Jump to content

Recommended Posts

Posted
For the past few days, I am regularly getting a message from google saying I need to fill in a capcha because of unusual traffic from my network. I have checked for malware and viruses etc and nothing here., In fact nothing appears to have changed on my system yet this happens from the pcs as well as on the ipad and on my surface RT. Why has this suddenly happened? and what can I do about it?
  • Replies 11
  • Created
  • Last Reply

Top Posters In This Topic

  • ExTS Admin
Posted

Hi joddle

 

This is what Google say on the subject:

 

"Unusual traffic from your computer network"

 

You might see "Our systems have detected unusual traffic from your computer network" if it seems like a computer or phone on your network is sending automated traffic to Google.

What Google considers automated traffic

  • Sending searches from a robot, computer program, automated service, or search scraper
  • Using software that sends searches to Google to see how a website or webpage ranks on Google

 

What to do when you see this message

 

The error page most likely shows a CAPTCHA (a squiggly word with a box below it).

To continue using Google, type the squiggly word into the box.

It's how we know you're a human, not a robot.

After you type the CAPTCHA correctly, the message will go away and you can use Google again.

 

https://support.google.com/websearch/answer/86640?hl=en

 

Basically what this means is that the 'Google Captcha' prevents automatic searches

Such Google searches are against Google’s terms of service.

 

A lot of people seem to get this.

It could be caused by:

  • an adware program on your system.
  • It could be a legit program that exhibits adware tendencies (AVG is known to do this)
  • It could just be Google being heavy handed

 

Have you tried filling in the Captcha and see if it returns?

Member of:

UNITE

Posted
Hi joddle

 

Have you tried filling in the Captcha and see if it returns?

 

I saw the note from Google and I do use the captcha and it normally then allows me in but the next search often come up with the same thing. Is seems to react more to questions on "how" to do something but for years I have had nothing but in the past few weeks this seems to be the norm! - Have checked again for viruses and malware but my machines seem clean so not sure what's doing this - I don't have AVG on the machines I am using at the moment although it is on one laptop but that is not in use at the moment.

  • ExTS Admin
Posted

Hi joddle,

 

Have checked again for viruses and malware but my machines seem clean

What programs have you run?

Have you run a dedicated adware remover?

 

if not....

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Click I agree to the Terms of Use.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\ folder.

 

If nothing is found then we can possibly rule out Adware.

Member of:

UNITE

Posted

I use avira pro as my antivirus and ran Malwarebytes for malware checking.

 

Now have just run ADW as instructed and the log is here - not sure what that all means though!

 

 

 

# AdwCleaner v5.109 - Logfile created 10/04/2016 at 10:31:40

# Updated 04/04/2016 by Xplode

# Database : 2016-04-09.1 [server]

# Operating system : Windows 10 Pro (x86)

# Username : Josh - MAIN755

# Running from : C:\Users\Josh\Downloads\AdwCleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

 

[-] Folder Deleted : C:\Program Files\TweakBit

[-] Folder Deleted : C:\ProgramData\TweakBit

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit

 

 

***** [ Files ] *****

 

 

 

***** [ DLLs ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Scheduled tasks ] *****

 

 

 

***** [ Registry ] *****

 

 

[-] Key Deleted : HKCU\Software\APN PIP

[-] Key Deleted : HKU\S-1-5-21-1359800976-2264866879-497154635-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\APN PIP

[-] Key Deleted : HKU\S-1-5-21-1359800976-2264866879-497154635-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\APN PIP

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\istartedsomething.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\photocopier.en.softonic.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\rar-file-open-knife.en.softonic.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\istartedsomething.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\photocopier.en.softonic.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\rar-file-open-knife.en.softonic.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com

 

 

***** [ Web browsers ] *****

 

 

[-] [C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : uk.ask.com

 

 

*************************

 

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

 

*************************

 

 

C:\AdwCleaner\AdwCleaner[C1].txt - [3929 bytes] - [10/04/2016 10:31:40]

C:\AdwCleaner\AdwCleaner[s1].txt - [3958 bytes] - [10/04/2016 10:29:26]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4075 bytes] ##########

Posted

And here are the logs off all the other PCs on the network - (except Surface running W8.1RT)

 

# AdwCleaner v5.109 - Logfile created 10/04/2016 at 10:44:37

# Updated 04/04/2016 by Xplode

# Database : 2016-04-09.1 [server]

# Operating system : Windows 10 Pro (x86)

# Username : Josh - DELL3GB

# Running from : \\MAIN755\Archive\installation\Downloaded programmes\adwcleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

 

[-] Folder Deleted : C:\Hola

[-] Folder Deleted : C:\Program Files\Hola

[-] Folder Deleted : C:\ProgramData\apn

[#] Folder Deleted : C:\ProgramData\Application Data\apn

[-] Folder Deleted : C:\Users\Josh\AppData\Local\Hola

[-] Folder Deleted : C:\Users\Josh\AppData\Roaming\Hola

 

 

***** [ Files ] *****

 

 

 

***** [ DLLs ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Scheduled tasks ] *****

 

 

 

***** [ Registry ] *****

 

 

[-] Key Deleted : HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer

[-] Key Deleted : HKCU\Software\MozillaPlugins\@hola.org/vlc

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}

[-] Key Deleted : HKCU\Software\APN PIP

[-] Key Deleted : HKCU\Software\Hola

[-] Key Deleted : HKLM\SOFTWARE\Hola

[-] Key Deleted : HKLM\SOFTWARE\SearchProtect

[-] Key Deleted : HKU\.DEFAULT\Software\Hola

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2363833853-3689249111-2580041171-1000\Software\AskPartnerNetwork

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnTBMon

 

 

***** [ Web browsers ] *****

 

 

 

*************************

 

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

 

*************************

 

 

C:\AdwCleaner\AdwCleaner[C1].txt - [4909 bytes] - [10/04/2016 10:44:37]

C:\AdwCleaner\AdwCleaner[s1].txt - [4931 bytes] - [10/04/2016 10:43:17]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5055 bytes] ##########

 

 

 

 

 

 

# AdwCleaner v5.109 - Logfile created 10/04/2016 at 10:45:02

# Updated 04/04/2016 by Xplode

# Database : 2016-04-09.1 [server]

# Operating system : Windows 10 Pro (x64)

# Username : Josh - DELL780FAST

# Running from : \\MAIN755\Archive\installation\Downloaded programmes\adwcleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

 

[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit

[-] Folder Deleted : C:\Program Files (x86)\TweakBit

[-] Folder Deleted : C:\ProgramData\TweakBit

[#] Folder Deleted : C:\ProgramData\Application Data\TweakBit

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit

[-] Folder Deleted : C:\Users\user\AppData\Local\DriverToolkit

 

 

***** [ Files ] *****

 

 

 

***** [ DLLs ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

[-] Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

 

 

***** [ Scheduled tasks ] *****

 

 

 

***** [ Registry ] *****

 

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

[-] Key Deleted : HKCU\Software\DriverToolkit

[-] Key Deleted : HKU\S-1-5-21-2623549667-1798606694-2243065831-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\DriverToolkit

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

 

 

***** [ Web browsers ] *****

 

 

 

*************************

 

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

 

*************************

 

 

C:\AdwCleaner\AdwCleaner[C1].txt - [2172 bytes] - [10/04/2016 10:45:02]

C:\AdwCleaner\AdwCleaner[s1].txt - [2426 bytes] - [10/04/2016 10:43:51]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2318 bytes] ##########

 

 

# AdwCleaner v5.109 - Registro generado 10/04/2016 en 10:53:53

# Actualizado 04/04/2016 por Xplode

# Base de datos : 2016-04-09.1 [servidor]

# Sistema operativo : Windows 10 Pro (x86)

# Nombre de usuario : Spanish Dell - SPANISH755

# Ejecutado desde : \\MAIN755\Archive\installation\Downloaded programmes\adwcleaner.exe

# Opción : Limpiar

# Apoyo : http://toolslib.net/forum

 

 

***** [ Servicios ] *****

 

 

 

***** [ Carpetas ] *****

 

 

[-] Carpeta eliminar : C:\ProgramData\apn

 

 

***** [ Archivos ] *****

 

 

 

***** [ DLLs ] *****

 

 

 

***** [ Accesos directos ] *****

 

 

 

***** [ Tareas programadas ] *****

 

 

 

***** [ Registro ] *****

 

 

[-] Llave eliminar : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

[-] Llave eliminar : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-156927757-916406335-1171728041-1000\Software\melondrea

[-] Llave eliminar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{84797D2E-B3F9-4E72-931C-84BD88626611}

 

 

***** [ Navegadores Web ] *****

 

 

 

*************************

 

 

:: Llaves "Tracing" removidas

:: Winsock Configuración borrada

 

 

*************************

 

 

C:\AdwCleaner\AdwCleaner[C1].txt - [1182 bytes] - [10/04/2016 10:53:53]

C:\AdwCleaner\AdwCleaner[s1].txt - [1386 bytes] - [10/04/2016 10:47:12]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1328 bytes] ##########

  • ExTS Admin
Posted

Hi joddle,

 

I use avira pro as my antivirus and ran Malwarebytes for malware checking.

Most anti virus programs won't check for adware.

Some will, but the setting isn't normally set by default.

MalwareBytes will check for some adware, but isn't as up to date with the adware definitions as a dedicated adware removal program......

although MalwareBytes has bought JRT and is slowly incorporating that into the MBAM program.

 

So there was adware on all of the systems.

