Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Laptop running slow, get Popups in Windows

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Laptop running slow, get Popups in Windows

Unread postby adamthemute » June 24th, 2019, 2:58 pm

Hi there. I'm trying to help my Dad with his laptop. For a while now he's mentioned it running slow and that popups with voice appear occasionally from the desktop. I've ran HitmanPro and couldn't find any obvious issues. Please let me know if you need anymore info, thanks!
You do not have the required permissions to view the files attached to this post.
adamthemute
Active Member
 
Posts: 5
Joined: June 21st, 2019, 2:05 pm
Advertisement
Register to Remove

Re: Laptop running slow, get Popups in Windows

Unread postby pgmigg » June 27th, 2019, 12:52 pm

Hello adamthemute,

Welcome to the forum and sorry for some delay! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Laptop running slow, get Popups in Windows

Unread postby adamthemute » June 27th, 2019, 3:04 pm

Thanks for you help, I await your instructions!
adamthemute
Active Member
 
Posts: 5
Joined: June 21st, 2019, 2:05 pm

Re: Laptop running slow, get Popups in Windows

Unread postby pgmigg » June 27th, 2019, 3:23 pm

Hi adamthemute,

Step 1.
Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  1. I saw TCRB in the list of installed programs - if it is not so, please download TCRB from HERE and save it to your Desktop, then double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  2. Launch TCRB.
  3. Click the Backup Registry tab and make sure all the boxes are checked.
  4. Click on Backup Now.
  5. Once the backup is finished you can now exit the program.
< STOP > Do not proceed any further if you were not able to create a registry backup. Post back with what happened so we can determine why it was unsuccessful.

Step 2.
Remove Program
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Click the Select all button next to Code: to select the entire script).
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click on the every Entrys in a row below, if it exists, choose Uninstall, and give permission to Continue:
    Amazon 1Button App
  4. When all programs have been uninstalled, please close Control Panel
  5. Reboot (restart) your computer.

Step 3.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Click Start and type notepad.exe in the search programs and files box and click Enter - a blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    ShellExecuteHooks-x32: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    HKU\S-1-5-21-105068452-229409033-3044687292-1001\...\StartupApproved\Run: => "uTorrent"
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    Task: {08801D14-44C9-4BAE-A0D1-088E1EA02685} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {08AC1526-6DED-4AC3-B2C3-D5332C849A63} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {0E251505-18CD-4456-9DD4-72DB941D5874} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {19C2E701-DB47-4538-8728-2735C705C7E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {439170D2-AFB1-42A7-A0BA-EC241C1BCC2A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {5D1FF1DB-A8F0-4C35-9D0A-98AAEE95EA0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {95225BA2-2EF3-4768-8C2D-65D98759234D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9F6D5133-BB4E-4D88-A335-DE673E64F69F} - \WPD\SqmUpload_S-1-5-21-105068452-229409033-3044687292-1001 -> No File <==== ATTENTION
    Task: {AA728C6C-BFD7-4F4A-8FA4-7E751807F7A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {C4799595-8849-428D-8C2C-61EDEAD6E968} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {C939347D-9246-4738-A89D-71399646DF35} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D18DE444-5CB0-4AF7-8052-DFE160F17DAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {F1D397B8-06B0-4298-B55F-22904C5AAFBC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    
    EmptyTemp:
    
  4. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  5. Right click on FRST64.exe and select Run as administrator.
  6. Press the Fix button one time only and wait.
  7. When FRST finishes you will be prompted to reboot your computer. Click OK.
  8. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 4.
Scan with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop.
  2. Double click AdwCleaner.exe to run it.
  3. Click Yes on UAC question and I Agreeon Welcome window.
  4. Click Scan now button. If it will ask for update please decline it by click No.
  5. On Scan Results screen, please click View Scan Results Log button and the Notepad with a log file AdwCleaner[Sxx].txt will be opened.
  6. Close the AdwCleaner.
  7. Please post the contents of AdwCleaner[Sxx].txt log file with your next reply.
  8. You can also find the log file at C:\AdwCleaner[Sxx].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Content of the C:\AdwCleaner[Sxx].txt
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Laptop running slow, get Popups in Windows

Unread postby adamthemute » June 28th, 2019, 1:49 pm

Hi pgmigg, thanks for the help.


Do you have any problems executing the instructions?:
No, very clear.

