Remove PUP application from DVD Drive (F:) CDROM

Page 2 of 14 FirstFirst 123412 ... LastLast

  1. jimbo45
    Posts : 11,247
    Windows / Linux : Arch Linux
       New #11

    myrnsterMash said:
    Hello, again:

    Here is the AdwCleaner log, (after deleting the .iso in my Downloads and the Recycle Bin.) I have to ask, if
     I am to "Clean" all of these items listed, because I am pretty sure it is all preexistent to this "holy.exe/.iso" crap. I have no problem in cleaning out unnecessary junk, especially if the pros outweigh the cons, significantly, or no cons associated with "cleaning." I fear it could affect programs using some of the same applications.

    To answer your question regarding the download format, it was not specified (yes, I know...stooopid). The link is labeled with the manual I wanted to open (i.e. 1964 Chevy SS), with no extension. I knew it before clicking on that link not to do it, but....... I am hoping by not furthering my stupidity in opening it saved me, but too early to tell, I am guessing. I am including the url for the download here:

    http://us1.springfile.org/how_to_rem...downloader.exe

    What do you know...an .exe file! Ugh... if I had seen this description I would never consider it. I went to my browsers downloads log (showing the shortened description), right clicked it, and given the option to report it. When I clicked it opened the Microsoft page showing the full url. There you have it. Thanks again sooooo much! Could you, please let me know anything you find out about this? Do not forget to tell me whether I should "Clean" what ADW Cleaner suggested. You are the Best!


    # AdwCleaner v5.201 - Logfile created 07/08/2016 at 22:49:55
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-08-07.1 [Server]
    # Operating system : Windows 10 Home (X86)
    # Username : MyrnaZ - MYRNAZ-HP
    # Running from : C:\Users\MyrnaZ\Downloads\adwcleaner_5.201.exe
    # Option : Scan
    # Support : ToolsLib - Forum: Ask for help or share your experience.

    ***** [ Services ] *****

    Service Found : YahooAUService

    ***** [ Folders ] *****

    Folder Found : C:\Users\Public\Documents\Speedbit
    Folder Found : C:\Program Files\DAP
    Folder Found : C:\Users\MyrnaZ\AppData\LocalLow\Yahoo!\Companion

    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
    Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
    Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
    Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\SpeedBit
    Key Found : HKCU\Software\Yahoo\Companion
    Key Found : HKCU\Software\Yahoo\YFriendsBar
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    Key Found : HKLM\SOFTWARE\SpeedBit
    Key Found : HKLM\SOFTWARE\Yahoo\Companion
    Key Found : HKU\.DEFAULT\Software\SpeedBit
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Softonic
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\SpeedBit
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Yahoo\Companion
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Yahoo\YFriendsBar
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\YahooPartnerToolbar
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\AppDataLow\Software\Yahoo\Companion
    Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2048041476-2006749296-819459500-1005\Software\SpeedBit
    Key Found : HKU\S-1-5-18\Software\SpeedBit
    Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
    Value Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
    Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\speedbit.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\speedbit.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\AZLyrics - Song Lyrics from A to Z

    ***** [ Web browsers ] *****

    [C:\Users\MyrnaZ\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\MyrnaZ\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

    *************************

    C:\AdwCleaner\AdwCleaner[S1].txt - [5410 bytes] - [07/08/2016 22:49:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5483 bytes] ##########
    Hi there

    I'll bet a load of that stuff doesn't mean a thing to anybody !!!! and whose to say it hasn't missed some !!!!.

    As always guys - next time TAKE A BACKUP before installing / upgrading ANYTHING -- with decent hardware it takes minutes to do and only minutes to restore and have a clean system again.

    I'll bet you've spent MORE time on this problem than a backup / restore would have taken !!!

    I've spelt out "AD NAUSEAM" on these boards how with FREE backup software (Macrium for example) why frequent backing up should be a matter of course for any computer user.

    Also don't unless you are 100% sure it's safe use any "3rd party installers", check the download is what you want -- websites deliberately confuse people with loads of green arrows etc so they download the wrong application, and READ any popups so you don't accept toolbars, search engines etc etc.

    I would suggest clean install

    I don't like using "Virus removal stuff" on an infected computer --not because the removal program isn't OK it's just the principle.

    After all would you DELIBERATELY take off in a defective plane and repair it while it's in the air. !!!

    That's essentially what you are doing --the OS is broken (infected with malware) and it's equivalent to the engine / electronics in a plane !! so why risk it.

    Hopefully you will have learned the hard way --we've all had painful lessons in the past so don't feel too bad - that regular backing up of your computer is a task you need to do often. (Of course it goes without saying backup should be clean !!).

