1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Crapware from Hell

Discussion in 'Virus & Other Malware Removal' started by DangPUPnStuff, May 3, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. DangPUPnStuff

    DangPUPnStuff Thread Starter

    Joined:
    May 3, 2015
    Messages:
    6
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 11
    Processor Count: 4
    RAM: 8061 Mb
    Graphics Card: NVIDIA GeForce 9300 GE, 256 Mb
    Hard Drives: C: Total - 953766 MB, Free - 854659 MB;
    Motherboard: Dell Inc., 03NVJ6
    Antivirus: avast! Antivirus, Updated and Enabled

    I made the mistake of looking for the old (XP) version of Paint because I did not like the version in Windows 7. Evidently I downloaded from a disreputable website. There was probably 10 or 15 PUP's attached to the main download. I carefully unchecked each one. It did not matter. It started installing crap on its own and I could not stop it.

    I tried doing system restore twice. It failed twice. Unable to change system files or something like that. I ran malwarebytes. It removed 1700+ PUP's. 1700!! Also ran ADWCleaner and removed the problems it found.

    I am not confident that I have cleaned everything and so I am seeking expert guidance here. Thank you!
     
  2. DangPUPnStuff

    DangPUPnStuff Thread Starter

    Joined:
    May 3, 2015
    Messages:
    6
    still awaiting assistance (5 days) thanks!
     
  3. DangPUPnStuff

    DangPUPnStuff Thread Starter

    Joined:
    May 3, 2015
    Messages:
    6
    Hello? Anybody able to help?
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi DangPUPnstuff,
    Sorry for the delay. Kind of busy here.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  5. DangPUPnStuff

    DangPUPnStuff Thread Starter

    Joined:
    May 3, 2015
    Messages:
    6
    Thank you for your reply and kind assistance! I appreciate your time! Here are the requested logs:

    (I tried copying and pasting, but it says they are too large. I am attaching instead.)
     

    Attached Files:

  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    DangPUPnStuff,
    Not too much wrong here.
    You probably picked up that junk from CNET.
    ---------------------------------------------------------------
    Avoiding Unwanted Adware
    There are a few seriously important tips to avoid unwanted adware.
    Adware purveyors are getting more devious and unethical, so you have to be more diligent.

    • Don't click on the Sidebars of Websites
      The items on the sides of websites may be enticing, but they are all advertising, and one click could download unwanted adware onto your machine.

    • Never agree to download anything, if prompted to do so while Online.
      that goes for, "Your codec/browser/flash... needs to be updated to do this, blah, blah.."
      or "you need to first download the xyz.. program to do what you want".
      It's OK to download updates if prompted by legitimate suppliers, when the machine boots, while not yet online.

    • Don't download anything from sites known for adware bundling.
      For any online downloads, best avoid using CNET, Download.com, BrotherSoft, or Softonic
      They package their own "downloaders" and, without notice, deliver serious adware in addition to the desired free programs.
      Unfortunately, the results may be disastrous for your machine.
      FileHippo, MajorGeeks and Softpedia have been better, so far, as sources for downloading software.
      The website of any program's original author is best of all.
      You can Google any Freeware program by typing <program name> adware to see what comes up.
    • Avoid Using P2P file sharing programs
      This includes ĀµTorrent, Bearshare, BitComet, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
      The Unethical have "planted" thousands upon thousands of infections and Adware items in the shared torrent files.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  7. DangPUPnStuff

    DangPUPnStuff Thread Starter

    Joined:
    May 3, 2015
    Messages:
    6
    I ran the fix. It did seem to stall when deleting some of the temp files. The computer restarted on its own. Here is the requested log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
    Ran by Munson at 2015-05-09 08:47:45 Run:1
    Running from C:\Users\Munson\Desktop
    Loaded Profiles: Munson (Available profiles: Munson)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    FirewallRules: [{B7D7FD86-8AD9-49C4-B7DF-2EA182BCF296}] => (Allow) C:\Users\Munson\AppData\Local\Temp\nsa9108.tmp\CnetInstaller-75548155.exe
    FirewallRules: [{01D00122-C1D5-41B5-9FEB-5593C8B4D255}] => (Allow) C:\Users\Munson\AppData\Local\Temp\nsa9108.tmp\CnetInstaller-75548155.exe
    HKU\S-1-5-21-100474017-3450712350-3755397682-1000\...\MountPoints2: {56aa783b-e232-11e4-ad53-782bcb8957d1} - E:\autorun.exe
    HKU\S-1-5-21-100474017-3450712350-3755397682-1000\...\MountPoints2: {adc9cd26-e4a7-11e4-9c45-782bcb8957d1} - E:\autorun.exe
    C:\Windows\System32\Tasks\NCH Software
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7D7FD86-8AD9-49C4-B7DF-2EA182BCF296} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01D00122-C1D5-41B5-9FEB-5593C8B4D255} => value deleted successfully.
    "HKU\S-1-5-21-100474017-3450712350-3755397682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56aa783b-e232-11e4-ad53-782bcb8957d1}" => Key deleted successfully.
    HKCR\CLSID\{56aa783b-e232-11e4-ad53-782bcb8957d1} => Key not found.
    "HKU\S-1-5-21-100474017-3450712350-3755397682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adc9cd26-e4a7-11e4-9c45-782bcb8957d1}" => Key deleted successfully.
    HKCR\CLSID\{adc9cd26-e4a7-11e4-9c45-782bcb8957d1} => Key not found.
    C:\Windows\System32\Tasks\NCH Software => Moved successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    DangPUPnStuff,
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST64.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents in your next reply.
    (No need to post a new addition.txt)

    Let's see what we have left.
    askey127
     
  9. DangPUPnStuff

    DangPUPnStuff Thread Starter

    Joined:
    May 3, 2015
    Messages:
    6
    new log attached.
     

    Attached Files:

  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Your log looks good now.
    You can run along, and see how it goes, or....
    We can look deeper if you wish.
    I think you are OK, though.
    askey127
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1147652

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice