Maurice Naggar Posted April 7, 2021 ID:1449851 Share Posted April 7, 2021 Hi again. There is an indication that the PC had AVG antivirus in the past. But there is at least one trace of it. Please download, & Save & then run the AVG Clear tool to remove any remains of AVG antivirus. https://www.avg.com/en-us/avg-remover After that run completed, please be sure to RESTART the PC. Link to post Share on other sites More sharing options...
fklstv7 Posted April 9, 2021 Author ID:1450406 Share Posted April 9, 2021 I believe both AVG and Avast were installed at one point. I've had this computer for over 7 years and do not remember exactly. Thank you for your help, please let me know if there is any other ways of removing these 4 pesky chromium URLs. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 9, 2021 ID:1450411 Share Posted April 9, 2021 I wanted a confirmation that you have run & completed the AVG Clear tool. Before we proceed. Link to post Share on other sites More sharing options...
fklstv7 Posted April 9, 2021 Author ID:1450412 Share Posted April 9, 2021 Got it, I will do that right now then check to see what comes up on ADW cleaner. Link to post Share on other sites More sharing options...
fklstv7 Posted April 9, 2021 Author ID:1450413 Share Posted April 9, 2021 Ran the AVG clear application, and then ran ADW cleaner again. It came up with the same 4 Chromium URLs, I will run it again in an hour or so and see if they come back. Link to post Share on other sites More sharing options...
fklstv7 Posted April 9, 2021 Author ID:1450416 Share Posted April 9, 2021 Used ADW cleaner again, the same 4 items were found. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 9, 2021 ID:1450417 Share Posted April 9, 2021 Thanks for running the Clear tool. I simply needed the confirmation. Please put aside the Adwcleaner tool. What we need to get is a more detailed new report. Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe Close all open windows on the Task Bar. Click the icon Right click the icon and Run as Administrator to start the program. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". Now click Run Scan at Top left and let the program run uninterrupted. It will take a few minutes. It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt. Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly! Exit OTL by clicking the X at top right. Attach the report files OTL.txt; & Extras.txt Link to post Share on other sites More sharing options...
fklstv7 Posted April 9, 2021 Author ID:1450418 Share Posted April 9, 2021 Great, I will do that later today and keep you updated. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 9, 2021 ID:1450419 Share Posted April 9, 2021 (edited) Once after you post the reports, I will study them & see what they list about your Chrome browser, other browsers, and any remains of the pesky PUP s. Just kindly stop runs of Adwcleaner for now. And be sure you know that screen grabs from ADW are not as useful as the actual run logs. Again, these are just pesky PUP s but they are not malicious. OTL reports first. Then patience & wait for my guidance. Edited April 9, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 9, 2021 ID:1450430 Share Posted April 9, 2021 For later on, it would also help a lot to get this log-file. Please attach in a future reply. C:\Adwcleaner\Adwcleaner_Debug.log Thank you in advance. . Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 10, 2021 ID:1450568 Share Posted April 10, 2021 Good afternoon. Checking in. Any progress about OTL reports ? + debug_log. ? Link to post Share on other sites More sharing options...
fklstv7 Posted April 10, 2021 Author ID:1450572 Share Posted April 10, 2021 I am running OTL right now! Will keep you updated. Also I will attach the log file for the most recent ADW cleaner as mentioned above, thanks. Link to post Share on other sites More sharing options...
fklstv7 Posted April 10, 2021 Author ID:1450575 Share Posted April 10, 2021 Here are the OTL logs. Extras.Txt OTL.Txt Link to post Share on other sites More sharing options...
fklstv7 Posted April 10, 2021 Author ID:1450576 Share Posted April 10, 2021 Here is the ADW cleaner log from the previous scan. AdwCleaner[S42].txt Link to post Share on other sites More sharing options...
fklstv7 Posted April 10, 2021 Author ID:1450577 Share Posted April 10, 2021 Also the OTL logs I just sent were "LOP check" only, I am running the purity check right now and will attach those log files after. Link to post Share on other sites More sharing options...
fklstv7 Posted April 10, 2021 Author ID:1450578 Share Posted April 10, 2021 Here are the log files after running "purity check". Extras.Txt OTL.Txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 10, 2021 ID:1450583 Share Posted April 10, 2021 It would also help a lot to get this log-file. Please attach in a future reply. C:\Adwcleaner\Adwcleaner_Debug.log Thank you in advance. Link to post Share on other sites More sharing options...
fklstv7 Posted April 10, 2021 Author ID:1450588 Share Posted April 10, 2021 Here it is. AdwCleaner_Debug.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 10, 2021 ID:1450600 Share Posted April 10, 2021 Here is what I surmise is interfering with the 'cleaning' attempts of Adwcleaner....that Kaspersky Security is active & running & leading to access blockage. Just one time, Disable Kaspersky Security so that it is not active. Then one time only, do a new run with Adwcleaner. After that is run, you can then re-enable the Kaspersky. Link to post Share on other sites More sharing options...
fklstv7 Posted April 12, 2021 Author ID:1450985 Share Posted April 12, 2021 Just did as you instructed, here is the logs from ADW cleaner. I will re-enable Kaspersky security and run it again shortly to see if the pup's have been quarantined successfully. AdwCleaner[S43].txt AdwCleaner_Debug.log Link to post Share on other sites More sharing options...
fklstv7 Posted April 12, 2021 Author ID:1450988 Share Posted April 12, 2021 I just ran the ADW cleaner again after re-enabling Kaspersky protection, the same 4 Pup.legacy are still detected. AdwCleaner[S44].txt AdwCleaner_Debug.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 12, 2021 ID:1450991 Share Posted April 12, 2021 Notes. I will more than likely defer or rather, pass this case to a Malwarebytes company developer to handle your case. This seems to be a stubborn & somewhat obtuse one. Questions. Did you use Chrome browser today or yesterday ? Do you use Chrome on more than one machine of yours ? How many have Chrome ? Did you turn OFF the SYNC option at Google ? Do that now & keep it OFF. https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/ Link to post Share on other sites More sharing options...
fklstv7 Posted April 12, 2021 Author ID:1450994 Share Posted April 12, 2021 Sounds good, I appreciate the effort. I use Chrome on this computer every day for work. I use Chrome on my Chromebook as well, but much less often than on this desktop computer. 2 Devices use Chrome. SYNC is off on this device, however it may have been on for the Chromebook. I did not see an option to turn SYNC off, so I selected "custom" and unchecked all of the boxes. Link to post Share on other sites More sharing options...
Staff jboursier Posted April 15, 2021 Staff ID:1451475 Share Posted April 15, 2021 Hello, @fklstv7Can you confirm you followed the steps from Maurice's link above before using AdwCleaner, including the following: Quote Next, open https://chrome.google.com/sync A Google login screen will be shown in your browser window. Enter your Google username and password The "Data from Chrome sync" screen will be displayed to show basic information on what information is being synchronized to the cloud Scroll to the bottom and click Reset Sync or Clear Data A window will be displayed to let you know that synchronization to Google’s cloud will now be stopped. Link to post Share on other sites More sharing options...
fklstv7 Posted April 15, 2021 Author ID:1451619 Share Posted April 15, 2021 Hi, Yes I can confirm that SYNC was off when I ran the ADW scan. I just ran another one to see if there was anything I missed. Turns out there are now 3 Chromium URLs left instead of 4. I have attached the log and debug files. AdwCleaner[S45].txt AdwCleaner_Debug.log Link to post Share on other sites More sharing options...
Recommended Posts