    Cheers
    jimbo
      My Computer
    Quote Quote

  3. Slartybart
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       New #12

    myrnsterMash said:
    Here is the AdwCleaner log, (after deleting the .iso in my Downloads and the Recycle Bin.) I have to ask, if
     I am to "Clean" all of these items listed, because I am pretty sure it is all preexistent to this "holy.exe/.iso" crap. I have no problem in cleaning out unnecessary junk, especially if the pros outweigh the cons, significantly, or no cons associated with "cleaning." I fear it could affect programs using some of the same applications.
    .....
    I trust Adwcleaner enough to clean everything it reports. That being said, I don't know what DAP and Speedbit are, so you'll have to decide if they are legit on your machine.

    As with any malware remediation, some things MUST go - if real programs have been infected, then you'll need to reinstall them. I also recommend running DISM cleanup and SFC after all utilities have done their job.

    There are two other on-demand scanners that you also might want to run (I usually suggest about 8 scanners).
    After you run the ones mentioned,

    1. Junkware Removal Tool


    2. Hitman Pro (30 day trial - no purchase required)
      Direct download (x64)
      Hitman FAQS (PDF)
      Hitman manual (PDF)



    To answer your question more directly - yes, clean the buggers
      My Computer
    Quote Quote

  4. simrick
    Posts : 16,325
    W10Prox64
       New #13

    Avira flags that download link as malware.
    https://www.virustotal.com/en/url/bb...is/1470670529/

    Everything ADWCleaner found should be removed. Speedbit is not necessary. Yahoo toolbar is not necessary. If you really must have that, then reinstall it after we are finished cleaning. Same for the rest of it.
    You have a questionable extension in your Chrome browser - could be a redirector. Junkware Removal Tool will clean all your browsers.

    I don't think you are anywhere near the point of a clean install, but I do think you need some work on the system. All the "junk" leaves you vulnerable.

    When all is said and done, an ESET Online Scan will confirm the system is clean, but that's the final step. Please follow @Slartybart's recommendations first.
    Thanks.


    EDIT: DAP Download Accelerator Plus shows that it tries to get you to download a registry cleaning program. Many people have trouble getting rid of it. These things do more harm than good. The only registry cleaner I would ever use is Ccleaner.
      My Computer
    Quote Quote

  6. myrnsterMash
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter
       New #14

    Hi Jimbo,

    I appreciate your frustration, and totally get it. It is all about using common sense, of which a more appropriate term of uncommon sense would fit the majority in almost anything. In all of my years, now exceeding half of my life, since the Internet became public (think about it), have I ever went against my better judgement in exposing any of my computers to the slew of losers who have nothing else in life, but to impress only them by committing cowardly crimes. The best part is the anonymity...Ha!

    I want to restate the items (the majority) listed in the ADW Cleaner log are preexistent to this asinine predicament. in other words, to make a long story longer...
    I have not used Yahoo! in years, I do not use Chrome, because I do not like it and uninstalled it (but apparently, both still have its clutches embedded). I will spare you itemizing a description for the rest, but I think you know where I was going with it. What I want to know is...are those items ADW Cleaner referenced all infections of one type or another?

    I am trying to separate the too late should haves from the what I should do now. You suggest a clean install, meaning what, exactly? Please, tell me you are not suggesting starting from ground zero. The thought makes me shudder. I have not noticed anything, as of yet in performance, speed, or the like, yet. Can you give me an idea of what to expect, or tell-tale signs of impending doom?
      My Computer
    Quote Quote

  7. myrnsterMash
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter
       New #15

    The results of Junkware Removal:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 10 Home x86
    Ran by MyrnaZ (Administrator) on Mon 08/08/2016 at 11:06:30.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    File System: 8

    Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
    Successfully deleted: C:\Users\MyrnaZ\AppData\Roaming\Mozilla\Firefox\Profiles\swc237wp.default-1431645510788\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome\content\reminderfox\searchbar\rmSearch.xml (File)
    Successfully deleted: C:\Users\MyrnaZ\AppData\Roaming\Mozilla\Firefox\Profiles\swc237wp.default-1431645510788\extensions\staged (Folder)
    Successfully deleted: C:\Users\MyrnaZ\Documents\add-in express (Folder)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)
    Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_F3B2E431-CB7868A8.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARUSER_32.EXE-4E14BB2A.pf (File)



    Registry: 8

    Successfully deleted: HKLM\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh (Registry Key)
    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A528727A-EE60-4373-BE61-E09B7553A601} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B108B3CA-E254-4A4A-98F7-02ECD969B1EF} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FA640EF7-4E43-420C-BF32-A8D56291F7EE} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{6dfc55bb-bfff-485a-9709-90c3fdf6db58} (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 08/08/2016 at 11:14:30.04
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Last edited by myrnsterMash; 08 Aug 2016 at 13:26. Reason: Additional info
      My Computer
    Quote Quote

  8. jimbo45
    Posts : 11,247
    Windows / Linux : Arch Linux
       New #16

    Hi there

    That's exactly what I am suggesting -- might take a while but in the long run you will be much better off --wipe HDD and just install again FROM SCRATCH. Windows 1607 (Anniversary edition) will have the latest fixes in it and on the whole works fine and you won't have to do anything extra to re-activate it if your Windows system is already activated.

