dca2846

Everything seems to be running fine now. I'll let you know if other issues pop up, but the system seems to be running normally. Thank you so much for your help! I really appreciate it. Thanks, Dave

Here are the logs from the last scan. Please let me know if I need to take additional steps. Thanks Dave RogueKiller V12.12.1.0 (x64) [Jan 22 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : David [Administrator] Started from : E:\Desktop\RogueKiller_portable64.exe Mode : Delete -- Date : 01/27/2018 16:16:36 (Duration : 00:20:22) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3762012968-634641539-1961135990-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:NewsFeed -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3762012968-634641539-1961135990-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:NewsFeed -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5cb54497-5ab9-40f0-b1d1-3aa1965ee137} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8a934d25-64d3-4aeb-a6dd-e9b39df287c1} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced () ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\blink_image_resources_200_percent.pak -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\data_0 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\data_1 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\data_2 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\data_3 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000001 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000002 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000003 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000004 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000005 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000006 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000007 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000008 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000009 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_00000a -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_00000b -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_00000c -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_00000d -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_00000e -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_00000f -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000010 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000011 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000012 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000013 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000014 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000015 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\f_000016 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cache\index -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Cache -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\content_resources_200_percent.pak -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\content_shell.pak -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cookies -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Cookies-journal -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\d3dcompiler_47.dll -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\ffmpeg.dll -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\GPUCache\data_0 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\GPUCache\data_1 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\GPUCache\data_2 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\GPUCache\data_3 -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\GPUCache\index -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\GPUCache -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\icudtl.dat -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\libEGL.dll -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\libGLESv2.dll -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Local Storage\file__0.localstorage -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Local Storage\file__0.localstorage-journal -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Local Storage\http_pluto.tv_0.localstorage -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Local Storage\http_pluto.tv_0.localstorage-journal -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Local Storage -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\locales\en-US.pak -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\locales -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\natives_blob.bin -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\node.dll -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\pepflashplayer32_22_0_0_158.dll -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\925RNTMC -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\A4Q5KN4H\macromedia.com\support\flashplayer\sys\settings.sol -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\A4Q5KN4H\macromedia.com\support\flashplayer\sys -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\A4Q5KN4H\macromedia.com\support\flashplayer -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\A4Q5KN4H\macromedia.com\support -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\A4Q5KN4H\macromedia.com -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\A4Q5KN4H -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash\WritableRoot -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data\Shockwave Flash -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\Pepper Data -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\PlutoTV.exe -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\Preferences -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\resources\electron.asar -> Deleted [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV\resources -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\snapshot_blob.bin -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\ui_resources_200_percent.pak -> Deleted [PUP.Filefinder][File] C:\Users\David\AppData\Roaming\Pluto TV\views_resources_200_percent.pak -> Deleted ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://secure.ally.com/#/bank/accounts/details/133894173|https://mail.google.com/mail/u/0/?shva=1#search/sprint/15df70aed4971dd4|https://mysprint.sprint.com/my-sprint/bill/viewbill/#/summary] -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB 3 - Basic data partition | Offset (sectors): 1159168 | Size: 237909 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST1000DM003-1ER162 +++++ --- User --- [MBR] db1b3261e23eaece9b72d5a2f36f39fe [BSP] 25f1117b8bd0ce765f4d03d0fb285de5 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK zemanalog.txt

Thank you. I'll post the logs once the scans are complete. Dave

It is not.

Thank you for the quick response. Here are my logs from RogueKiller. Thanks, Dave RogueKiller V12.12.1.0 (x64) [Jan 22 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : David [Administrator] Started from : E:\Desktop\RogueKiller_portable64.exe Mode : Scan -- Date : 01/27/2018 15:30:07 (Duration : 00:20:54) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3762012968-634641539-1961135990-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:NewsFeed -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3762012968-634641539-1961135990-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:NewsFeed -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5cb54497-5ab9-40f0-b1d1-3aa1965ee137} | DhcpNameServer : 172.20.10.1 ([]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8a934d25-64d3-4aeb-a6dd-e9b39df287c1} | DhcpNameServer : 172.20.10.1 ([]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [PUP.Filefinder][Folder] C:\Users\David\AppData\Roaming\Pluto TV -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://secure.ally.com/#/bank/accounts/details/133894173|https://mail.google.com/mail/u/0/?shva=1#search/sprint/15df70aed4971dd4|https://mysprint.sprint.com/my-sprint/bill/viewbill/#/summary] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB 3 - Basic data partition | Offset (sectors): 1159168 | Size: 237909 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST1000DM003-1ER162 +++++ --- User --- [MBR] db1b3261e23eaece9b72d5a2f36f39fe [BSP] 25f1117b8bd0ce765f4d03d0fb285de5 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK

Hello, I've attached my logs to this post. I was unable to run the Malwarebytes scan; the scan was stuck on "Check for updates" and I get an error saying "unable to contact license server". The problem seems to have worsened (system crashes, programs eating up memory, system running slow, etc.). Pleas advise on what to do next. Thanks for all of your help! Dave AdwCleanerlog.txt Fixlog.txt mrt.log

Hello, My Malwarebytes Premium is catching a PUP file that I'm having trouble removing. I've attached my log files to this post. Any help would be greatly appreciated! Thank you Addition.txt FRST.txt

Everything seems to be running fine. Thanks so much for your help! Dave

I went through your steps and have attached the ESET log and the SALog to this post. Everything seems to be running fine, but the ESET scan did find some threats. Please advise on next steps. Thanks! ESETScanlog.txt SALog.txt

Hello, Thanks for the reply and I apologize for taking a while to respond. I followed your instructions and attached the requested log files. The last malwarebytes scan came back with zero threats, so the system seems to be running okay. Please let me know if there are additional steps I should be taking moving forward. Thanks! Dave AdwCleanerlog.txt Fixlog.txt malwarebyteslog.txt

Hello, I've scanned my system with malwarebytes premium and can't seem to get rid of a PUP.Optional file. I've attached my log files. Any help would be appreciated! Addition.txt FRST.txt