(SOLVED) Super PCcleaner reinstalled even after system restore

[janedoecooks]

Hello, I have been having trouble with a program reinstalling itself on my computer for over a week.  It's called Super PC Cleaner.  I have tried several times without success to remove this by performing "uninstall" on Windows 8, only to have it reinstall without warning.

How can I set my Super Antispyware Pro version to look for this and eradicate the hidden files in my system?  

I cannot find the host file (s) that had this hidden, but I will be doing a system restore in a few minutes going back a month or so.

 

Thanks if anyone can help get rid of this bothersome thing.

[GuiltySpark]

Does it show up in System Investigator?

Does it show in the list of Installed Programs?

[janedoecooks]

It keeps showing up in installed programs, even after I do an uninstall from control panel.  It doesn't even wait for a computer restart to reinstall itself.

I just downloaded the free trial of Malwarebytes, ran the program, and upon restarting I got a message box from the superpccleaner asking if I want to upgrade for protection!  When I downloaded the malwarebytes, it listed this as a threat that it would find and eradicate.

Malwarebytes is constantly notifying me of "website blocked" outbound, but it will not show what website it's blocking, just an ip address.

I just checked installed programs and there that bat rasterd pccleaner is again!

I don't know what you are referring to on "system investigator".

The only program I have downloaded as a "free version" is "zipit" to unzip files.  Anyone know if they have this damn PCcleaner file attached to zipit free version?

 

Thank you for the response!

 

[janedoecooks]

Oops, I see the system investigator on the super antispyware. Running it now.

[janedoecooks]

I see a lot of unkown things, but more thumbs up than thumbs down.  There is a LOT of entries regarding "Torch".  Is that a browser that came with windows?

I'm going to do a system restore now, going back a month if I can.

EDIT:  System restore appears to have worked.  The superpccleaner did not reinstall into programs and no pop ups showed.  Hopefully it's gone.  However, system restore disabled my google chrome somehow.  Sure hope I can get my settings and stored URLs back.

 

 

Edited December 17, 2016 by janedoecooks
Added info

[GuiltySpark]

Glad you got it sorted.

[janedoecooks]

HI,

The other thread was closed before I could update on my issue with the nasty super pc cleaner program.

It appeared to be gone after a system restore, but after a few hours...it reinstalled again!

I don't know if this is a google chrome issue, but I am going to uninstall google chrome completely and start over with it.  There were two versions of google chrome and one version that said "new google chrome" The only one I could get to work and open was the latter.   I'm wondering if that is what is hosting this pc cleaner program.

Worth a shot.  

Does Superantispyware recognize this as malware??  If it doesn't, it should.

 

[GuiltySpark]

Hi janedoe,

Sorry about that I thought you had solved the issue. I have reopened this thread and merged your post.

Can you open up task manager and take a pic of what's running and attach it in your next post.

Thanks.

[janedoecooks]

  I did find something interesting, in my scheduled tasks were tasks by the pccleaner program to be triggered with every user log on.  So, somewhere in that "task" entry is whatever is causing it to reinstall?  I deleted the tasks, and then went in to delete the program again but got an error message that the program has been either deleted or disabled.  I'm not going to say that's a fix...yet. LOL

I also disabled the only program that I have downloaded that might have hosted this bad boy, the "zip it" free program.

I can't take a pic of what's running in task manager. The list is way too long.  Is there a way to copy that list?

Thanks again, this thing is starting to get on 'me nerves.  LOL

 

[GuiltySpark]

In task manager select CPU column to get highest running processes and just take a pic of those.

[janedoecooks]

Okay, I'll do that if I continue to have a problem. I just checked task manager again, and there is nothing unusual in there at this time.

So far today the super pc cleaner program has not returned.  So, deleting the scheduled tasks it inserted seems to have done the trick.  I checked program files, task manager, scheduled tasks and start up...nothing there in regards to spcc or super Pc Cleaner.  I just did a shut down and restart, and also signed out of my email account. (last night the program activated after signing into email, probably just a coincidence)

I signed back into email and checked all of the above again, and nothing is showing up for this malware.

So, the trick seems to be getting it off scheduled tasks and uninstalling the program, or uninstall first then hit the scheduled task lists.

I want to point out that Malwarebytes (free trial of full version) did NOT work.  It kept things from going to the ip address outbound, but the spcc program was still active on my computer.