 

Are you still getting the message from Google?

Member of:

UNITE

Posted
Hi joddle, Most anti virus programs won't check for adware.

Some will, but the setting isn't normally set by default. MalwareBytes will check for some adware, but isn't as up to date with the adware definitions as a dedicated adware removal program......lthough MalwareBytes has bought JRT and is slowly incorporating that into the MBAM program.

 

So there was adware on all of the systems.

Are you still getting the message from Google?

 

So far since the big clean up no odd messages - seems your advice has done the trick - many thanks. So what is your advice for anti adware - should I ditch Malwarebytes for something else? or run it along with something else?

  • ExTS Admin
Posted

Hi joddle,

 

So far since the big clean up no odd messages

That's good to hear. :)

 

So what is your advice for anti adware - should I ditch Malwarebytes for something else? or run it along with something else?

I would stick with what you have already.

As I mentioned earlier, MalwareBytes has bought out JRT ( another adware removal program we use) and are in the process of integrating it with MBAM.

 

These are the instructions for JRT ( It can be run either with AdwCleaner or instead off.

 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • When the tool opens .... Click on any key to continue scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Once the change over is complete and MBAM has completely integrated JRT, It will detect and remove a lot more adware.

I suspect the integration will happen fairly soon...... so keep MBAM.

 

Until this time you can always download a fresh copy of AdwCleaner or JRT and run them once in awhile just as a double check.

Member of:

UNITE

  • ExTS Admin
Posted

Just to add here that MBAM by default should be set to detect and remove Adware, It would be worth checking that this setting hasn't been changed.

From the main MBAM screen, click on:

 

Settings >> Detection and Protection >>

Then under Non Malware Detection, make sure that both:

Pup (potentially unwanted program ) detection

Pum (potentially unwanted modification ) detections

are both set to Treat detections as malware

 

http://img.photobucket.com/albums/v708/starbuck50/malbyte_zpsyhlmuxuf.png

 

Also, make sure that MBAM is updated regularly..... there are a few updates every day ( so run the update at least 3 times a week)

Member of:

UNITE

Posted

Thanks - I have now run JRT and below is the report. but not at all sure about what it has found and done!

 

I have also checked the setting on Malwarebytes and it seems to be exactly as your screenshot - and it always looks for and installs any update when I run it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.4 (03.14.2016)

Operating System: Windows 10 Pro x86

Ran by Josh (Administrator) on 11/04/2016 at 8:15:31.85

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

File System: 3

 

 

Failed to delete: C:\ProgramData\pdfforge (Folder)

Successfully deleted: C:\Users\Josh\AppData\Local\crashrpt (Folder)

Successfully deleted: C:\WINDOWS\wininit.ini (File)

 

 

 

 

 

 

Registry: 2

 

 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38279E1A-7019-40C1-B579-E99DFB3312E8} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} (Registry Value)

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 11/04/2016 at 8:16:58.23

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • ExTS Admin
Posted

Hi joddle,

 

but not at all sure about what it has found and done!

Basically the file/folders are related to PDF Creator... an application for converting documents into Portable Document Format

This program has a long history of installing adware/toolbars etc.

 

Starting with version 0.9.7 (February 2009),[10] PDFCreator included an adware toolbar.

 

In November 2011, PDFCreator still[15] installed the toolbar unless the user declined it. SourceForge, which hosts the downloads for PDFForge, hosted most of PDFCreator, but not the toolbar.[4] The PDFCreator installer downloads the toolbar from another website if the option to install the toolbar is not unselected.[4]

 

As of 23 March 2012 PDFCreator included the MyStart toolbar by Incredibar.

 

On 13 June 2012 PDFCreator once again included another controversial bundled software package, which tests as spyware, called SweetIM.[17]

 

On 23 October 2012, PDFCreator version 1.5.1 was released [20] which includes an installer for iClaro Search adware/spyware. Compared to previous adware choices, once installed, iClaro cannot be removed using the "Add/Remove Programs" option.[21]

 

On 14 January 2013, PDFCreator version 1.6.2 was released[22] which includes an installer for Install Entrusted Toolbar. The setup screen for Install Entrusted Toolbar has a single option in black font.

 

This is why it was targeted.

AdwCleaner also targets this program, but I see that AdwCleaner didn't find any trace of it.

The files/folders removed don't relate to main files/folders, so they were probably just leftovers.

 

What we should really do now is to remove the tools we have used.

The following tool will remove AdwCleaner, JRT and any of their reports.

It will also set you a fresh restore point.

 

Download Delfix and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
  • Create registry backup
  • Purge system restore
     
    http://img.photobucket.com/albums/v708/starbuck50/delf_zpsb39a5ff3.png
    .
  • Click the Run button.

A reboot is required to finish the cleaning.

When the tool has finished, a log will open in notepad.... but i don't actually need this report

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...