ubicz

Hello So, I did as you said and scanned my computer with MBAM after, seems to be clean Does it mean that my computer is clean? Is it possible to say, what exactly was causing the issue?

Ok. Finally done One problem though - I coudln't find the JRT txt file, so I ran the scan again (so the log here was run after all other steps, but I also did it in the correct order - simply don't have a text file :() Step 04 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Pro x64 Ran by Admin (Administrator) on 13/07/2016 at 16:49:46.72 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13/07/2016 at 16:52:09.49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Step 5 # AdwCleaner v5.201 - Logfile created 12/07/2016 at 18:43:31 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-12.1 [Server] # Operating system : Windows 10 Pro (X64) # Username : Admin - DESKTOP-EQST05R # Running from : C:\Users\Admin\Downloads\AdwCleaner.exe # Option : Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkalbbbffedallekgkdheknngopfhif ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=700F0022FAE5E6CE&affID=125032&tsp=5032 [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=D8C9902B3413BF55&affID=119357&tsp=5021 [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://start.qone8.com/?type=hp&ts=1397238913&from=tt4u&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A59K7154K7154 [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://mysearch.avg.com?cid={ABED75EE-FAAA-4937-8C12-8DBB92D10B4D}&mid=f34bdcd1f49847d29525d16f5e987b91-7d4b74d82558c4d9a42c86ac974c58a1b8a71972&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-14 11:07:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.google.com|hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId={ABED75EE-FAAA-4937-8C12-8DBB92D10B4D}&affID=125032&tsp=5032||hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=D8C9902B3413BF55&affID=119357&tsp=5021|hxxp://start.qone8.com/?type=hp&ts=1397238913&from=tt4u&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A59K7154K7154|hxxp://mysearch.avg.com?cid={ABED75EE-FAAA-4937-8C12-8DBB92D10B4D}&mid=f34bdcd1f49847d29525d16f5e987b91-7d4b74d82558c4d9a42c86ac974c58a1b8a71972&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-14 11:07:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://mysearch.avg.com?cid={ABED75EE-FAAA-4937-8C12-8DBB92D10B4D}&mid=f34bdcd1f49847d29525d16f5e987b91-7d4b74d82558c4d9a42c86ac974c58a1b8a71972&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-14 11:07:58&v=18.1.5.512&pid=safeguard&sg=&sap=hp [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxps://mysearch.avg.com?cid={ABED75EE-FAAA-4937-8C12-8DBB92D10B4D}&mid=f34bdcd1f49847d29525d16f5e987b91-7d4b74d82558c4d9a42c86ac974c58a1b8a71972&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-14 11:07:58&v=18.1.9.799&pid=safeguard&sg=&sap=hp [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : emebnfadbcfbcnebjhlohinanlbkcmhj [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ljkalbbbffedallekgkdheknngopfhif [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pelmeidfhdlhlbjimpabfcbnnojbboma ************************* C:\AdwCleaner\AdwCleaner[S1].txt - [3479 bytes] - [12/07/2016 18:43:31] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3552 bytes] ########## Step 06 Sophos found nothing (scan took terribly wrong :D) Step 07 attached Addition.txt FRST.txt

Hello! Thank you for your answer It took a while for me to answer (there were some power cut off in my region of Poland recently ^^) Ok, so - MBAM didn't find any threats. I paste the scan log down here. Malwarebytes Anti-Malware www.malwarebytes.org Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/07/2016 Scan Time: 23:57 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.07.11.10 Rootkit Database: v2016.05.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Admin Scan Type: Threat Scan Result: Completed Objects Scanned: 295811 Time Elapsed: 9 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Hello! I am experiencing an issue - every time I run Mlwarbytes, it will find multiple items called PUP.Optional.SmartCoupon. I suspect it is not very dangerous, according to my MWB performance. But I would rather get rid of it I am attaching logs from MWB and from FarbarRecoveryTool. Please let me know, if anybody can help me I have just reinstalled the system after C Format, and upgraded to windows 10 (64bit). It is really strange, that this thing is already here. I found similliar treat on my laptop, so I guess it is something in my software or maybe in my chrome extensions (they load up automatically, when I log in to Chrome) Cheers! Addition.txt FRST.txt MWB_scan_2016'07'08.txt