Contents of the fixlog.txt log file:
Code: Select all
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by Ken (28-06-2019 12:30:18) Run:1
Running from C:\Users\Ken\Desktop
Loaded Profiles: Ken (Available Profiles: Ken)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

ShellExecuteHooks-x32: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKU\S-1-5-21-105068452-229409033-3044687292-1001\...\StartupApproved\Run: => "uTorrent"
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {08801D14-44C9-4BAE-A0D1-088E1EA02685} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {08AC1526-6DED-4AC3-B2C3-D5332C849A63} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0E251505-18CD-4456-9DD4-72DB941D5874} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {19C2E701-DB47-4538-8728-2735C705C7E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {439170D2-AFB1-42A7-A0BA-EC241C1BCC2A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5D1FF1DB-A8F0-4C35-9D0A-98AAEE95EA0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {95225BA2-2EF3-4768-8C2D-65D98759234D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9F6D5133-BB4E-4D88-A335-DE673E64F69F} - \WPD\SqmUpload_S-1-5-21-105068452-229409033-3044687292-1001 -> No File <==== ATTENTION
Task: {AA728C6C-BFD7-4F4A-8FA4-7E751807F7A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C4799595-8849-428D-8C2C-61EDEAD6E968} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C939347D-9246-4738-A89D-71399646DF35} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D18DE444-5CB0-4AF7-8052-DFE160F17DAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1D397B8-06B0-4298-B55F-22904C5AAFBC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => removed successfully
HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKU\S-1-5-21-105068452-229409033-3044687292-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\uTorrent" => removed successfully
"HKU\S-1-5-21-105068452-229409033-3044687292-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uTorrent" => not found
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08801D14-44C9-4BAE-A0D1-088E1EA02685}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08801D14-44C9-4BAE-A0D1-088E1EA02685}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08AC1526-6DED-4AC3-B2C3-D5332C849A63}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08AC1526-6DED-4AC3-B2C3-D5332C849A63}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E251505-18CD-4456-9DD4-72DB941D5874}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E251505-18CD-4456-9DD4-72DB941D5874}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19C2E701-DB47-4538-8728-2735C705C7E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C2E701-DB47-4538-8728-2735C705C7E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{439170D2-AFB1-42A7-A0BA-EC241C1BCC2A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{439170D2-AFB1-42A7-A0BA-EC241C1BCC2A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D1FF1DB-A8F0-4C35-9D0A-98AAEE95EA0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D1FF1DB-A8F0-4C35-9D0A-98AAEE95EA0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95225BA2-2EF3-4768-8C2D-65D98759234D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95225BA2-2EF3-4768-8C2D-65D98759234D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F6D5133-BB4E-4D88-A335-DE673E64F69F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F6D5133-BB4E-4D88-A335-DE673E64F69F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-105068452-229409033-3044687292-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA728C6C-BFD7-4F4A-8FA4-7E751807F7A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA728C6C-BFD7-4F4A-8FA4-7E751807F7A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4799595-8849-428D-8C2C-61EDEAD6E968}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4799595-8849-428D-8C2C-61EDEAD6E968}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C939347D-9246-4738-A89D-71399646DF35}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C939347D-9246-4738-A89D-71399646DF35}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D18DE444-5CB0-4AF7-8052-DFE160F17DAC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D18DE444-5CB0-4AF7-8052-DFE160F17DAC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1D397B8-06B0-4298-B55F-22904C5AAFBC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1D397B8-06B0-4298-B55F-22904C5AAFBC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 298780713 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 1366766 B
Edge => 610444 B
Chrome => 312384344 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 7300 B
NetworkService => 0 B
Ken => 76587303 B

RecycleBin => 213433835 B
EmptyTemp: => 871.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:33:18 ====


Content of the C:\AdwCleaner[Sxx].txt:
Code: Select all
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-28-2019
# Duration: 00:01:07
# OS:       Windows 10 Home
# Scanned:  27557
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.PCProtect          C:\ProgramData\SecuritySuite

***** [ Files ] *****

PUP.Optional.TotalAV            C:\Users\Ken\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.PCProtect          HKCU\Software\SSProtect

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             MSN Homepage & Bing Search Engine

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2756 octets] - [22/02/2019 15:17:37]
AdwCleaner[C00].txt - [2628 octets] - [22/02/2019 15:18:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


Do you see any changes in computer behavior?:
Unsure yet, I'll wait a couple days (before the 72 hour mark) and get back to you.

Thanks again!
adamthemute
Active Member
 
Posts: 5
Joined: June 21st, 2019, 2:05 pm

Re: Laptop running slow, get Popups in Windows

Unread postby pgmigg » June 28th, 2019, 5:32 pm

Hi adamthemute,

You don't need to wait so long and we are not finished yet.
My question was rather some serious changes that would be immediately apparent. let's continue...

Step 1.
Scan & Clean with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop.
  2. Double click AdwCleaner.exe to run it.
  3. Click Yes on UAC question and I Agree on Welcome window.
  4. Click Scan now button. If it will ask for update please decline it by click No.
  5. On Scan Results screen, please click Clean & Repair button and then Clean & Restart Now.
  6. On reboot a log will open AdwCleaner[Rxx].txt. Copy and paste the contents of that log file in your reply.