So, I'm going to call it fixed for now.  Keep 'yer fingers crossed that I don't see that extremely quick dos box pop up and disappear, which is the beginning of the super pc cleaner installation.

Thanks GuiltySpark

Edited December 18, 2016 by janedoecooks
clarification of program reference

[GuiltySpark]

Glad you got it sorted (hopefully), if it shows up again can you right click the program and select properties, check the file location. Open up the file location and within SAS select Submit Malware Sample it can then be added to the PUP list.

I'm sure Gabe will take a look at it and add it when he sees this post so keep checking back.

I'll keep this thread open just in case.

[janedoecooks]

4 hours ago, GuiltySpark said:

Glad you got it sorted (hopefully), if it shows up again can you right click the program and select properties, check the file location. Open up the file location and within SAS select Submit Malware Sample it can then be added to the PUP list.

I'm sure Gabe will take a look at it and add it when he sees this post so keep checking back.

I'll keep this thread open just in case.

Yes, I will submit the sample if it returns.

I hope they add this to the PUP list.  IMHO, if it installed itself without my permission or prior knowledge, and is hidden bundled in another program that I was unaware of, accesses my browser, performs redirects on the browser and monitors other online activities...refuses to uninstall completely and re-installs with the triggers that did not get deleted,.....it's malware or virus infection.  Not to mention scaring people with completely inaccurate information about potential problems with your PC, in an attempt to get you to shell out money for their program.

[janedoecooks]

This morning after log on to windows SAS started.  During the scan I saw the DOS box pop up twice, very quickly and disappeared. Is this normal while SAS is scanning and/or deleting threats? (Hopefully everyone remembers what DOS is?  I'm not sure what else to call it)  SAS found 804 items in regards to cookies, far far more than usual.  During the scan I decided to delete the "zip it" free program, during the deletion process this error box popped up, (screenshot 1) and when the uninstallation was done I was immediately directed to the website in the screenshot.  How coincidental is it that the website is about a program for optimizing and tuning up your PC?

 

Did I find the culprit for the hidden Superpccleaner program?

I'm waiting patiently to see if something installed, sometimes it takes a while to show up.

 

 

[GuiltySpark]

Hi Janedoe,

Can you run a scan with adwcleaner clean all it finds and attach the log file in your next post.

Thanks

[janedoecooks]

1 hour ago, GuiltySpark said:

Hi Janedoe,

Can you run a scan with adwcleaner clean all it finds and attach the log file in your next post.

Thanks

I ran it and see there is a new program called "Pc Speedup".  I've never seen that one before, also "updater.exe".  Don't know what that is either.  Of course "Lucky Browse" doesn't belong there either, I'm thinking.

Here's the log file:

