Jump to content

SkipperGas

Techbench
  • Content Count

    19
  • Joined

  • Last visited

About SkipperGas

  • Rank
    New Member
  1. Ron, I ran all 3 steps, and of course, no threats were found by either Malwarebytes or AdwCleaner. I will try again later. I saved the logs, in case they will be of interest later, if the adware returns. It has been my experience that the adware always soon returns.
  2. I had a topic on this subject that ran from May, 2018 to November, 2018; then it was closed because I was not going to be available for several weeks. The problem is still there: AdwCleaner finds adware, cleans & repairs, restarts; then when Windows 10 Home comes back up, the adware is still there. I have Malwarebytes Premium running every day, but it apparently is not finding it. Today, I also ran Avast boot-time scan, and it did not help. The only thing that seemed to make a difference today was running in safe mode. I ran AdwCleaner a couple of times in safe mode, and it found no threats on the 2nd run. Here is a link to the original topic, and the actions taken then: Here are the registry items that Adware found on one of the occasions today: Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{733EFF95-917E-40F7-949C-7A22DE5D0A86} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3F74161B-3139-44C1-978F-09A0CCD51C56} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AF3B9589-F5B3-42C9-8589-5A345219119F} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CF181CEC-C873-4FF5-BCE9-08CD3BF79811} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5B5CD0A4-C058-4668-B0C1-0CF10855CBD7} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{348A715D-A143-4D6B-A289-C8756D753C53} I have attached several AdwCleaner logs from today. AdwCleaner[S101].txt AdwCleaner[S100].txt AdwCleaner[S99].txt AdwCleaner[C98].txt AdwCleaner[S98].txt
  3. I am away from that computer for the month of November, so it will be a few days before I can check again. I will let you know when I return to it. I don't believe the issue had been resolved when I left it. Thanks.
  4. OK, here you are: Farbar Recovery Scan Tool (x64) Version: 10.10.2018 Ran by Skipper (19-10-2018 11:17:56) Running from C:\Users\Skipper\Downloads\programs\Malwarebytes FRST scan program Boot Mode: Normal ================== Search Registry: "usgthrsvc" =========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager] "TempPath"="C:\Users\Skipper\Downloads\Search\Data\Temp\usgthrsvc" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\PerformanceCounters] "USGTHRSVC"="UGTHRSVC" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Search\Gathering Manager] "TempPath"="C:\Users\Skipper\Downloads\Search\Data\Temp\usgthrsvc" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Search\PerformanceCounters] "USGTHRSVC"="UGTHRSVC" ====== End of Search ======
  5. I had previously unhidden files/folders, and there was still nothing shown. One reason that makes me think that there is something there that I can't see is that there are 4 levels of supposedly empty folders: "search", "temp", "data", and "usgthrsvc"; however when I delete the highest level "search" folder, the system says that 6 items have been deleted, rather than 4.
  6. No, when I get down to the usgthrsvc folder and open it, there is nothing visible. Maybe hidden files? Hmmm, I just looked and don't see the Search folder. I can't remember if I deleted it today, it always reappears after restart. Maybe I will restart now to see if it comes back.
  7. Yes, I do often delete it, but it returns every time I restart my computer. It appears to be empty, but I think that actually there are hidden files. AdwCleaner always reports it as an optional search PUP, or something like that.
  8. OK, Nasdaq,, I upgraded CCleaner to the lastest version I ran FRST, and clicked on Fix, and am attaching logs I reset Chrome settings to default I also uninstalled Direct Folders, because Google Chrome had a problem with it I restarted, and ran Adwcleaner, and it found only 1 threat, which I think may be a false positive (Windows Search Service) I started Google Chrome, and started my yahoo, google, and facebook pages I ran AdwCleaner again, and it found adware again... I will attach all the logs Thank you Addition.txt Fixlog.txt FRST.txt AdwCleaner[S74].txt AdwCleaner[S73].txt AdwCleaner[C72].txt AdwCleaner[S72].txt AdwCleaner[S71].txt AdwCleaner[S70].txt AdwCleaner[S69].txt AdwCleaner[C68].txt AdwCleaner[S68].txt
  9. Hello nasdaq, I did not find the Fixlist.txt file attached to your message. Please resend. Thank you
  10. I first reported this problem to Malwarebytes in about May, 2018 through the regular channels. Today, they directed me to this "I'm infected - what do I do now". My problem has remained about the same over this time, getting a little worse. I have 3 attachments from this morning's results. 1. My Malwarebytes Premium ran automatically this morning, and did not find any threats. (attachment #1) 2. After surfing with Google Chrome for a while, I ran AdwCleaner, as I also did yesterday, and many other days, with the same results - 9 threats. (attachment #2) 3. After restarting, but before I started any other programs, I ran AdwCleaner again, and got the same results - 9 threats. (attachment #3) 4. I ran the FRST program, and log is attached 5. Addition log is attached Note: one thing that I have always noticed is a folder called "search" appears in my downloads folder after every restart. I have not been able to get rid of it. If I double click on it, I get to a "data" folder. If I double click on that, I get to a "temp" folder. If I double click on that, I get to a "usgthrsvc" folder. If I double click on that, I get a "folder is empty"; however I think there may be hidden data in there; because deleting it may result in more folders being deleted than are evident. Sometimes, I am initially denied access to this lowest folder until I say "continue" 2 - AdwCleaner[C64] 9 found.txt 3 - AdwCleaner[S65].txt 4 -FRST.txt 5 - Addition.txt
  11. As the originator of this thread, I'm glad to see that some are getting relief; however my problem has not improved any. In fact, the last AdwCleaner 7.2.4.0 run, a few minutes ago, revealed even more items detected. I have attached the log. I also continue to run Malwarebytes Premium every morning. I also ran Malwarebytes anti-rootkit yesterday, and it found no threats. Is it possible that the only way to get rid of these threats is to reset Windows 10? I hope not; because I really don't want to re-install a bunch of apps. 2018-10-12 AdwCleaner[C63].txt
  12. As far as I can tell, the issue is still there. I just ran 7.2.4, and if found the same items as before. After it scanned, I let it "clean & repair", then rebooted. The issues were still there immediately after reboot. It did temporarily get rid of some adware that I also often see, but my experience tells me the adware will soon be back, in spite of daily runs of Malwarebytes Premium.
  13. I first reported this problem in April of this year. I have not seen any improvement. At times, I have wondered if it might have something to do with my use of Google Chrome, and tried some limited use of the Avast browser and Firefox, but I did not test those options very much. I have attached a log from a scan by version 7.2.3.1. and a screen print of the same information. I have tried every antivirus/antimalware tool I have, and nothing seems to get rid of them permanently. Maybe I will just have to reset Windows 10, but I would prefer to not do so. adw log.txt
  14. It was unable to find it, see attached. Also, when I came in through regedit, I could not find it, see 2nd attachment.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.