Step 2.
ESET Online Scanner
  1. Please close all open programs and windows.
  2. Please go HERE then click on Scan now and save esetonlinescanner_enu.exe on your Desktop.
  3. Double-click on esetsmartinstaller_enu.exe to run it.
  4. Select blue Computer Scan button.
  5. Then select blue Full Scan button and wait for a while - it can take even a few hours to finish.
  6. Be sure on the next screen that Enable ESET to detect and quarantine potentially unwanted applications is marked.
  7. Now click on Start scan button.
  8. Be patient and wait for a while - it can take even a few hours to finish.
  9. When completed, in case anything will be found, you will need to click on Save scan log button and save the log on your Desktop as ESET.txt.
  10. Click on Continue, do it one more time on the next screen, then exit out of ESET Online Scanner by clicking on Close button.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Rxx].txt log file
  3. Contents of the ESET.txt log file if it was saved
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Laptop running slow, get Popups in Windows

Unread postby adamthemute » June 30th, 2019, 4:00 pm

Do you have any problems executing the instructions?
Sadly yes. I was unable to do this myself, so I provided the exact instructions and went through the steps with my Dad, and he forgot to save both .txt log files. The results were cleaned and I couldn't find any record what they were. He did say no malicious files were found, just 3-4 PUP's and maybe one malware.

Contents of the AdwCleaner[Rxx].txt log file
Contents of the ESET.txt log file if it was saved


Do you see any changes in computer behavior?
He has said it's been less sluggish and no popups so far.

Sorry about that! I'm not sure how to progress to the next step now, but things could be fine.
adamthemute
Active Member
 
Posts: 5
Joined: June 21st, 2019, 2:05 pm

Re: Laptop running slow, get Popups in Windows

Unread postby pgmigg » June 30th, 2019, 6:49 pm

Hi adamthemute,

... and he forgot to save both .txt log files. The results were cleaned and I couldn't find any record what they were. He did say no malicious files were found, just 3-4 PUP's and maybe one malware.
It is OK.

Please find the most recent AdwCleaner[Rxx].txt in the directory C:\AdwCleaner and post it contents in you next reply - I would like to see it.

Please check your Desktop too - if ESET Online Scanner found any suspicious object, the log file ESET[date].txt was kept on your Desktop. If it is exists, please post it contents in you next reply - I would like to see it too.

Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Laptop running slow, get Popups in Windows

Unread postby adamthemute » July 3rd, 2019, 4:59 pm

Hey, he didn't have any AdwCleaner log files with "R", but I'll post the last C and S logs. There wasn't an ESET log on the desktop.

C00
Code: Select all
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-02-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-22-2019
# Duration: 00:00:13
# OS:       Windows 10 Home
# Cleaned:  17
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files\Enigma Software Group

***** [ Files ] *****

Deleted       C:\Users\Ken\Downloads\DRIVERUPDATE-SETUP.EXE
Deleted       C:\Users\Ken\Downloads\SpyHunter-Installer.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted       HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
Deleted       HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted       HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted       HKLM\Software\Wow6432Node\EnigmaSoftwareGroup
Deleted       HKLM\Software\EnigmaSoftwareGroup

***** [ Chromium (and derivatives) ] *****

Deleted       MSN Homepage & Bing Search Engine

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2756 octets] - [22/02/2019 15:17:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


S01
Code: Select all
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-28-2019
# Duration: 00:01:07
# OS:       Windows 10 Home
# Scanned:  27557
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.PCProtect          C:\ProgramData\SecuritySuite

***** [ Files ] *****

PUP.Optional.TotalAV            C:\Users\Ken\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.PCProtect          HKCU\Software\SSProtect

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             MSN Homepage & Bing Search Engine

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2756 octets] - [22/02/2019 15:17:37]
AdwCleaner[C00].txt - [2628 octets] - [22/02/2019 15:18:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
adamthemute
Active Member
 
Posts: 5
Joined: June 21st, 2019, 2:05 pm

Re: Laptop running slow, get Popups in Windows

Unread postby pgmigg » July 5th, 2019, 11:04 am

Hi adamthemute,

Your posted very old AdwCleaner log and I would like to repeat AdwCleaner scan one more time to be sure that everything is OK...

Scan with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop <--- please do it even it already exists because of possibility of newest version.
  2. Double click AdwCleaner.exe to run it.
  3. Click Yes on UAC question and I Agree on Welcome window.
  4. Click Scan now button. If it will ask for update please decline it by click No.
  5. On Scan Results screen, please click View Scan Results Log button and the Notepad with a log file AdwCleaner[Sxx].txt will be opened.
  6. Close the AdwCleaner.
  7. Please post the contents of AdwCleaner[Sxx].txt log file with your next reply.
  8. You can also find the log file at C:\AdwCleaner[Sxx].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Content of the C:\AdwCleaner[Sxx].txt
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Laptop running slow, get Popups in Windows

Unread postby pgmigg » July 8th, 2019, 11:53 am

Despite due to a lack of response, the problems seem to be resolved - so this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see
Feedback for Our Helpers - Say "Thanks" Here.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 109 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware