-
Here is the logfile for AdwCleaner:
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-02-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-20-2020
# Duration: 00:00:39
# OS: Windows 10 Home
# Scanned: 34851
# Detected: 57
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\Users\Lillian\AppData\Roaming\Tencent
PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
PUP.Optional.DriverUpdate C:\Users\Lillian\Downloads\DRIVERUPDATE-SETUP.EXE
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackjack +.lnk
***** [ Tasks ] *****
PUP.Optional.DriverUpdate C:\Windows\System32\Tasks\DRIVERUPDATE SCAN
***** [ Registry ] *****
Adware.TryMedia HKLM\Software\Wow6432Node\Trymedia Systems
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
PUP.Optional.DriverUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{609C5D74-96CB-477D-B561-7717230B227C}
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{609C5D74-96CB-477D-B561-7717230B227C}
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{140FCF15-D11E-48F3-A4A0-C228B55EB906}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{151B702B-2C5C-496B-A0D3-0147834910DD}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4B362E53-F249-4B5D-975B-11810A0A6604}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5CA60DBE-5099-432B-BBC5-833788F4D077}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A86D0904-5AF1-4DE7-B203-C4EFB2FEA45D}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DAF553A4-B5E2-48C2-B9E8-1C42DCC8D53E}
PUP.Optional.Legacy HKLM\Software\Classes\METNSD
PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slimware.com
PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slimware.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17DC42A2-F68C-4C6E-A685-B484C8ECF152}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F57CADA-CB76-426E-816A-BCE06E750A54}
Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Lillian\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Lillian\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.SamsungSmartSwitch Folder C:\Users\Lillian\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Here is the MBam text:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/20/20
Scan Time: 10:09 PM
Log File: 4b7ed6d4-5468-11ea-96c7-10e7c6012b55.json
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.14905
License: Trial
-System Information-
OS: Windows 10 (Build 17763.1039)
CPU: x64
File System: NTFS
User: DESKTOP-MNATPML\Lillian
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348877
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 8 hr, 29 min, 45 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
I didn't do the FRST and the fix for it because I was worried I'd delete things that belonged to the kids' games. I saw a lot of Minecraft in there!
-
Run Adware again, when the list appears make sure to click on the below entries.
PUP.Optional.DriverUpdate C:\Windows\System32\Tasks\DRIVERUPDATE SCAN
***** [ Registry ] *****
Adware.TryMedia HKLM\Software\Wow6432Node\Trymedia Systems
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
PUP.Optional.DriverUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{609C5D74-96CB-477D-B561-7717230B227C}
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{609C5D74-96CB-477D-B561-7717230B227C}
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{140FCF15-D11E-48F3-A4A0-C228B55EB906}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{151B702B-2C5C-496B-A0D3-0147834910DD}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4B362E53-F249-4B5D-975B-11810A0A6604}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5CA60DBE-5099-432B-BBC5-833788F4D077}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A86D0904-5AF1-4DE7-B203-C4EFB2FEA45D}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DAF553A4-B5E2-48C2-B9E8-1C42DCC8D53E}
PUP.Optional.Legacy HKLM\Software\Classes\METNSD
PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slimware.com
PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slimware.com
The other items found wont hurt anything.
-
I ran AdwCleaner again and I check marked PUP.Optional.Legacy, then went to the second screen and didn't see any of the other things you listed. This is what I see on the Preinstalled Software screen:
Preinstalled.HPAudioSwitch
Preinstalled.HPJumpStartBridge
Preinstalled. HPJumpStartLaunch
Preinstalled.HPRegistrationService
Preinstalled.HPSupportAssistant
Preinstalled.HPSureConnect
Preinstalled.SamsungSmartSwitch
Preinstalled.WildTangentGamesBundle
So I quarantine and restarted the computer and ran the scan again and the PUP.Optional.Legacy showed up again! But I know I got rid of it. And of course all the Preinstalled stuff was still there, but none were the ones you listed.
-
PUP.Optional.Legacy is a game or part of bundled games that wasn't deleted so it will show up on another scan, also a part of Preinstalled.WildTangentGamesBundle
Give the computer a day or two, don't download anything, and if everything is working well we will remove the tools and folders from scanning.
-
So it's been a couple of days and no issues! But should I have check marked all of those Preinstalled items I listed in my last reply and quarantined them? I'm not sure what they are.
-
Their mostly HP pre-installed functions and games.
I think for now with no issues, let's leave those alone.
-
Ok I will just leave them alone.
So is my next step to delete all the software I installed?
-
Use this tool to remove quarantined items:
Please download KpRm by Kernel-panik and save to your Desktop.
- Click on KpRm.exe to run the tool.
- Put a check mark next to these items:
- Delete tools
- Click the "Run" button.
- When the tool has finished, it will create and open a log report and delete itself.
-
Here is the logfile:
# Run at 25-Feb-2020 6:34:05 AM
# KpRm (Kernel-panik) version 2.7
# Website https://kernel-panik.me/tool/kprm/
# Run by Lillian from C:\Users\Lillian\Desktop
# Computer Name: DESKTOP-MNATPML
# OS: Windows 10 X64 (17763)
# Number of passes: 1
- Checked options -
~ Delete Tools
- Delete Tools -
## AdwCleaner
[OK] C:\Users\Lillian\Desktop\adwcleaner_8.0.2.exe deleted
## FRST
[OK] C:\Users\Lillian\Desktop\Addition.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST64.exe deleted
- Other Lines -
## Quarantines keeped
~ C:\AdwCleaner (AdwCleaner)
~ C:\FRST (FRST)
-- KPRM finished in 11.84s --
But I still have 2 MalwareBytes icons on my desktop and this logfile. Do I need to just restart my computer for them to disappear or do I need to manually delete them?
-
Probably but I think its a good idea to keep MalwareBytes and use it on occasion.