarityTech.Generic, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\BROWSER-EXTENSION-DATA\WEB@CLASSIFIEDS\STORAGE.JS, Quarantined, [1709], [508613],1.0.7659
PUP.Optional.PolarityTech.Generic, C:\USERS\JBROW_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\65JEQECV.DEFAULT\BROWSER-EXTENSION-DATA\WEB@PACKAGES\STORAGE.JS, Quarantined, [1709], [508613],1.0.7659

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Share this post


Link to post
Share on other sites

Are you seeing better computer performance?

 

Did you allow MalwareBytes to delete what it found?

Edited by Juliet
typo

Share this post


Link to post
Share on other sites

I think it quarantined the files - will run again to make sure but I think I then deleted them.

 

Tks for the help - I appreciate it. - jb

Share this post


Link to post
Share on other sites

It probably did,  didn't see the extension it had been quarantined.

 

Computer better?

Share this post


Link to post
Share on other sites

So far seems better - no redirects so far.  Tks for everything.

 

Now, should I get PC Matic and does it replace my BitDefender?

Share this post


Link to post
Share on other sites

I'll have to get one of the tech guys to step in and answer that,  I mainly do malware removal.

Share this post


Link to post
Share on other sites
On 11/2/2018 at 6:48 PM, jeb1 said:

So far seems better - no redirects so far.  Tks for everything.

 

Now, should I get PC Matic and does it replace my BitDefender?

 

Check my reply to your Google search thread...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×