janedoecooks Report post Posted December 17, 2016 Hello, I have been having trouble with a program reinstalling itself on my computer for over a week. It's called Super PC Cleaner. I have tried several times without success to remove this by performing "uninstall" on Windows 8, only to have it reinstall without warning. How can I set my Super Antispyware Pro version to look for this and eradicate the hidden files in my system? I cannot find the host file (s) that had this hidden, but I will be doing a system restore in a few minutes going back a month or so. Thanks if anyone can help get rid of this bothersome thing. Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 17, 2016 Does it show up in System Investigator? Does it show in the list of Installed Programs? Share this post Link to post Share on other sites
janedoecooks Report post Posted December 17, 2016 It keeps showing up in installed programs, even after I do an uninstall from control panel. It doesn't even wait for a computer restart to reinstall itself. I just downloaded the free trial of Malwarebytes, ran the program, and upon restarting I got a message box from the superpccleaner asking if I want to upgrade for protection! When I downloaded the malwarebytes, it listed this as a threat that it would find and eradicate. Malwarebytes is constantly notifying me of "website blocked" outbound, but it will not show what website it's blocking, just an ip address. I just checked installed programs and there that bat rasterd pccleaner is again! I don't know what you are referring to on "system investigator". The only program I have downloaded as a "free version" is "zipit" to unzip files. Anyone know if they have this damn PCcleaner file attached to zipit free version? Thank you for the response! Share this post Link to post Share on other sites
janedoecooks Report post Posted December 17, 2016 Oops, I see the system investigator on the super antispyware. Running it now. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 17, 2016 (edited) I see a lot of unkown things, but more thumbs up than thumbs down. There is a LOT of entries regarding "Torch". Is that a browser that came with windows? I'm going to do a system restore now, going back a month if I can. EDIT: System restore appears to have worked. The superpccleaner did not reinstall into programs and no pop ups showed. Hopefully it's gone. However, system restore disabled my google chrome somehow. Sure hope I can get my settings and stored URLs back. Edited December 17, 2016 by janedoecooks Added info Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 17, 2016 Glad you got it sorted. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 17, 2016 HI, The other thread was closed before I could update on my issue with the nasty super pc cleaner program. It appeared to be gone after a system restore, but after a few hours...it reinstalled again! I don't know if this is a google chrome issue, but I am going to uninstall google chrome completely and start over with it. There were two versions of google chrome and one version that said "new google chrome" The only one I could get to work and open was the latter. I'm wondering if that is what is hosting this pc cleaner program. Worth a shot. Does Superantispyware recognize this as malware?? If it doesn't, it should. Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 17, 2016 Hi janedoe, Sorry about that I thought you had solved the issue. I have reopened this thread and merged your post. Can you open up task manager and take a pic of what's running and attach it in your next post. Thanks. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 18, 2016 I did find something interesting, in my scheduled tasks were tasks by the pccleaner program to be triggered with every user log on. So, somewhere in that "task" entry is whatever is causing it to reinstall? I deleted the tasks, and then went in to delete the program again but got an error message that the program has been either deleted or disabled. I'm not going to say that's a fix...yet. LOL I also disabled the only program that I have downloaded that might have hosted this bad boy, the "zip it" free program. I can't take a pic of what's running in task manager. The list is way too long. Is there a way to copy that list? Thanks again, this thing is starting to get on 'me nerves. LOL Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 18, 2016 In task manager select CPU column to get highest running processes and just take a pic of those. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 18, 2016 (edited) Okay, I'll do that if I continue to have a problem. I just checked task manager again, and there is nothing unusual in there at this time. So far today the super pc cleaner program has not returned. So, deleting the scheduled tasks it inserted seems to have done the trick. I checked program files, task manager, scheduled tasks and start up...nothing there in regards to spcc or super Pc Cleaner. I just did a shut down and restart, and also signed out of my email account. (last night the program activated after signing into email, probably just a coincidence) I signed back into email and checked all of the above again, and nothing is showing up for this malware. So, the trick seems to be getting it off scheduled tasks and uninstalling the program, or uninstall first then hit the scheduled task lists. I want to point out that Malwarebytes (free trial of full version) did NOT work. It kept things from going to the ip address outbound, but the spcc program was still active on my computer. So, I'm going to call it fixed for now. Keep 'yer fingers crossed that I don't see that extremely quick dos box pop up and disappear, which is the beginning of the super pc cleaner installation. Thanks GuiltySpark Edited December 18, 2016 by janedoecooks clarification of program reference Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 18, 2016 Glad you got it sorted (hopefully), if it shows up again can you right click the program and select properties, check the file location. Open up the file location and within SAS select Submit Malware Sample it can then be added to the PUP list. I'm sure Gabe will take a look at it and add it when he sees this post so keep checking back. I'll keep this thread open just in case. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 18, 2016 4 hours ago, GuiltySpark said: Glad you got it sorted (hopefully), if it shows up again can you right click the program and select properties, check the file location. Open up the file location and within SAS select Submit Malware Sample it can then be added to the PUP list. I'm sure Gabe will take a look at it and add it when he sees this post so keep checking back. I'll keep this thread open just in case. Yes, I will submit the sample if it returns. I hope they add this to the PUP list. IMHO, if it installed itself without my permission or prior knowledge, and is hidden bundled in another program that I was unaware of, accesses my browser, performs redirects on the browser and monitors other online activities...refuses to uninstall completely and re-installs with the triggers that did not get deleted,.....it's malware or virus infection. Not to mention scaring people with completely inaccurate information about potential problems with your PC, in an attempt to get you to shell out money for their program. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 19, 2016 This morning after log on to windows SAS started. During the scan I saw the DOS box pop up twice, very quickly and disappeared. Is this normal while SAS is scanning and/or deleting threats? (Hopefully everyone remembers what DOS is? I'm not sure what else to call it) SAS found 804 items in regards to cookies, far far more than usual. During the scan I decided to delete the "zip it" free program, during the deletion process this error box popped up, (screenshot 1) and when the uninstallation was done I was immediately directed to the website in the screenshot. How coincidental is it that the website is about a program for optimizing and tuning up your PC? Did I find the culprit for the hidden Superpccleaner program? I'm waiting patiently to see if something installed, sometimes it takes a while to show up. Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 19, 2016 Hi Janedoe, Can you run a scan with adwcleaner clean all it finds and attach the log file in your next post. Thanks Share this post Link to post Share on other sites
janedoecooks Report post Posted December 19, 2016 1 hour ago, GuiltySpark said: Hi Janedoe, Can you run a scan with adwcleaner clean all it finds and attach the log file in your next post. Thanks I ran it and see there is a new program called "Pc Speedup". I've never seen that one before, also "updater.exe". Don't know what that is either. Of course "Lucky Browse" doesn't belong there either, I'm thinking. Here's the log file: # AdwCleaner v6.041 - Logfile created 19/12/2016 at 07:18:52 # Updated on 16/12/2016 by Malwarebytes # Database : 2016-12-18.1 [Server] # Operating System : Windows 8.1 (X64) # Username : Admin - (removed for privacy) # Running from : C:\Users\trent\Downloads\adwcleaner_6.041.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\Program Files (x86)\4C4C4544-1471872659-5110-8033-B3C04F325831 Folder Found: C:\ProgramData\65b0b866 Folder Found: C:\ProgramData\70422c23-0a31-0 Folder Found: C:\ProgramData\70422c23-11f3-1 Folder Found: C:\ProgramData\70422c23-12d7-0 Folder Found: C:\ProgramData\70422c23-12f1-1 Folder Found: C:\ProgramData\70422c23-1455-0 Folder Found: C:\ProgramData\70422c23-18d7-1 Folder Found: C:\ProgramData\70422c23-20c5-0 Folder Found: C:\ProgramData\70422c23-2263-0 Folder Found: C:\ProgramData\70422c23-27f5-0 Folder Found: C:\ProgramData\70422c23-2b21-0 Folder Found: C:\ProgramData\70422c23-2c15-1 Folder Found: C:\ProgramData\70422c23-30b7-1 Folder Found: C:\ProgramData\70422c23-3143-1 Folder Found: C:\ProgramData\70422c23-3195-1 Folder Found: C:\ProgramData\70422c23-3537-0 Folder Found: C:\ProgramData\70422c23-3ea7-1 Folder Found: C:\ProgramData\70422c23-3fa3-0 Folder Found: C:\ProgramData\70422c23-45c1-1 Folder Found: C:\ProgramData\70422c23-4a05-1 Folder Found: C:\ProgramData\70422c23-5125-0 Folder Found: C:\ProgramData\70422c23-5197-0 Folder Found: C:\ProgramData\70422c23-51c5-0 Folder Found: C:\ProgramData\70422c23-5ad7-1 Folder Found: C:\ProgramData\70422c23-5b37-1 Folder Found: C:\ProgramData\70422c23-5e01-0 Folder Found: C:\ProgramData\70422c23-6df5-0 Folder Found: C:\ProgramData\70422c23-6fc1-0 Folder Found: C:\ProgramData\70422c23-7045-0 Folder Found: C:\ProgramData\70422c23-7977-1 Folder Found: C:\ProgramData\70422c23-7bc7-1 Folder Found: C:\ProgramData\70422c23-7ea7-0 Folder Found: C:\ProgramData\a3afeb6d-4331-0 Folder Found: C:\ProgramData\a3afeb6d-7fa5-1 Folder Found: C:\ProgramData\{053830f7-112c-1} Folder Found: C:\ProgramData\{072b7de6-312c-1} Folder Found: C:\ProgramData\{12fb3cac-012c-0} Folder Found: C:\ProgramData\{189f3381-312c-1} Folder Found: C:\ProgramData\{1b804d30-612c-0} Folder Found: C:\ProgramData\{21bf2c1c-612c-0} Folder Found: C:\ProgramData\{21f764d2-012c-0} Folder Found: C:\ProgramData\{256e5529-012c-1} Folder Found: C:\ProgramData\{3ac7215c-112c-0} Folder Found: C:\ProgramData\{3ea4041a-412c-0} Folder Found: C:\ProgramData\{644a66ce-512c-0} Folder Found: C:\ProgramData\{6f2b37a3-712c-0} Folder Found: C:\ProgramData\{76bc40b5-112c-1} Folder Found: C:\ProgramData\{78034122-312c-0} Folder Found: C:\ProgramData\{7c370fc7-412c-1} Folder Found: C:\Users\trent\AppData\Local\Rocket Folder Found: C:\Users\trent\AppData\Local\torch Folder Found: C:\Users\trent\AppData\Roaming\csdimedia Folder Found: C:\Users\trent\AppData\Roaming\OpenCandy Folder Found: C:\Users\trent\AppData\Roaming\RocketUpdater Folder Found: C:\Users\trent\AppData\Roaming\UpdaterEX Folder Found: C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch Folder Found: C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage Folder Found: C:\ProgramData\LuckyBrowse Folder Found: C:\ProgramData\torchcrashhandler Folder Found: C:\ProgramData\Application Data\LuckyBrowse Folder Found: C:\ProgramData\Application Data\torchcrashhandler Folder Found: C:\Program Files (x86)\BearShare Applications Folder Found: C:\Program Files (x86)\Max Driver Updater Folder Found: C:\Program Files (x86)\pc speed up Folder Found: C:\Program Files (x86)\WSE Rocket Folder Found: C:\Program Files (x86)\PC Speed Up Folder Found: C:\Program Files (x86)\ConsumerSoft ***** [ Files ] ***** File Found: C:\Users\trent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Found: C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk File Found: C:\Users\trent\AppData\Local\aatxtname.txt File Found: C:\Users\trent\AppData\Local\ok223.txt File Found: C:\Users\trent\AppData\Local\tr5b.txt ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: Rocket Updater Task Found: UpdaterEX ***** [ Registry ] ***** Key Found: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027} Key Found: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\InstallCore Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Rocket Browser Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\RocketUpdater Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\torch Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\UpdateFiles Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\UpdaterEX Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\WSE Rocket Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX Key Found: HKCU\Software\InstallCore Key Found: HKCU\Software\Rocket Browser Key Found: HKCU\Software\RocketUpdater Key Found: HKCU\Software\torch Key Found: HKCU\Software\UpdateFiles Key Found: HKCU\Software\UpdaterEX Key Found: HKCU\Software\WSE Rocket Key Found: HKLM\SOFTWARE\InstallCore Key Found: HKLM\SOFTWARE\torch Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE Rocket Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Key Found: [x64] HKCU\Software\InstallCore Key Found: [x64] HKCU\Software\Rocket Browser Key Found: [x64] HKCU\Software\RocketUpdater Key Found: [x64] HKCU\Software\torch Key Found: [x64] HKCU\Software\UpdateFiles Key Found: [x64] HKCU\Software\UpdaterEX Key Found: [x64] HKCU\Software\WSE Rocket Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=wnzp0101&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCtC0CyDtCyC0A0F0BzztDtN0D0Tzu0SyByEyBtN1L2XzutBtFtBtFtCyDtFt Key Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B} Data Found: HKU\S-1-5-21-1115147622-3532500627-1075131776-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B} Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B} Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A17F114C-81F2-4A39-9C54-A5B36E85753B} Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CD642E59-F699-48AF-B6C4-C950DF1ED4CA} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E037425F-56D0-4C80-B513-0A07E5178EDE} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EB88AAEA-0872-464C-9EE9-C15AB19A50D1} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FF1B62F5-E2F4-4514-B763-EF569296E462} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CD642E59-F699-48AF-B6C4-C950DF1ED4CA} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E037425F-56D0-4C80-B513-0A07E5178EDE} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EB88AAEA-0872-464C-9EE9-C15AB19A50D1} [NameServer] - 82.163.143.176 82.163.142.178 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FF1B62F5-E2F4-4514-B763-EF569296E462} [NameServer] - 82.163.143.176 82.163.142.178 Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com Key Found: HKLM\SOFTWARE\Classes\Applications\Torch.exe Key Found: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch Key Found: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f Key Found: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f Key Found: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f Key Found: HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof Key Found: HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ibnjmihbbanannlbobkbmnmckjnmdnom Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kiplfnciaokpcennlkldkdaeaaomamof Chrome pref Found: [C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pflphaooapbgpeakohlggbpidpppgdff ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [12292 Bytes] - [19/12/2016 07:18:52] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12366 Bytes] ########## Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 19, 2016 Run the scan again and then select Clean to remove all the checked items. Attach the log file after. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 19, 2016 48 minutes ago, GuiltySpark said: Hi Janedoe, Can you run a scan with adwcleaner clean all it finds and attach the log file in your next post. Thanks I did the clean, and will run it again now. A new icon showed up on my desktop after the reboot. "Homegroup" What is that and how do I get rid of it?? I don't see it in the task manager running or any information on what the thing is. I'll post the second log in a bit. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 19, 2016 ADWcleaner Log file after clean up and reboot: # AdwCleaner v6.041 - Logfile created 19/12/2016 at 08:02:05 # Updated on 16/12/2016 by Malwarebytes # Database : 2016-12-18.1 [Local] # Operating System : Windows 8.1 (X64) # Username : Admin - TINA # Running from : C:\Users\trent\Downloads\adwcleaner_6.041.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [13331 Bytes] - [19/12/2016 07:36:36] C:\AdwCleaner\AdwCleaner[S0].txt - [12538 Bytes] - [19/12/2016 07:18:52] C:\AdwCleaner\AdwCleaner[S1].txt - [12611 Bytes] - [19/12/2016 07:32:03] C:\AdwCleaner\AdwCleaner[S2].txt - [1205 Bytes] - [19/12/2016 08:02:05] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1278 Bytes] ########## Share this post Link to post Share on other sites
janedoecooks Report post Posted December 19, 2016 Huh, looks pretty well cleaned up in that second log file. So, my question now is....why didn't SAS pro recognize and clean this stuff off my system? Thanks for your help Guiltyspark. I saw several things that were clearly adware in that list. The "torch" program was an iffy to me for a while, but I couldn't find any hard facts that it was not a windows system needed item. Now to get rid of "homegroup" icon, drives me crazy when you click on it there is absolutely no information on it....just telling you how to share files with other PC's. Uh.....no. LOL Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 19, 2016 The Home group icon is a bug in Windoze though not necessarily a dangerous one see here for things to try (only try the registry change as a last resort). Not every program can / will pick up all malware it all depends on definitions created for that particular piece and whether or not it's been classed as malware, some things are simply Optimizers which aren't really malware but are snake oil so they may not be picked up. Share this post Link to post Share on other sites
janedoecooks Report post Posted December 19, 2016 I see your points. I guess it would be almost impossible to have one single program recognize the millions of malware/virus programs out there. Wish I could tell all those malware developers what I think of them.... in person. Optimizers seem to cause more issues than they resolve. I have always been happy with SAS, finally upgrading to the pro version this year. Hopefully I won't have to be back on this thread with problems. So have a Merry Christmas, if you celebrate that. Edit: I got rid of the "home group" icon by disabling the home-group listener and home-group provider in the services, using the "properties" of each one. Share this post Link to post Share on other sites
GuiltySpark Report post Posted December 19, 2016 Good on yer girl Have a great Saturnalia. Share this post Link to post Share on other sites
