mystery message cant track it down Solved

Page 1 of 3 123 LastLast
  1.    #1

    mystery message cant track it down


    can someone help please

    Attachment 197110
      My ComputerSystem Spec

  2.    #2

    Please repost with more information, including whether the message occurs once during startup or pops up repeatedly.

    Ben
      My ComputerSystem Spec

  3.    #3

    Sorry

    I should have said, it only comes up once only after a restart, after approx 5-10 seconds......

    thanks
      My ComputerSystem Spec

  4. Bree's Avatar
    Posts : 11,959
    10 Home x64 (1903) (10 Pro on 2nd pc)
       #4

    strange randomly named folders and executables are often a sign of malware, especially when hidden in AppData (so it's probably a good thing that Windows cannot find it). This isn't really the right forum to deal with that. Perhaps the Mods could move it somewhere more appropriate (General Support?) where @simrick may pick it up.
      My ComputersSystem Spec


  5. Posts : 26,422
    windows 10 professional version 1607 build 14393.969 64 bit
       #5

    Please run the BETA log collector and post a zip into this thread.
    See the bottom of this webpage:
    BSOD - Posting Instructions - Windows 10 Forums
    (extract > open)

    Use the text and images in this link in case there are any problems running the BETA log collector: (post #5)
    DM Log tool problem Solved - Windows 10 Forums
      My ComputerSystem Spec

  6.    #6

    Press the Windows and "R" key simultaneously, type "taskmgr" into the "Run" box and click "OK". When task manager starts, click on the "Startup" tab and look for "etrvdruu.exe". If you find it, right-click it and select "Disable".

    Ben
      My ComputerSystem Spec


  7.    #7

    reddwarf4ever said: View Post
    can someone help please

    Attachment 197110
    Bree said: View Post
    strange randomly named folders and executables are often a sign of malware, especially when hidden in AppData (so it's probably a good thing that Windows cannot find it). This isn't really the right forum to deal with that. Perhaps the Mods could move it somewhere more appropriate (General Support?) where @simrick may pick it up.
    I have to agree with Bree on this one - appears to be some sort of randomly-named executable probably resulting from an infection, and partial infection, or a partially-cleaned infection.

    Can you run ADWCleaner and post the logs for us please?
    Downloads - AdwCleaner - ToolsLib

    The Log Manager is used to give an easy access to all previous logs, including the debug one (which is only shown if the Debug mode is On).

    Log files are stored in C:\AdwCleaner\ and the naming format is as follow:


    • Scan: AdwCleaner[Sxxx].txt
    • Clean: AdwCleaner[Cxxx].txt
    • Debug: AdwCleaner_Debug.log

    xxx is starting from 0.
      My ComputerSystem Spec

  8.    #8

    Code:
    adwcleaner log
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.2.0
    # -------------------------------
    # Build:    07-17-2018
    # Database: 2018-07-25.1
    # Support:  Customer Support & Help Center | Malwarebytes
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start:    07-27-2018
    # Duration: 00:02:24
    # OS:       Windows 10 Pro
    # Scanned:  41737
    # Detected: 3
    
    
    ***** [ Services ] *****
    
    No malicious services found.
    
    ***** [ Folders ] *****
    
    PUP.Optional.Legacy             C:\ProgramData\BSD\DriverHiveEngine
    
    ***** [ Files ] *****
    
    No malicious files found.
    
    ***** [ DLL ] *****
    
    No malicious DLLs found.
    
    ***** [ WMI ] *****
    
    No malicious WMI found.
    
    ***** [ Shortcuts ] *****
    
    No malicious shortcuts found.
    
    ***** [ Tasks ] *****
    
    No malicious tasks found.
    
    ***** [ Registry ] *****
    
    PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local  Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet  Explorer\DOMStorage\spybot-search-destroy.en.softonic.com
    PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local  Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet  Explorer\EdpDomStorage\spybot-search-destroy.en.softonic.com
    
    ***** [ Chromium (and derivatives) ] *****
    
    No malicious Chromium entries found.
    
    ***** [ Chromium URLs ] *****
    
    No malicious Chromium URLs found.
    
    ***** [ Firefox (and derivatives) ] *****
    
    No malicious Firefox entries found.
    