    Then TAKE YOUR BACKUPS so you don't get into this trap again.

    There's a whole slew of posts saying this or that Malware removal program is fine --but I don't think people have understood what I have essentially been trying to say -- Would you deliberately use a defective computer to repair itself --same as my idea that if you were a Pilot would you deliberately fly a defective plane and attempt to repair it while in the air.

    I'm not saying that A/V software is useless -- just the whole idea of "cleansing" an infected machine from THE SAME machine just to me seems BONKERS.

    If you can use a CLEAN machine to cleanse the infected machine --that's another issue which might well work but running the software ON the infected machine --no thanks.

    Anyway have your OS and programs always in their own partition and your data etc on other ones - makes it easier for backup etc.

    I really think you would be better off biting the bullet, installing CLEAN the Windows 1607 upgrade (download Media creation Tool from Ms --it can create USB bootable media too -- or use Rufus to create from created ISO).

    A bit of time spent here would save you HOURS in the future if you get stuck again, Note that as your old W10 is already activated you won't have problems with a clean install.

    If you think anniversary update (Build 1607) is too new then previous build 1511 is nice and stable and works fine too. You can then upgrade that later.

    Finally take regular CLEAN backups once it's all fixed. Plenty of good backup programs out there -- a very popular and good one used by loads of people on these forums is FREE MACRIUM.

    Cheers
    jimbo
      My Computer
    Quote Quote

  9. simrick
    Posts : 16,325
    W10Prox64
       New #17

    With all due respect to Jimbo45, having been cleaning infections for decades, I have to say, what I am seeing on your machine does not warrant a clean install. I will go through your ADWCleaner log below.

    # AdwCleaner v5.201 - Logfile created 07/08/2016 at 22:49:55
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-08-07.1 [Server]
    # Operating system : Windows 10 Home (X86)
    # Username : MyrnaZ - MYRNAZ-HP
    # Running from : C:\Users\MyrnaZ\Downloads\adwcleaner_5.201.exe
    # Option : Scan
    # Support : ToolsLib - Forum: Ask for help or share your experience.

    ***** [ Services ] *****

    Service Found : YahooAUService
    Yahoo Auto-Update service ( pertaining to the tooolbar)

    ***** [ Folders ] *****

    Folder Found : C:\Users\Public\Documents\Speedbit
    Download Manager/Video Accelerator
    Folder Found : C:\Program Files\DAP
    Download Accelerator
    Folder Found : C:\Users\MyrnaZ\AppData\LocalLow\Yahoo!\Companion
    Leftover Yahoo junk
    ***** [ Files ] *****

    ***** [ DLL ] *****

    ***** [ WMI ] *****

    ***** [ Shortcuts ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
    Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
    Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
    Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\SpeedBit
    Key Found : HKCU\Software\Yahoo\Companion
    Key Found : HKCU\Software\Yahoo\YFriendsBar
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    Key Found : HKLM\SOFTWARE\SpeedBit
    Key Found : HKLM\SOFTWARE\Yahoo\Companion
    Key Found : HKU\.DEFAULT\Software\SpeedBit
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Softonic
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\SpeedBit
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Yahoo\Companion
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Yahoo\YFriendsBar
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\YahooPartnerToolbar
    Key Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\AppDataLow\Software\Yahoo\Companion
    Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2048041476-2006749296-819459500-1005\Software\SpeedBit
    Key Found : HKU\S-1-5-18\Software\SpeedBit
    Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
    Value Found : HKU\S-1-5-21-2048041476-2006749296-819459500-1005\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
    Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\speedbit.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\speedbit.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\AZLyrics - Song Lyrics from A to Z
    Broken Keys and leftovers from one leftover Google Chrome extension, Yahoo Toolbar/Companion and other BHOs (Browser Helper Objects) like SearchScopes, Softonic, Speedbit, DOM. There are NO ACTIVE DLLs, WMIs, or Scheduled tasks listed for removal, therefore no active threats!
    ***** [ Web browsers ] *****

    [C:\Users\MyrnaZ\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\MyrnaZ\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
    These Search functions just happen to exist in the browser and should be removed, whether they have been or are being used is of no consequence. They exist (or, existed) in the browser, therefore they should go.
    *************************

    C:\AdwCleaner\AdwCleaner[S1].txt - [5410 bytes] - [07/08/2016 22:49:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5483 bytes] ##########

    So, as you can see, there are no active malware threats in this logfile, nor the RKILL log. Sorry Jimbo45, but people don't need to go clean installing at the drop of every hat. It is important to determine what the infection is you are dealing with, in order to determine how to proceed. Some infections steal information. In that case, you would be advised to change all passwords from a known clean computer. That is not the case here. Some infections employ rootkit technology, even surviving a format. That is not the case here. I can not recommend a clean install for a bunch of toolbar leftovers, search BHO leftovers and residual broken registry keys. It just doesn't make sense. If the OP were to post these logs in a reputable malware-cleaning forum, the suggestion to clean install would simply never be made.

    I'm betting that the OP stopped this before it had a chance to infect.
      My Computer
    Quote Quote

  10. simrick
    Posts : 16,325
    W10Prox64
       New #18

    To address the JRT log:

    The results of Junkware Removal:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 10 Home x86
    Ran by MyrnaZ (Administrator) on Mon 08/08/2016 at 11:06:30.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    File System: 8

    Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
    Successfully deleted: C:\Users\MyrnaZ\AppData\Roaming\Mozilla\Firefox\Profiles\swc237wp.default-1431645510788\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome\content\reminderfox\searchbar\rmSearch.xml (File)
    Successfully deleted: C:\Users\MyrnaZ\AppData\Roaming\Mozilla\Firefox\Profiles\swc237wp.default-1431645510788\extensions\staged (Folder)
    Successfully deleted: C:\Users\MyrnaZ\Documents\add-in express (Folder)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)
    Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_F3B2E431-CB7868A8.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARUSER_32.EXE-4E14BB2A.pf (File)

    These are all from extensions used in Firefox Browser/Google Toolbar.

    Registry: 8

    Successfully deleted: HKLM\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh (Registry Key)
    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A528727A-EE60-4373-BE61-E09B7553A601} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B108B3CA-E254-4A4A-98F7-02ECD969B1EF} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FA640EF7-4E43-420C-BF32-A8D56291F7EE} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{6dfc55bb-bfff-485a-9709-90c3fdf6db58} (Registry Value)

    Again. more leftovers from BHOs.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 08/08/2016 at 11:14:30.04
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Nothing out of the ordinary here.
      My Computer
    Quote Quote

  12. myrnsterMash
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter
       New #19

    Thank you Jimbo,

    I feel like I am treading water in quicksand.
      My Computer
    Quote Quote

  13. jimbo45
    Posts : 11,247
    Windows / Linux : Arch Linux
       New #20

    myrnsterMash said:
    Thank you Jimbo,

    I feel like I am treading water in quicksand.
    Hi there

    I'm afraid here then you are on your own

    What I can say in general is the more "Geeky" ones or I.T professionals would probably go for using a professional Virus cleansing program --they don't have time to perhaps re-install windows on loads of PC's - however at an INDIVIDUAL level my advice still stands -- as I said if you were a Pilot would you deliberately take a defective plane up in the air and then try and repair it.

    Another issue to all those running Malware removal software -- how long are you spending on analysis and running the removal.

    With an SSD I can restore my entire Windows system in about 7 to 9 mins --probably in LESS time than it takes you guys to printout and analyse the logs !!!!.

    You'll have to make your own decision as to what to do -- I've been using computers for nearly 40 years and usually avoid what I.T depts. say as they have different agendas to fulfil.

    IMO an 8 min restore to a clean system is far better than analysis of registry entries that very few people would have a clue as to what they mean and can these guys also say that the job is 100% done.

    (Note --not dising AV software -- just saying I don't believe in AV removal if you do get infected ever works 100% effectively - and is it worth risking when an 8 min restore guarantees 100% OK clean system !!!!)


    Remove PUP application from DVD Drive (F:) CDROM-macrium1.png

    Cheers
    jimbo
      My Computer
    Quote Quote

 

  Related Discussions
I have an older computer, and have had trouble getting working SATA controller drivers for it, so I have had to revert the Marvell SATA/RAID driver back to Standard SATA AHCI Controller driver. Doing this has fixed my problems mostly, but now my...
Hi, I did this on my previous laptop after upgrading to Windows 10 but can't seem to figure out how to do it on my new computer (also a Lenovo laptop, same line). I want to get rid of the Quick Acccess Toolbar completely (not the favorites folder...
Part 2: Remove PUP application from DVD Drive (F:) CDROM
in AntiVirus, Firewalls and System Security

Unfortunately, I am back again after a couple months (I think), since tormenting Slartybart and Simrick with my Trojan removal nightmare. Perhaps, I should post on that thread, (for something to reference), but it is a lot to gloss over. Here is the...
As the topic sad how can I remove recent use application like this ? :( http://i.imgur.com/QxSBzLY.jpg
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 15:04.
Find Us




Windows 10 Forums