Jump to content

janedoecooks

Members
  • Content count

    14
  • Joined

  • Last visited

About janedoecooks

  • Rank
    Member
  1. I see your points. I guess it would be almost impossible to have one single program recognize the millions of malware/virus programs out there. Wish I could tell all those malware developers what I think of them.... in person. Optimizers seem to cause more issues than they resolve. I have always been happy with SAS, finally upgrading to the pro version this year. Hopefully I won't have to be back on this thread with problems. So have a Merry Christmas, if you celebrate that. Edit: I got rid of the "home group" icon by disabling the home-group listener and home-group provider in the services, using the "properties" of each one.
  2. Huh, looks pretty well cleaned up in that second log file. So, my question now is....why didn't SAS pro recognize and clean this stuff off my system? Thanks for your help Guiltyspark. I saw several things that were clearly adware in that list. The "torch" program was an iffy to me for a while, but I couldn't find any hard facts that it was not a windows system needed item. Now to get rid of "homegroup" icon, drives me crazy when you click on it there is absolutely no information on it....just telling you how to share files with other PC's. Uh.....no. LOL
  3. ADWcleaner Log file after clean up and reboot: # AdwCleaner v6.041 - Logfile created 19/12/2016 at 08:02:05 # Updated on 16/12/2016 by Malwarebytes # Database : 2016-12-18.1 [Local] # Operating System : Windows 8.1 (X64) # Username : Admin - TINA # Running from : C:\Users\trent\Downloads\adwcleaner_6.041.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [13331 Bytes] - [19/12/2016 07:36:36] C:\AdwCleaner\AdwCleaner[S0].txt - [12538 Bytes] - [19/12/2016 07:18:52] C:\AdwCleaner\AdwCleaner[S1].txt - [12611 Bytes] - [19/12/2016 07:32:03] C:\AdwCleaner\AdwCleaner[S2].txt - [1205 Bytes] - [19/12/2016 08:02:05] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1278 Bytes] ##########
  4. I did the clean, and will run it again now. A new icon showed up on my desktop after the reboot. "Homegroup" What is that and how do I get rid of it?? I don't see it in the task manager running or any information on what the thing is. I'll post the second log in a bit.
  5. I ran it and see there is a new program called "Pc Speedup". I've never seen that one before, also "updater.exe". Don't know what that is either. Of course "Lucky Browse" doesn't belong there either, I'm thinking. Here's the log file: # AdwCleaner v6.041 - Logfile created 19/12/2016 at 07:18:52 # Updated on 16/12/2016 by Malwarebytes # Database : 2016-12-18.1 [Server] # Operating System : Windows 8.1 (X64) # Username : Admin - (removed for privacy) # Running from : C:\Users\trent\Downloads\adwcleaner_6.041.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\Program Files (x86)\4C4C4544-1471872659-5110-8033-B3C04F325831 Folder Found: C:\ProgramData\65b0b866 Folder Found: C:\ProgramData\70422c23-0a31-0 Folder Found: C:\ProgramData\70422c23-11f3-1 Folder Found: C:\ProgramData\70422c23-12d7-0 Folder Found: C:\ProgramData\70422c23-12f1-1 Folder Found: C:\ProgramData\70422c23-1455-0 Folder Found: C:\ProgramData\70422c23-18d7-1 Folder Found: C:\ProgramData\70422c23-20c5-0 Folder Found: C:\ProgramData\70422c23-2263-0 Folder Found: C:\ProgramData\70422c23-27f5-0 Folder Found: C:\ProgramData\70422c23-2b21-0 Folder Found: C:\ProgramData\70422c23-2c15-1 Folder Found: C:\ProgramData\70422c23-30b7-1 Folder Found: C:\ProgramData\70422c23-3143-1 Folder Found: C:\ProgramData\70422c23-3195-1 Folder Found: C:\ProgramData\70422c23-3537-0 Folder Found: C:\ProgramData\70422c23-3ea7-1 Folder Found: C:\ProgramData\70422c23-3fa3-0 Folder Found: C:\ProgramData\70422c23-45c1-1 Folder Found: C:\ProgramData\70422c23-4a05-1 Folder Found: C:\ProgramData\70422c23-5125-0 Folder Found: C:\ProgramData\70422c23-5197-0 Folder Found: C:\ProgramData\70422c23-51c5-0 Folder Found: C:\ProgramData\70422c23-5ad7-1 Folder Found: C:\ProgramData\70422c23-5b37-1 Folder Found: C:\ProgramData\70422c23-5e01-0 Folder Found: C:\ProgramData\70422c23-6df5-0 Folder Found: C:\ProgramData\70422c23-6fc1-0 Folder Found: C:\ProgramData\70422c23-7045-0 Folder Found: C:\ProgramData\70422c23-7977-1 Folder Found: C:\ProgramData\70422c23-7bc7-1 Folder Found: C:\ProgramData\70422c23-7ea7-0 Folder Found: C:\ProgramData\a3afeb6d-4331-0 Folder Found: C:\ProgramData\a3afeb6d-7fa5-1 Folder Found: C:\ProgramData\{053830f7-112c-1} Folder Found: C:\ProgramData\{072b7de6-312c-1} Folder Found: C:\ProgramData\{12fb3cac-012c-0} Folder Found: C:\ProgramData\{189f3381-312c-1} Folder Found: C:\ProgramData\{1b804d30-612c-0} Folder Found: C:\ProgramData\{21bf2c1c-612c-0} Folder Found: C:\ProgramData\{21f764d2-012c-0} Folder Found: C:\ProgramData\{256e5529-012c-1} Folder Found: C:\ProgramData\{3ac7215c-112c-0} Folder Found: C:\ProgramData\{3ea4041a-412c-0} Folder Found: C:\ProgramData\{644a66ce-512c-0} Folder Found: C:\ProgramData\{6f2b37a3-712c-0} Folder Found: C:\ProgramData\{76bc40b5-112c-1} Folder Found: C:\ProgramData\{78034122-312c-0} Folder Found: C:\ProgramData\{7c370fc7-412c-1} Folder Found: C:\Users\trent\AppData\Local\Rocket Folder Found: C:\Users\trent\AppData\Local\torch Folder Found: C:\Users\trent\AppData\Roaming\csdimedia Folder