    ***** [ Firefox URLs ] *****
    
    No malicious Firefox URLs found.
    
    
    AdwCleaner[S00].txt - [29949 octets] - [26/07/2018 20:04:15]
    AdwCleaner[C00].txt - [26186 octets] - [26/07/2018 20:04:57]
    
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
    Code:
    # AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 12:37:05 2018
    # Updated on 2018/08/02 by Malwarebytes 
    # Running on Windows 10 Pro (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support
    
    ***** [ Services ] *****
    
    Deleted: c42bb2da869e225c7de8b81fad0d0a1e
    
    
    ***** [ Folders ] *****
    
    Deleted: C:\ProgramData\BSD\DriverHive
    Deleted: C:\Users\All Users\BSD\DriverHive
    Deleted: C:\Windows\System32\\SSL
    Deleted: C:\Windows\SysWOW64\\SSL
    Deleted: C:\Users\keith\AppData\Roaming\vghd
    Deleted: C:\ProgramData\BSD\DriverHiveEngine
    Deleted: C:\Users\All Users\BSD\DriverHiveEngine
    Deleted: C:\Users\keith\Documents\TotalAV
    Deleted: C:\Users\keith\AppData\Local\AdService
    Deleted: C:\Users\keith\AppData\Roaming\SystemHealer
    Deleted: C:\Users\keith\AppData\Roaming\WidModule
    Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    Deleted: C:\ProgramData\Auslogics
    Deleted: C:\Program Files (x86)\Auslogics
    Deleted: C:\Users\All Users\Auslogics
    
    
    ***** [ Files ] *****
    
    No malicious files deleted.
    
    ***** [ DLL ] *****
    
    No malicious DLLs cleaned.
    
    ***** [ WMI ] *****
    
    No malicious WMI cleaned.
    
    ***** [ Shortcuts ] *****
    
    No malicious shortcuts cleaned.
    
    ***** [ Tasks ] *****
    
    No malicious tasks deleted.
    
    ***** [ Registry ] *****
    
    Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\Companion
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\AppDataLow\Software\Yahoo\Companion
    Deleted: [Key] - HKCU\Software\Yahoo\Companion
    Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\YFriendsBar
    Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\DC3_FEXEC
    Deleted: [Key] - HKCU\Software\DC3_FEXEC
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\C84E
    Deleted: [Key] - HKCU\Software\C84E
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget
    Deleted: [Key] - HKLM\SOFTWARE\BSD
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
    Deleted: [Key] - HKCU\Software\BSD
    Deleted: [Key] - HKLM\SOFTWARE\BSD
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
    Deleted: [Key] - HKCU\Software\BSD
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Genius
    Deleted: [Key] - HKCU\Software\Genius
    Deleted: [Key] - HKLM\SOFTWARE\Auslogics
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\SetupCompany
    Deleted: [Key] - HKCU\Software\SetupCompany
    Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted: [Key] - HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    
    
    ***** [ Firefox (and derivatives) ] *****
    
    No malicious Firefox entries deleted.
    
    ***** [ Chromium (and derivatives) ] *****
    
    No malicious Chromium entries deleted.
    
    *************************
    
    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0
    
    
    
    *************************
    
    C:/AdwCleaner/AdwCleaner[S0].txt - [4492 B] - [2018/3/8 12:36:45]
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
    Code:
    # AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 12:36:45 2018
    # Updated on 2018/08/02 by Malwarebytes 
    # Database: 2018-03-07.2
    # Running on Windows 10 Pro (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support
    
    ***** [ Services ] *****
    
    PUP.Adware.Heuristic, c42bb2da869e225c7de8b81fad0d0a1e
    
    
    ***** [ Folders ] *****
    
    PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHive
    PUP.Optional.TweakBit, C:\Users\All Users\BSD\DriverHive
    PUP.Optional.Legacy, C:\Windows\System32\SSL
    PUP.Optional.Legacy, C:\Windows\SysWOW64\SSL
    PUP.Optional.Legacy, C:\Users\keith\AppData\Roaming\vghd
    PUP.Optional.Legacy, C:\ProgramData\BSD\DriverHiveEngine
    PUP.Optional.Legacy, C:\Users\All Users\BSD\DriverHiveEngine
    PUP.Optional.Legacy, C:\Users\keith\Documents\TotalAV
    PUP.Optional.UpService, C:\Users\keith\AppData\Local\AdService
    PUP.Optional.SystemHealer, C:\Users\keith\AppData\Roaming\SystemHealer
    Trojan.Agent, C:\Users\keith\AppData\Roaming\WidModule
    PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics
    PUP.Optional.AuslogicsDriverUpdater, C:\Program Files (x86)\Auslogics
    PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics
    
    
    ***** [ Files ] *****
    
    No malicious files found.
    
    ***** [ DLL ] *****
    
    No malicious DLLs found.
    
    ***** [ WMI ] *****
    
    No malicious WMI found.
    
    ***** [ Shortcuts ] *****
    
    No malicious shortcuts found.
    
    ***** [ Tasks ] *****
    
    No malicious tasks found.
    
    ***** [ Registry ] *****
    
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\AppDataLow\Software\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\YFriendsBar
    PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\DC3_FEXEC
    PUP.Optional.Legacy, [Key] - HKCU\Software\DC3_FEXEC
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\C84E
    PUP.Optional.Legacy, [Key] - HKCU\Software\C84E
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks | {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | AnonymizerGadget
    PUP.Optional.DriverUpdatePlus, [Key] - HKLM\SOFTWARE\BSD
    PUP.Optional.DriverUpdatePlus, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
    PUP.Optional.DriverUpdatePlus, [Key] - HKCU\Software\BSD
    PUP.Optional.Auslogics, [Key] - HKLM\SOFTWARE\BSD
    PUP.Optional.Auslogics, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
    PUP.Optional.Auslogics, [Key] - HKCU\Software\BSD
    PUP.Optional.ShopGenius, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Genius
    PUP.Optional.ShopGenius, [Key] - HKCU\Software\Genius
    PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics
    PUP.Optional.AdService, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\SetupCompany
    PUP.Optional.AdService, [Key] - HKCU\Software\SetupCompany
    PUP.Optional.TotalAV, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
    PUP.Optional.TotalAV, [Key] - HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    
    
    ***** [ Firefox (and derivatives) ] *****
    
    No malicious Firefox entries.
    
    ***** [ Chromium (and derivatives) ] *****
    
    No malicious Chromium entries.
    
    *************************
    
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
      My ComputerSystem Spec


  9. Posts : 26,422
    windows 10 professional version 1607 build 14393.969 64 bit
       #9

    When available please post the BETA log collector zip for troubleshooting.
      My ComputerSystem Spec

  10.    #10

    reddwarf4ever said: View Post
    Code:
    adwcleaner log
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.2.0
    # -------------------------------
    # Build:    07-17-2018
    # Database: 2018-07-25.1
    # Support:  Customer Support & Help Center | Malwarebytes
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start:    07-27-2018
    # Duration: 00:02:24
    # OS:       Windows 10 Pro
    # Scanned:  41737
    # Detected: 3
    
    
    ***** [ Services ] *****
    
    No malicious services found.
    
    ***** [ Folders ] *****
    
    PUP.Optional.Legacy             C:\ProgramData\BSD\DriverHiveEngine
    
    ***** [ Files ] *****
    
    No malicious files found.
    
    ***** [ DLL ] *****
    
    No malicious DLLs found.
    
    ***** [ WMI ] *****
    
    No malicious WMI found.
    
    ***** [ Shortcuts ] *****
    
    No malicious shortcuts found.
    
    ***** [ Tasks ] *****
    
    No malicious tasks found.
    
    ***** [ Registry ] *****
    
    PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local  Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet  Explorer\DOMStorage\spybot-search-destroy.en.softonic.com
    PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local  Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet  Explorer\EdpDomStorage\spybot-search-destroy.en.softonic.com
    
    ***** [ Chromium (and derivatives) ] *****
    
    No malicious Chromium entries found.
    
    ***** [ Chromium URLs ] *****
    
    No malicious Chromium URLs found.
    
    ***** [ Firefox (and derivatives) ] *****
    
    No malicious Firefox entries found.
    
    ***** [ Firefox URLs ] *****
    
    No malicious Firefox URLs found.
    
