Jump to content

Adware Remains Despite Multiple Scans and Cleaning

daw33

By daw33
in Resolved Malware Removal Logs

 Share

Recommended Posts

daw33

daw33

Posted
Posted

There's some adware on my PC. The main effects I've seen thus far are that it will (1) redirect some searches in the Chrome address/search bar to Yahoo instead of Google (it doesn't do this every time, it spaces out the redirects) and (2) redirects searches in the Chrome address/search bar for "malwarebytes" to another address (this addresss: https://members.cj.com/member/404.html).

Neither Malwarebytes nor Kaspersky identified anything on scan. Malwarebytes Threat Scan Report attached to this post)

I then ran AdwCleaner and it found and quarantined a few PUPs (most of which have to do with something called ParetoLogic, don't know what that is). The log files from this scan are attached.

After restarting, I decided to test whether that solved the problem by searching for "malwarebytes" in the Chrome address/search bar, but I am still being redirected to the same site.

So, I ran AdwCleaner again, but it hasn't found anything. The log files from this second scan are also attached.

Finally, I ran the Farbar Recovery Scan Tool to get the logs for posting the information here. They are also attached here.

 

Any help would be greatly appreciated!

 

 

 

Threat Scan Report.txt AdwCleaner[C00].txt AdwCleaner[C01].txt AdwCleaner[S00].txt AdwCleaner[S01].txt Addition.txt FRST.txt

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
1 minute ago, daw33 said:

Just realized I somehow posted this in the wrong section (should be in Windows Malware Removal Help & Support). My apologies, I don't see and edit, move, or delete option to remedy the mistake.

I have already asked for it to be moved.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted
1 minute ago, daw33 said:

Just realized I somehow posted this in the wrong section (should be in Windows Malware Removal Help & Support). My apologies, I don't see and edit, move, or delete option to remedy the mistake.

I have already asked for your topic to be moved to the right section.

While it gets moved, if the detection's are coming from Chrome, you may try the steps outlined below to see if it helps.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @daw33

ATTENTION: System Restore is disabled (Total:930.91 GB) (Free:716.2 GB) (77%)

Please enable System Restore and create a new System Restore Point

 

Please follow the directions from @Firefox and reset Google Chrome sync

 

You may want to consider removing these scheduled tasks unless you really want them.

Task: {432CC149-43DC-4D4E-9DBC-2B3D3C818643} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1} /quiet /qn
Task: {432CC149-43DC-4D4E-9DBC-2B3D3C818643} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {8E01BF77-2292-4B62-84BE-1992AEE51DC3} - System32\Tasks\PowerEngagePatch => msiexec /p "C:\Program Files (x86)\PowerENGAGE\patches\PowerENGAGE-3.2.13-3.2.16.msp" /norestart /qn /quiet

https://www.mcbsys.com/blog/2018/08/brother-powerengage-causes-msiinstaller-1706-errors/?PageSpeed=noscript
http://www.aviatainc.com/powerengage/
 

You don't appear to be running Avast but you have this entry
Task: {BC863D07-EA41-46C8-AAD8-9A5E6A63CB39} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

 

You may want to review the following as well

https://helpdeskgeek.com/free-tools-review/why-you-shouldnt-download-ccleaner-for-windows-anymore/
https://www.howtogeek.com/361112/heres-what-you-should-use-instead-of-ccleaner/

 

Your Google Chrome update is pretty old. Please check and verify Google Chrome is up to date

 

You're allowing the following websites to send Push Notifications to your desktop. Make sure that's what you want
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://messages.android.com; hxxps://tabletopia.com; hxxps://web.whatsapp.com; hxxps://www.chess.com; hxxps://www.pinterest.ca; hxxps://www.wayfair.ca; hxxps://www.zolo.ca

 

 

Please temporarily disable Kaspersky antivirus while running this fix, after resetting Google Chrome above. When done make sure to re-enable Kaspersky

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites
daw33

daw33

Posted
  • Author
Posted

Thank you all for the great suggestions and help. I followed the steps in the link Firefox provided, but that didn't seem to solve the problem.

I also followed the instructions from AdvancedSetup's post. I've attached the Fixlog.txt to this post.

Since running the FRST64 fix, I haven't noticed any signs of the adware. Search hasn't been redirected (at least yet) and when I type malwarebytes into chrome, I get the actual results rather than being redirected (which is a magical feeling after trying to figure this out for a while now!).

Thank you all SO much for helping me with this! 

Fixlog.txt

Link to post
Share on other sites
daw33

daw33

Posted
  • Author
Posted

Ah, I thought I might have been rid of this, but went to switch to my laptop (a surface book 2, which has a synced chrome account and onedrive account with my desktop) and it appears to have the same issues as the desktop (though, the desktop now appears to be adware free thanks to you all). E.g., searching malwarebytes in chrome redirects.

I ran the laptop through the gamut of scans and none of them found anything. (This is a bit different than the case was for the desktop, where Adw cleaner found some PUPs.) I've attached the Threat Scan and Adw Reports to this post.

I also ran FRST for the reports and attached them here.

Thank you again for all of the help!

AdwCleaner[S02].txt Laptop Threat Scan.txt FRST.txt Addition.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You have the following very old software from Apple running on the computer. I would recommend  you remove it. If you really want or need it then get an updated version.

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)

 

You have Cold Turkey on the system. Are you still using it? Do you know what this task does?
Task: C:\WINDOWS\Tasks\Power_a17007.job => C:\Program Files\Cold Turkey\CTServiceInstaller.exe

Again, make sure you go through and do a clean up of Google Chrome on ALL devices that have a Sync account enabled.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

No, the Ad blocker is fine. Just checking was all.

The log looks good. There were some policies on Google Chrome. Please visit this link and follow the directions to clean up Google Chrome Sync

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Then let me know if there are any other issues with this system or not.

 

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.