Clean of malware

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][/ul]
[ul]
[li]Right click it run as administrator.[/li][/ul]
[ul]
[li]When the program completes, the tool will automatically open a log file.[/li][/ul]
[ul]
[li]Please post that log here in your next post.[/li][/ul]
[ul]

[/ul]


Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

O4 - HKCU..\Run: [BingSvc] C:\Users\Georgene\AppData\Local\Microsoft\BingSvc\ BingSvc.exe
O4 - HKCU..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
O4 - HKCU..\Run: [Imo Messenger] C:\Users\Georgene\AppData\Roaming\Imo Messenger\ImoDesktopApp.exe -minimized
O4 - HKCU..\Run: [OneDrive] C:\Users\Georgene\AppData\Local\Microsoft\OneDrive \OneDrive.exe /background
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun
O4 - HKCU..\Run: [Upwork] C:\Program Files (x86)\Upwork\upwork.exe
O4 - HKLM..\StartupApproved\Run32: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM..\StartupApproved\Run32: [PowerDVD14Agent] C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
O4 - HKLM..\StartupApproved\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O22 - Task (Ready): Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task (Ready): DropboxOEM - C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe auto
O22 - Task (Ready): WpsNotifyTask_Administrator - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe -from=task
O22 - Task (Ready): WpsUpdateTask_Administrator - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe -from=task
O22 - Task (Ready): \Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.ex e -task -source HPSA
O22 - Task (Ready): \Hewlett-Packard\HP Support Assistant\HP Active Health Launcher - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.ex e -source HPSA --create-task
O22 - Task (Ready): \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart
O22 - Task (Ready): \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send
O22 - Task (Ready): \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
O22 - Task (Running): YCMServiceAgent - C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: GamesAppIntegrationService - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service R2: HP Support Solutions Framework Service - (HPSupportSolutionsFrameworkService) - c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service S3: GamesAppService - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

Now click on fix checked.
After the fix is complete, then reboot your machine.

After the reboot post a new hijack this log and let me know how things are running now.

[HEADING=1]AdwCleaner v6.047 - Logfile created 26/05/2017 at 10:58:05[/HEADING]
[HEADING=1]Updated on 19/05/2017 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2017-05-26.5 [Server][/HEADING]
[HEADING=1]Operating System : Windows 10 Home (X64)[/HEADING]
[HEADING=1]Username : Georgene - DESKTOP-32E47ER[/HEADING]
[HEADING=1]Running from : C:\Users\Georgene\Desktop\adwcleaner_6.047.exe[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]Support : Malwarebytes Help Center[/HEADING]
***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office\WPS Office.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Barbarians.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\City of Steam.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Command and Conquer Tiberium Alliances.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dino Storm.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Fringo.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Vegas World.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Villagers & Heroes.lnk

***** [ Scheduled Tasks ] *****

[-] Task deleted: YCMServiceAgent

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software

***** [ Web browsers ] *****

---

:: “Tracing” keys deleted
:: Winsock settings cleared

---

C:\AdwCleaner\AdwCleaner[C0].txt - [3455 Bytes] - [26/05/2017 10:58:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [4444 Bytes] - [26/05/2017 10:57:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3601 Bytes] ##########

So is it clean?

Can you post the Malwarebytes log and the final Hijack this log, then you tell me if you are having anymore issues. From what I see it is clean, just like to know if The final scan caught anything…

I believe I posted that.

You posted the Adware cleaner log, I’d like the Malwarebytes log.
Also, a new hijack this log.
Then tell me if you are having anymore issues.
Is the machine running well now?

Its running great. And I really thank you for helping me. But I’ll post it once I get home.

No problem. I will mark this one as solved and leave it open a couple of days in case something comes up for you.

Your machine is clean…

Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png

Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Downloads - DelFix - Download Now - ToolsLib’]

Download DelFix by “Xplode” to your Desktop.[/URL]
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

I most definitely will. I’ve been using the forum for years. Just up until they sold the site. Now I’m here.

Here is the mbam file:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25/5/2017
Scan Time: 7:05 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.05.25.08
Rootkit Database: v2017.04.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Georgene

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 623154
Time Elapsed: 15 hr, 30 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

OK so long as everything is still running fine i think you are good to go.