    
    AdwCleaner[S00].txt - [29949 octets] - [26/07/2018 20:04:15]
    AdwCleaner[C00].txt - [26186 octets] - [26/07/2018 20:04:57]
    
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
    Code:
    # AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 12:37:05 2018
    # Updated on 2018/08/02 by Malwarebytes 
    # Running on Windows 10 Pro (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support
    
    ***** [ Services ] *****
    
    Deleted: c42bb2da869e225c7de8b81fad0d0a1e
    
    
    ***** [ Folders ] *****
    
    Deleted: C:\ProgramData\BSD\DriverHive
    Deleted: C:\Users\All Users\BSD\DriverHive
    Deleted: C:\Windows\System32\\SSL
    Deleted: C:\Windows\SysWOW64\\SSL
    Deleted: C:\Users\keith\AppData\Roaming\vghd
    Deleted: C:\ProgramData\BSD\DriverHiveEngine
    Deleted: C:\Users\All Users\BSD\DriverHiveEngine
    Deleted: C:\Users\keith\Documents\TotalAV
    Deleted: C:\Users\keith\AppData\Local\AdService
    Deleted: C:\Users\keith\AppData\Roaming\SystemHealer
    Deleted: C:\Users\keith\AppData\Roaming\WidModule
    Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    Deleted: C:\ProgramData\Auslogics
    Deleted: C:\Program Files (x86)\Auslogics
    Deleted: C:\Users\All Users\Auslogics
    
    
    ***** [ Files ] *****
    
    No malicious files deleted.
    
    ***** [ DLL ] *****
    
    No malicious DLLs cleaned.
    
    ***** [ WMI ] *****
    
    No malicious WMI cleaned.
    
    ***** [ Shortcuts ] *****
    
    No malicious shortcuts cleaned.
    
    ***** [ Tasks ] *****
    
    No malicious tasks deleted.
    
    ***** [ Registry ] *****
    
    Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\Companion
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\AppDataLow\Software\Yahoo\Companion
    Deleted: [Key] - HKCU\Software\Yahoo\Companion
    Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\YFriendsBar
    Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\DC3_FEXEC
    Deleted: [Key] - HKCU\Software\DC3_FEXEC
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\C84E
    Deleted: [Key] - HKCU\Software\C84E
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget
    Deleted: [Key] - HKLM\SOFTWARE\BSD
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
    Deleted: [Key] - HKCU\Software\BSD
    Deleted: [Key] - HKLM\SOFTWARE\BSD
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
    Deleted: [Key] - HKCU\Software\BSD
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Genius
    Deleted: [Key] - HKCU\Software\Genius
    Deleted: [Key] - HKLM\SOFTWARE\Auslogics
    Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\SetupCompany
    Deleted: [Key] - HKCU\Software\SetupCompany
    Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted: [Key] - HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    
    
    ***** [ Firefox (and derivatives) ] *****
    
    No malicious Firefox entries deleted.
    
    ***** [ Chromium (and derivatives) ] *****
    
    No malicious Chromium entries deleted.
    
    *************************
    
    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0
    
    
    
    *************************
    
    C:/AdwCleaner/AdwCleaner[S0].txt - [4492 B] - [2018/3/8 12:36:45]
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
    Code:
    # AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 12:36:45 2018
    # Updated on 2018/08/02 by Malwarebytes 
    # Database: 2018-03-07.2
    # Running on Windows 10 Pro (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support
    
    ***** [ Services ] *****
    
    PUP.Adware.Heuristic, c42bb2da869e225c7de8b81fad0d0a1e
    
    
    ***** [ Folders ] *****
    
    PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHive
    PUP.Optional.TweakBit, C:\Users\All Users\BSD\DriverHive
    PUP.Optional.Legacy, C:\Windows\System32\SSL
    PUP.Optional.Legacy, C:\Windows\SysWOW64\SSL
    PUP.Optional.Legacy, C:\Users\keith\AppData\Roaming\vghd
    PUP.Optional.Legacy, C:\ProgramData\BSD\DriverHiveEngine
    PUP.Optional.Legacy, C:\Users\All Users\BSD\DriverHiveEngine
    PUP.Optional.Legacy, C:\Users\keith\Documents\TotalAV
    PUP.Optional.UpService, C:\Users\keith\AppData\Local\AdService
    PUP.Optional.SystemHealer, C:\Users\keith\AppData\Roaming\SystemHealer
    Trojan.Agent, C:\Users\keith\AppData\Roaming\WidModule
    PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics
    PUP.Optional.AuslogicsDriverUpdater, C:\Program Files (x86)\Auslogics
    PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics
    
    
    ***** [ Files ] *****
    
    No malicious files found.
    
    ***** [ DLL ] *****
    
    No malicious DLLs found.
    
    ***** [ WMI ] *****
    
    No malicious WMI found.
    
    ***** [ Shortcuts ] *****
    
    No malicious shortcuts found.
    
    ***** [ Tasks ] *****
    
    No malicious tasks found.
    
    ***** [ Registry ] *****
    
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\AppDataLow\Software\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\YFriendsBar
    PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\DC3_FEXEC
    PUP.Optional.Legacy, [Key] - HKCU\Software\DC3_FEXEC
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\C84E
    PUP.Optional.Legacy, [Key] - HKCU\Software\C84E
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks | {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | AnonymizerGadget
    PUP.Optional.DriverUpdatePlus, [Key] - HKLM\SOFTWARE\BSD
    PUP.Optional.DriverUpdatePlus, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
    PUP.Optional.DriverUpdatePlus, [Key] - HKCU\Software\BSD
    PUP.Optional.Auslogics, [Key] - HKLM\SOFTWARE\BSD
    PUP.Optional.Auslogics, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
    PUP.Optional.Auslogics, [Key] - HKCU\Software\BSD
    PUP.Optional.ShopGenius, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Genius
    PUP.Optional.ShopGenius, [Key] - HKCU\Software\Genius
    PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics
    PUP.Optional.AdService, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\SetupCompany
    PUP.Optional.AdService, [Key] - HKCU\Software\SetupCompany
    PUP.Optional.TotalAV, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
    PUP.Optional.TotalAV, [Key] - HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    
    
    ***** [ Firefox (and derivatives) ] *****
    
    No malicious Firefox entries.
    
    ***** [ Chromium (and derivatives) ] *****
    
    No malicious Chromium entries.
    
    *************************
    
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
    Thanks for the logs. In my opinion:

    Please remove and/or keep off the system:
    TweakBit Driver Updater
    Auslogics
    Yahoo Companions/YFriendsBar

    Total AV has also been removed. (If ADWCleaner/Malwarebytes doesn't like it, neither do I.)

    Is the error still showing after a reboot?

    You might have a read here, and see if there is a task of the error file you can delete.
    Scheduled Tasks - Malwarebytes Labs | Malwarebytes Labs
    .
    Also, if it's still showing on reboot, perhaps run Malwarebytes Antimalware:
    Removal instructions for TweakBit Driver Updater - Malware Removal Self-Help Guides - Malwarebytes Forums

    Be sure to check the box to scan for rootkits.
      My ComputerSystem Spec


 
Page 1 of 3 123 LastLast

Related Threads
Help! I have Win10 Pro all the way up to 1803 (that's Spring Creators update, right?). Then the June 2018 Cumulative (KB4284835) failed to install and so did the July (KB4338819). I have read many tales about how one might fix this. Finally landed...
Mystery error message in General Support
Hi, I hope there's a simple solution to this, but when I'm watching live-streaming media, the annoying spinning circle appears in the center of the video, & above it is the error message, "The quota has been exceeded" and directly below is a big...
I have Windows Media Player (V12) and when I burn a CD, I can't get the song names on the tracks. I tried a Plug In called WMDCDTest V1.4 - no luck here. I've looked all over and can't find a plug in to give me song names. I've got Windows...
Windows 10 Build 14942 and Bluetooth. A four-note "attention" or "warning" sound is continually overriding my Bluetooth sound, which otherwise, seems to be behaving normally. I haven't been able to see any flashing icons or other indicators that an...
Hey guys as the title says can you plz tell how to track services via eventlog name in cmd See the below images for more information http://www.ultraimg.com/images/4ffd59.png http://www.ultraimg.com/images/151035.png...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:33.
Find Us