# AdwCleaner v6.041 - Logfile created 19/12/2016 at 07:18:52
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-18.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Admin - (removed for privacy)
# Running from : C:\Users\trent\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found:  C:\Program Files (x86)\4C4C4544-1471872659-5110-8033-B3C04F325831
Folder Found:  C:\ProgramData\65b0b866
Folder Found:  C:\ProgramData\70422c23-0a31-0
Folder Found:  C:\ProgramData\70422c23-11f3-1
Folder Found:  C:\ProgramData\70422c23-12d7-0
Folder Found:  C:\ProgramData\70422c23-12f1-1
Folder Found:  C:\ProgramData\70422c23-1455-0
Folder Found:  C:\ProgramData\70422c23-18d7-1
Folder Found:  C:\ProgramData\70422c23-20c5-0
Folder Found:  C:\ProgramData\70422c23-2263-0
Folder Found:  C:\ProgramData\70422c23-27f5-0
Folder Found:  C:\ProgramData\70422c23-2b21-0
Folder Found:  C:\ProgramData\70422c23-2c15-1
Folder Found:  C:\ProgramData\70422c23-30b7-1
Folder Found:  C:\ProgramData\70422c23-3143-1
Folder Found:  C:\ProgramData\70422c23-3195-1
Folder Found:  C:\ProgramData\70422c23-3537-0
Folder Found:  C:\ProgramData\70422c23-3ea7-1
Folder Found:  C:\ProgramData\70422c23-3fa3-0
Folder Found:  C:\ProgramData\70422c23-45c1-1
Folder Found:  C:\ProgramData\70422c23-4a05-1
Folder Found:  C:\ProgramData\70422c23-5125-0
Folder Found:  C:\ProgramData\70422c23-5197-0
Folder Found:  C:\ProgramData\70422c23-51c5-0
Folder Found:  C:\ProgramData\70422c23-5ad7-1
Folder Found:  C:\ProgramData\70422c23-5b37-1
Folder Found:  C:\ProgramData\70422c23-5e01-0
Folder Found:  C:\ProgramData\70422c23-6df5-0
Folder Found:  C:\ProgramData\70422c23-6fc1-0
Folder Found:  C:\ProgramData\70422c23-7045-0
Folder Found:  C:\ProgramData\70422c23-7977-1
Folder Found:  C:\ProgramData\70422c23-7bc7-1
Folder Found:  C:\ProgramData\70422c23-7ea7-0
Folder Found:  C:\ProgramData\a3afeb6d-4331-0
Folder Found:  C:\ProgramData\a3afeb6d-7fa5-1
Folder Found:  C:\ProgramData\{053830f7-112c-1}
Folder Found:  C:\ProgramData\{072b7de6-312c-1}
Folder Found:  C:\ProgramData\{12fb3cac-012c-0}
Folder Found:  C:\ProgramData\{189f3381-312c-1}
Folder Found:  C:\ProgramData\{1b804d30-612c-0}
Folder Found:  C:\ProgramData\{21bf2c1c-612c-0}
Folder Found:  C:\ProgramData\{21f764d2-012c-0}
Folder Found:  C:\ProgramData\{256e5529-012c-1}
Folder Found:  C:\ProgramData\{3ac7215c-112c-0}
Folder Found:  C:\ProgramData\{3ea4041a-412c-0}
Folder Found:  C:\ProgramData\{644a66ce-512c-0}
Folder Found:  C:\ProgramData\{6f2b37a3-712c-0}
Folder Found:  C:\ProgramData\{76bc40b5-112c-1}
Folder Found:  C:\ProgramData\{78034122-312c-0}
Folder Found:  C:\ProgramData\{7c370fc7-412c-1}
Folder Found:  C:\Users\trent\AppData\Local\Rocket
Folder Found:  C:\Users\trent\AppData\Local\torch
Folder Found:  C:\Users\trent\AppData\Roaming\csdimedia
Folder Found:  C:\Users\trent\AppData\Roaming\OpenCandy
Folder Found:  C:\Users\trent\AppData\Roaming\RocketUpdater
Folder Found:  C:\Users\trent\AppData\Roaming\UpdaterEX
Folder Found:  C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Found:  C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
Folder Found:  C:\ProgramData\LuckyBrowse
Folder Found:  C:\ProgramData\torchcrashhandler
Folder Found:  C:\ProgramData\Application Data\LuckyBrowse
Folder Found:  C:\ProgramData\Application Data\torchcrashhandler
Folder Found:  C:\Program Files (x86)\BearShare Applications
Folder Found:  C:\Program Files (x86)\Max Driver Updater
Folder Found:  C:\Program Files (x86)\pc speed up
Folder Found:  C:\Program Files (x86)\WSE Rocket
Folder Found:  C:\Program Files (x86)\PC Speed Up
Folder Found:  C:\Program Files (x86)\ConsumerSoft

***** [ Files ] *****

File Found:  C:\Users\trent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Found:  C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Found:  C:\Users\trent\AppData\Local\aatxtname.txt
File Found:  C:\Users\trent\AppData\Local\ok223.txt
File Found:  C:\Users\trent\AppData\Local\tr5b.txt

