mystery message cant track it down

Page 1 of 3 123 LastLast

  1. reddwarf4ever
    Posts : 1,523
    windows 10 PRO
       New #1

    mystery message cant track it down


    can someone help please

    Attachment 197110
      My Computer
    Quote Quote

  3. Ben Myers
    Posts : 582
    Windows 10 Home
       New #2

    Please repost with more information, including whether the message occurs once during startup or pops up repeatedly.

    Ben
      My Computer
    Quote Quote

  4. reddwarf4ever
    Posts : 1,523
    windows 10 PRO
    Thread Starter
       New #3

    Sorry

    I should have said, it only comes up once only after a restart, after approx 5-10 seconds......

    thanks
      My Computer
    Quote Quote

  6. Bree
    Posts : 31,616
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       New #4

    strange randomly named folders and executables are often a sign of malware, especially when hidden in AppData (so it's probably a good thing that Windows cannot find it). This isn't really the right forum to deal with that. Perhaps the Mods could move it somewhere more appropriate (General Support?) where @simrick may pick it up.
      My Computers
    Quote Quote

  7. zbook
    Posts : 41,455
    windows 10 professional version 1607 build 14393.969 64 bit
       New #5

    Please run the BETA log collector and post a zip into this thread.
    See the bottom of this webpage:
    BSOD - Posting Instructions - Windows 10 Forums
    (extract > open)

    Use the text and images in this link in case there are any problems running the BETA log collector: (post #5)
    DM Log tool problem Solved - Windows 10 Forums
      My Computer
    Quote Quote

  8. Ben Myers
    Posts : 582
    Windows 10 Home
       New #6

    Press the Windows and "R" key simultaneously, type "taskmgr" into the "Run" box and click "OK". When task manager starts, click on the "Startup" tab and look for "etrvdruu.exe". If you find it, right-click it and select "Disable".

    Ben
      My Computer
    Quote Quote

  9. simrick
    Posts : 16,325
    W10Prox64
       New #7

    reddwarf4ever said:
    can someone help please

    Attachment 197110
    Bree said:
    strange randomly named folders and executables are often a sign of malware, especially when hidden in AppData (so it's probably a good thing that Windows cannot find it). This isn't really the right forum to deal with that. Perhaps the Mods could move it somewhere more appropriate (General Support?) where @simrick may pick it up.
    I have to agree with Bree on this one - appears to be some sort of randomly-named executable probably resulting from an infection, and partial infection, or a partially-cleaned infection.

    Can you run ADWCleaner and post the logs for us please?
    Downloads - AdwCleaner - ToolsLib

    The Log Manager is used to give an easy access to all previous logs, including the debug one (which is only shown if the Debug mode is On).

    Log files are stored in C:\AdwCleaner\ and the naming format is as follow:


    • Scan: AdwCleaner[Sxxx].txt
    • Clean: AdwCleaner[Cxxx].txt
    • Debug: AdwCleaner_Debug.log

    xxx is starting from 0.
      My Computer
    Quote Quote

  10. reddwarf4ever
    Posts : 1,523
    windows 10 PRO
    Thread Starter
       New #8

    Code:
    adwcleaner log
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-25.1
# Support:  Customer Support & Help Center | Malwarebytes
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-27-2018
# Duration: 00:02:24
# OS:       Windows 10 Pro
# Scanned:  41737
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\ProgramData\BSD\DriverHiveEngine

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local  Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet  Explorer\DOMStorage\spybot-search-destroy.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local  Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet  Explorer\EdpDomStorage\spybot-search-destroy.en.softonic.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [29949 octets] - [26/07/2018 20:04:15]
AdwCleaner[C00].txt - [26186 octets] - [26/07/2018 20:04:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
    Code:
    # AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 12:37:05 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: c42bb2da869e225c7de8b81fad0d0a1e


***** [ Folders ] *****

Deleted: C:\ProgramData\BSD\DriverHive
Deleted: C:\Users\All Users\BSD\DriverHive
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\Users\keith\AppData\Roaming\vghd
Deleted: C:\ProgramData\BSD\DriverHiveEngine
Deleted: C:\Users\All Users\BSD\DriverHiveEngine
Deleted: C:\Users\keith\Documents\TotalAV
Deleted: C:\Users\keith\AppData\Local\AdService
Deleted: C:\Users\keith\AppData\Roaming\SystemHealer
Deleted: C:\Users\keith\AppData\Roaming\WidModule
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\Program Files (x86)\Auslogics
Deleted: C:\Users\All Users\Auslogics


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\DC3_FEXEC
Deleted: [Key] - HKCU\Software\DC3_FEXEC
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\C84E
Deleted: [Key] - HKCU\Software\C84E
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget
Deleted: [Key] - HKLM\SOFTWARE\BSD
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
Deleted: [Key] - HKCU\Software\BSD
Deleted: [Key] - HKLM\SOFTWARE\BSD
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
Deleted: [Key] - HKCU\Software\BSD
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Genius
Deleted: [Key] - HKCU\Software\Genius
Deleted: [Key] - HKLM\SOFTWARE\Auslogics
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted: [Key] - HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4492 B] - [2018/3/8 12:36:45]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
    Code:
    # AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 12:36:45 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-07.2
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Adware.Heuristic, c42bb2da869e225c7de8b81fad0d0a1e


***** [ Folders ] *****

PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHive
PUP.Optional.TweakBit, C:\Users\All Users\BSD\DriverHive
PUP.Optional.Legacy, C:\Windows\System32\SSL
PUP.Optional.Legacy, C:\Windows\SysWOW64\SSL
PUP.Optional.Legacy, C:\Users\keith\AppData\Roaming\vghd
PUP.Optional.Legacy, C:\ProgramData\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\Users\All Users\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\Users\keith\Documents\TotalAV
PUP.Optional.UpService, C:\Users\keith\AppData\Local\AdService
PUP.Optional.SystemHealer, C:\Users\keith\AppData\Roaming\SystemHealer
Trojan.Agent, C:\Users\keith\AppData\Roaming\WidModule
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Program Files (x86)\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\DC3_FEXEC
PUP.Optional.Legacy, [Key] - HKCU\Software\DC3_FEXEC
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\C84E
PUP.Optional.Legacy, [Key] - HKCU\Software\C84E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks | {EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | AnonymizerGadget
PUP.Optional.DriverUpdatePlus, [Key] - HKLM\SOFTWARE\BSD
PUP.Optional.DriverUpdatePlus, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
PUP.Optional.DriverUpdatePlus, [Key] - HKCU\Software\BSD
PUP.Optional.Auslogics, [Key] - HKLM\SOFTWARE\BSD
PUP.Optional.Auslogics, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
PUP.Optional.Auslogics, [Key] - HKCU\Software\BSD
PUP.Optional.ShopGenius, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Genius
PUP.Optional.ShopGenius, [Key] - HKCU\Software\Genius
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics
PUP.Optional.AdService, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\SetupCompany
PUP.Optional.AdService, [Key] - HKCU\Software\SetupCompany
PUP.Optional.TotalAV, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV, [Key] - HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
      My Computer
    Quote Quote

  12. zbook
    Posts : 41,455
    windows 10 professional version 1607 build 14393.969 64 bit
       New #9

    When available please post the BETA log collector zip for troubleshooting.
      My Computer
    Quote Quote

  13. simrick
    Posts : 16,325
    W10Prox64
       New #10

    reddwarf4ever said:
    Code:
    adwcleaner log
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-25.1
# Support:  Customer Support & Help Center | Malwarebytes
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-27-2018
# Duration: 00:02:24
# OS:       Windows 10 Pro
# Scanned:  41737
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\ProgramData\BSD\DriverHiveEngine

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local  Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet  Explorer\DOMStorage\spybot-search-destroy.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local  Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet  Explorer\EdpDomStorage\spybot-search-destroy.en.softonic.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [29949 octets] - [26/07/2018 20:04:15]
AdwCleaner[C00].txt - [26186 octets] - [26/07/2018 20:04:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
    Code:
    # AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 12:37:05 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: c42bb2da869e225c7de8b81fad0d0a1e


***** [ Folders ] *****

Deleted: C:\ProgramData\BSD\DriverHive
Deleted: C:\Users\All Users\BSD\DriverHive
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\Users\keith\AppData\Roaming\vghd
Deleted: C:\ProgramData\BSD\DriverHiveEngine
Deleted: C:\Users\All Users\BSD\DriverHiveEngine
Deleted: C:\Users\keith\Documents\TotalAV
Deleted: C:\Users\keith\AppData\Local\AdService
Deleted: C:\Users\keith\AppData\Roaming\SystemHealer
Deleted: C:\Users\keith\AppData\Roaming\WidModule
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\Program Files (x86)\Auslogics
Deleted: C:\Users\All Users\Auslogics


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\DC3_FEXEC
Deleted: [Key] - HKCU\Software\DC3_FEXEC
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\C84E
Deleted: [Key] - HKCU\Software\C84E
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget
Deleted: [Key] - HKLM\SOFTWARE\BSD
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
Deleted: [Key] - HKCU\Software\BSD
Deleted: [Key] - HKLM\SOFTWARE\BSD
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
Deleted: [Key] - HKCU\Software\BSD
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Genius
Deleted: [Key] - HKCU\Software\Genius
Deleted: [Key] - HKLM\SOFTWARE\Auslogics
Deleted: [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted: [Key] - HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4492 B] - [2018/3/8 12:36:45]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
    Code:
    # AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 12:36:45 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-07.2
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Adware.Heuristic, c42bb2da869e225c7de8b81fad0d0a1e


***** [ Folders ] *****

PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHive
PUP.Optional.TweakBit, C:\Users\All Users\BSD\DriverHive
PUP.Optional.Legacy, C:\Windows\System32\SSL
PUP.Optional.Legacy, C:\Windows\SysWOW64\SSL
PUP.Optional.Legacy, C:\Users\keith\AppData\Roaming\vghd
PUP.Optional.Legacy, C:\ProgramData\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\Users\All Users\BSD\DriverHiveEngine
PUP.Optional.Legacy, C:\Users\keith\Documents\TotalAV
PUP.Optional.UpService, C:\Users\keith\AppData\Local\AdService
PUP.Optional.SystemHealer, C:\Users\keith\AppData\Roaming\SystemHealer
Trojan.Agent, C:\Users\keith\AppData\Roaming\WidModule
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Program Files (x86)\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\DC3_FEXEC
PUP.Optional.Legacy, [Key] - HKCU\Software\DC3_FEXEC
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\C84E
PUP.Optional.Legacy, [Key] - HKCU\Software\C84E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks | {EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | AnonymizerGadget
PUP.Optional.DriverUpdatePlus, [Key] - HKLM\SOFTWARE\BSD
PUP.Optional.DriverUpdatePlus, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
PUP.Optional.DriverUpdatePlus, [Key] - HKCU\Software\BSD
PUP.Optional.Auslogics, [Key] - HKLM\SOFTWARE\BSD
PUP.Optional.Auslogics, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\BSD
PUP.Optional.Auslogics, [Key] - HKCU\Software\BSD
PUP.Optional.ShopGenius, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\Genius
PUP.Optional.ShopGenius, [Key] - HKCU\Software\Genius
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics
PUP.Optional.AdService, [Key] - HKU\S-1-5-21-1181102942-2369810405-3602532389-1001\Software\SetupCompany
PUP.Optional.AdService, [Key] - HKCU\Software\SetupCompany
PUP.Optional.TotalAV, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV, [Key] - HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
    Thanks for the logs. In my opinion:

    Please remove and/or keep off the system:
    TweakBit Driver Updater
    Auslogics
    Yahoo Companions/YFriendsBar

    Total AV has also been removed. (If ADWCleaner/Malwarebytes doesn't like it, neither do I.)

    Is the error still showing after a reboot?

    You might have a read here, and see if there is a task of the error file you can delete.
    Scheduled Tasks - Malwarebytes Labs | Malwarebytes Labs
    .
    Also, if it's still showing on reboot, perhaps run Malwarebytes Antimalware:
    Removal instructions for TweakBit Driver Updater - Malware Removal Self-Help Guides - Malwarebytes Forums

    Be sure to check the box to scan for rootkits.
      My Computer
    Quote Quote

 

  Related Discussions
Track running programs
in Software and Apps

I am having an issue with splash screens and I don't know which program, they just show for less than a second and they are gone, I have tested for malware and viruses and found none. Is there a way to store history of programs that run?
Mystery error message
in General Support

Hi, I hope there's a simple solution to this, but when I'm watching live-streaming media, the annoying spinning circle appears in the center of the video, & above it is the error message, "The quota has been exceeded" and directly below is a big...
I have Windows Media Player (V12) and when I burn a CD, I can't get the song names on the tracks. I tried a Plug In called WMDCDTest V1.4 - no luck here. I've looked all over and can't find a plug in to give me song names. I've got Windows...
Windows 10 Build 14942 and Bluetooth. A four-note "attention" or "warning" sound is continually overriding my Bluetooth sound, which otherwise, seems to be behaving normally. I haven't been able to see any flashing icons or other indicators that an...
Hey guys as the title says can you plz tell how to track services via eventlog name in cmd See the below images for more information http://www.ultraimg.com/images/4ffd59.png http://www.ultraimg.com/images/151035.png...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:40.
Find Us




Windows 10 Forums