Found: C:\Users\trent\AppData\Roaming\OpenCandy Folder Found: C:\Users\trent\AppData\Roaming\RocketUpdater Folder Found: C:\Users\trent\AppData\Roaming\UpdaterEX Folder Found: C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch Folder Found: C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage Folder Found: C:\ProgramData\LuckyBrowse Folder Found: C:\ProgramData\torchcrashhandler Folder Found: C:\ProgramData\Application Data\LuckyBrowse Folder Found: C:\ProgramData\Application Data\torchcrashhandler Folder Found: C:\Program Files (x86)\BearShare Applications Folder Found: C:\Program Files (x86)\Max Driver Updater Folder Found: C:\Program Files (x86)\pc speed up Folder Found: C:\Program Files (x86)\WSE Rocket Folder Found: C:\Program Files (x86)\PC Speed Up Folder Found: C:\Program Files (x86)\ConsumerSoft ***** [ Files ] ***** File Found: C:\Users\trent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Found: C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk File Found: C:\Users\trent\AppData\Local\aatxtname.txt File Found: C:\Users\trent\AppData\Local\ok223.txt File Found: C:\Users\trent\AppData\Local\tr5b.txt ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: Rocket Updater Task Found: UpdaterEX ***** [ Registry ] ***** Key Found: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027} Key Found: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\InstallCore Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Rocket Browser Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\RocketUpdater Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\torch Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\UpdateFiles Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\UpdaterEX Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\WSE Rocket Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX Key Found: HKCU\Software\InstallCore Key Found: HKCU\Software\Rocket Browser Key Found: HKCU\Software\RocketUpdater Key Found: HKCU\Software\torch Key Found: HKCU\Software\UpdateFiles Key Found: HKCU\Software\UpdaterEX Key Found: HKCU\Software\WSE Rocket Key Found: HKLM\SOFTWARE\InstallCore Key Found: HKLM\SOFTWARE\torch Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE Rocket Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Key Found: [x64] HKCU\Software\InstallCore Key Found: [x64] HKCU\Software\Rocket Browser Key Found: [x64] HKCU\Software\RocketUpdater Key Found: [x64] HKCU\Software\torch Key Found: [x64] HKCU\Software\UpdateFiles Key Found: [x64] HKCU\Software\UpdaterEX Key Found: [x64] HKCU\Software\WSE Rocket Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=wnzp0101&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCtC0CyDtCyC0A0F0BzztDtN0D0Tzu0SyByEyBtN1L2XzutBtFtBtFtCyDtFt Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B} Data Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B} Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B} Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B} Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CD642E59-F699-48AF-B6C4-C950DF1ED4CA} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E037425F-56D0-4C80-B513-0A07E5178EDE} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EB88AAEA-0872-464C-9EE9-C15AB19A50D1} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FF1B62F5-E2F4-4514-B763-EF569296E462} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CD642E59-F699-48AF-B6C4-C950DF1ED4CA} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E037425F-56D0-4C80-B513-0A07E5178EDE} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EB88AAEA-0872-464C-9EE9-C15AB19A50D1} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FF1B62F5-E2F4-4514-B763-EF569296E462} [NameServer] - 82.163.143.176 82.163.142.178 Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com Key Found: HKLM\SOFTWARE\Classes\Applications\Torch.exe Key Found: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch Key Found: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f Key Found: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f Key Found: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f Key Found: HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof Key Found: HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ibnjmihbbanannlbobkbmnmckjnmdnom Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kiplfnciaokpcennlkldkdaeaaomamof Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pflphaooapbgpeakohlggbpidpppgdff ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [12292 Bytes] - [19/12/2016 07:18:52] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12366 Bytes] ##########
  6. This morning after log on to windows SAS started. During the scan I saw the DOS box pop up twice, very quickly and disappeared. Is this normal while SAS is scanning and/or deleting threats? (Hopefully everyone remembers what DOS is? I'm not sure what else to call it) SAS found 804 items in regards to cookies, far far more than usual. During the scan I decided to delete the "zip it" free program, during the deletion process this error box popped up, (screenshot 1) and when the uninstallation was done I was immediately directed to the website in the screenshot. How coincidental is it that the website is about a program for optimizing and tuning up your PC? Did I find the culprit for the hidden Superpccleaner program? I'm waiting patiently to see if something installed, sometimes it takes a while to show up.
  7. Yes, I will submit the sample if it returns. I hope they add this to the PUP list. IMHO, if it installed itself without my permission or prior knowledge, and is hidden bundled in another program that I was unaware of, accesses my browser, performs redirects on the browser and monitors other online activities...refuses to uninstall completely and re-installs with the triggers that did not get deleted,.....it's malware or virus infection. Not to mention scaring people with completely inaccurate information about potential problems with your PC, in an attempt to get you to shell out money for their program.
  8. Okay, I'll do that if I continue to have a problem. I just checked task manager again, and there is nothing unusual in there at this time. So far today the super pc cleaner program has not returned. So, deleting the scheduled tasks it inserted seems to have done the trick. I checked program files, task manager, scheduled tasks and start up...nothing there in regards to spcc or super Pc Cleaner. I just did a shut down and restart, and also signed out of my email account. (last night the program activated after signing into email, probably just a coincidence) I signed back into email and checked all of the above again, and nothing is showing up for this malware. So, the trick seems to be getting it off scheduled tasks and uninstalling the program, or uninstall first then hit the scheduled task lists. I want to point out that Malwarebytes (free trial of full version) did NOT work. It kept things from going to the ip address outbound, but the spcc program was still active on my computer. So, I'm going to call it fixed for now. Keep 'yer fingers crossed that I don't see that extremely quick dos box pop up and disappear, which is the beginning of the super pc cleaner installation. Thanks GuiltySpark
  9. I did find something interesting, in my scheduled tasks were tasks by the pccleaner program to be triggered with every user log on. So, somewhere in that "task" entry is whatever is causing it to reinstall? I deleted the tasks, and then went in to delete the program again but got an error message that the program has been either deleted or disabled. I'm not going to say that's a fix...yet. LOL I also disabled the only program that I have downloaded that might have hosted this bad boy, the "zip it" free program. I can't take a pic of what's running in task manager. The list is way too long. Is there a way to copy that list? Thanks again, this thing is starting to get on 'me nerves. LOL
  10. HI, The other thread was closed before I could update on my issue with the nasty super pc cleaner program. It appeared to be gone after a system restore, but after a few hours...it reinstalled again! I don't know if this is a google chrome issue, but I am going to uninstall google chrome completely and start over with it. There were two versions of google chrome and one version that said "new google chrome" The only one I could get to work and open was the latter. I'm wondering if that is what is hosting this pc cleaner program. Worth a shot. Does Superantispyware recognize this as malware?? If it doesn't, it should.
  11. I see a lot of unkown things, but more thumbs up than thumbs down. There is a LOT of entries regarding "Torch". Is that a browser that came with windows? I'm going to do a system restore now, going back a month if I can. EDIT: System restore appears to have worked. The superpccleaner did not reinstall into programs and no pop ups showed. Hopefully it's gone. However, system restore disabled my google chrome somehow. Sure hope I can get my settings and stored URLs back.
  12. Oops, I see the system investigator on the super antispyware. Running it now.
  13. It keeps showing up in installed programs, even after I do an uninstall from control panel. It doesn't even wait for a computer restart to reinstall itself. I just downloaded the free trial of Malwarebytes, ran the program, and upon restarting I got a message box from the superpccleaner asking if I want to upgrade for protection! When I downloaded the malwarebytes, it listed this as a threat that it would find and eradicate. Malwarebytes is constantly notifying me of "website blocked" outbound, but it will not show what website it's blocking, just an ip address. I just checked installed programs and there that bat rasterd pccleaner is again! I don't know what you are referring to on "system investigator". The only program I have downloaded as a "free version" is "zipit" to unzip files. Anyone know if they have this damn PCcleaner file attached to zipit free version? Thank you for the response!
  14. Hello, I have been having trouble with a program reinstalling itself on my computer for over a week. It's called Super PC Cleaner. I have tried several times without success to remove this by performing "uninstall" on Windows 8, only to have it reinstall without warning. How can I set my Super Antispyware Pro version to look for this and eradicate the hidden files in my system? I cannot find the host file (s) that had this hidden, but I will be doing a system restore in a few minutes going back a month or so. Thanks if anyone can help get rid of this bothersome thing.
×