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

Task Found:  Rocket Updater
Task Found:  UpdaterEX

***** [ Registry ] *****

Key Found:  HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\InstallCore
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Rocket Browser
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\RocketUpdater
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\torch
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\UpdateFiles
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\UpdaterEX
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\WSE Rocket
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Found:  HKCU\Software\InstallCore
Key Found:  HKCU\Software\Rocket Browser
Key Found:  HKCU\Software\RocketUpdater
Key Found:  HKCU\Software\torch
Key Found:  HKCU\Software\UpdateFiles
Key Found:  HKCU\Software\UpdaterEX
Key Found:  HKCU\Software\WSE Rocket
Key Found:  HKLM\SOFTWARE\InstallCore
Key Found:  HKLM\SOFTWARE\torch
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE Rocket
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found:  [x64] HKCU\Software\InstallCore
Key Found:  [x64] HKCU\Software\Rocket Browser
Key Found:  [x64] HKCU\Software\RocketUpdater
Key Found:  [x64] HKCU\Software\torch
Key Found:  [x64] HKCU\Software\UpdateFiles
Key Found:  [x64] HKCU\Software\UpdaterEX
Key Found:  [x64] HKCU\Software\WSE Rocket
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=wnzp0101&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCtC0CyDtCyC0A0F0BzztDtN0D0Tzu0SyByEyBtN1L2XzutBtFtBtFtCyDtFt
Key Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B}
Data Found:  HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B}
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B}
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B}
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CD642E59-F699-48AF-B6C4-C950DF1ED4CA} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E037425F-56D0-4C80-B513-0A07E5178EDE} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EB88AAEA-0872-464C-9EE9-C15AB19A50D1} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FF1B62F5-E2F4-4514-B763-EF569296E462} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CD642E59-F699-48AF-B6C4-C950DF1ED4CA} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E037425F-56D0-4C80-B513-0A07E5178EDE} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EB88AAEA-0872-464C-9EE9-C15AB19A50D1} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FF1B62F5-E2F4-4514-B763-EF569296E462} [NameServer] - 82.163.143.176 82.163.142.178
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com
Key Found:  HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Key Found:  HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Key Found:  HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Key Found:  HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Key Found:  HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found:  [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Found:  HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found:  [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl
Chrome pref Found:  [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb
Chrome pref Found:  [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ibnjmihbbanannlbobkbmnmckjnmdnom
Chrome pref Found:  [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kiplfnciaokpcennlkldkdaeaaomamof
Chrome pref Found:  [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pflphaooapbgpeakohlggbpidpppgdff

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [12292 Bytes] - [19/12/2016 07:18:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12366 Bytes] ##########
 

 

[GuiltySpark]

Run the scan again and then select Clean to remove all the checked items. Attach the log file after.

[janedoecooks]

48 minutes ago, GuiltySpark said:

Hi Janedoe,

Can you run a scan with adwcleaner clean all it finds and attach the log file in your next post.

Thanks

I did the clean, and will run it again now.  A new icon showed up on my desktop after the reboot.  "Homegroup"  What is that and how do I get rid of it??  I don't see it in the task manager running or any information on what the thing is.

I'll post the second log in a bit.

[janedoecooks]

ADWcleaner Log file after clean up and reboot:

 

# AdwCleaner v6.041 - Logfile created 19/12/2016 at 08:02:05
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-18.1 [Local]
# Operating System : Windows 8.1  (X64)
# Username : Admin - TINA
# Running from : C:\Users\trent\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [13331 Bytes] - [19/12/2016 07:36:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [12538 Bytes] - [19/12/2016 07:18:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [12611 Bytes] - [19/12/2016 07:32:03]
C:\AdwCleaner\AdwCleaner[S2].txt - [1205 Bytes] - [19/12/2016 08:02:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1278 Bytes] ##########
 

[janedoecooks]

Huh, looks pretty well cleaned up in that second log file.   So, my question now is....why didn't SAS pro recognize and clean this stuff off my system?

Thanks for your help Guiltyspark.  I saw several things that were clearly adware in that list.  The "torch" program was an iffy to me for a while, but I couldn't find any hard facts that it was not a windows system needed item.

Now to get rid of "homegroup" icon, drives me crazy when you click on it there is absolutely no information on it....just telling you how to share files with other PC's.  Uh.....no.  LOL

[GuiltySpark]

The Home group icon is a bug in Windoze though not necessarily a dangerous one see here for things to try (only try the registry change as a last resort).

Not every program can / will pick up all malware it all depends on definitions created for that particular piece and whether or not it's been classed as malware, some things are simply Optimizers which aren't really malware but are snake oil so they may not be picked up.

[janedoecooks]

I see your points.  I guess it would be almost impossible to have one single program recognize the millions of malware/virus programs out there.  Wish I could tell all those malware developers what I think of them.... in person.  Optimizers seem to cause more issues than they resolve.

I have always been happy with SAS, finally upgrading to the pro version this year.

Hopefully I won't have to be back on this thread with problems.  So have a Merry Christmas, if you celebrate that.

Edit: I got rid of the "home group" icon by disabling the home-group listener and home-group provider in the services, using the "properties" of each one.

 

[GuiltySpark]

Good on yer girl

Have a great Saturnalia.