[zep516]

Great work Clark

Lets scan for additional adware, while I review the new log reports for you.

Next

Please download AdwCleaner by Xplode onto your Desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Click the Report button and the report will open in Notepad.
• NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
• Click on the Clean button follow the prompts.
• A log file will automatically open after the scan has finished and the PC has rebooted.
• Please post the content of that log file with your next answer.
• You can find the log file at C:\AdwCleaner
• Next
  
  Please download Junkware Removal Tool to your Desktop.
  
  Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  The tool will open and start scanning your system.
  Please be patient as this can take a while to complete, depending on your system's specifications.
  On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  Please post the contents of JRT.txt into your reply.
  
  In your next reply to me post:
  • The adwCleaner log after you run the "Clean" option.
  • The JRT.txt log
  No hurry take your time.
  
  Thanks
  Joe
• 
  
• 
  
• 
  

[Advertisements]

Joe,

 

     I downloaded AdwCleaner to the desktop and ran it with no other programs running.  In succession, I pressed the "Scan", "Report", and "Clean" buttons allowing each operation to complete before proceeding to the next.      

 

     After the PC re-booted, the "AdwCleaner[S1].txt" file opened and then the computer popped up a window labeled "ScanSoft PaperPort 11" which asked me to "Please wait while Windows configures PaperPort 11."  Then another window opened telling me "The feature you are trying to use is on a CD-ROM or other removable disk that is not available" and asking me to "Insert the 'ScanSoft PaperPort 11' disk and click OK."  I just closed the second window and got another pop-up window with "Error 1706.No valid source could be found for product ScanSoft PaperPort 11.  The Windows Installer cannot continue."  I press "OK" in that window and tried to close the first window.  But, it popped up again and I hit cancel, then it popped up again, etc.  I finally got it to stay closed by pressing "Cancel" each time it opened.

 

      Below is the "AdwCleaner[S1].txt" file.  I'm sending this Post now so I could include the above paragraph.  I'll continue with the "Junkware Removal Tool" next and Post the results in a minute.

 

 

Clark

 

 

# AdwCleaner v4.101 - Report created 19/11/2014 at 22:39:08
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Evelyn - HP-KITCHEN
# Running from : C:\Users\Evelyn\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v33.1 (x86 en-US)


*************************

AdwCleaner[R1].txt - [883 octets] - [19/11/2014 22:35:38]
AdwCleaner[S1].txt - [803 octets] - [19/11/2014 22:39:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [862 octets] ##########
 

[DXhound]

Joe,

 

     I downloaded AdwCleaner to the desktop and ran it with no other programs running.  In succession, I pressed the "Scan", "Report", and "Clean" buttons allowing each operation to complete before proceeding to the next.      

 

     After the PC re-booted, the "AdwCleaner[S1].txt" file opened and then the computer popped up a window labeled "ScanSoft PaperPort 11" which asked me to "Please wait while Windows configures PaperPort 11."  Then another window opened telling me "The feature you are trying to use is on a CD-ROM or other removable disk that is not available" and asking me to "Insert the 'ScanSoft PaperPort 11' disk and click OK."  I just closed the second window and got another pop-up window with "Error 1706.No valid source could be found for product ScanSoft PaperPort 11.  The Windows Installer cannot continue."  I press "OK" in that window and tried to close the first window.  But, it popped up again and I hit cancel, then it popped up again, etc.  I finally got it to stay closed by pressing "Cancel" each time it opened.

 

      Below is the "AdwCleaner[S1].txt" file.  I'm sending this Post now so I could include the above paragraph.  I'll continue with the "Junkware Removal Tool" next and Post the results in a minute.

 

 

Clark

 

 

# AdwCleaner v4.101 - Report created 19/11/2014 at 22:39:08
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Evelyn - HP-KITCHEN
# Running from : C:\Users\Evelyn\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v33.1 (x86 en-US)


*************************

AdwCleaner[R1].txt - [883 octets] - [19/11/2014 22:35:38]
AdwCleaner[S1].txt - [803 octets] - [19/11/2014 22:39:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [862 octets] ##########
 

[DXhound]

Joe,

 

     I completed running "Junkware Removal Tool" and have attached the JRT.txt log to this Post.

 

 

Clark

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Evelyn on Wed 11/19/2014 at 23:01:27.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Evelyn\AppData\Roaming\mozilla\firefox\profiles\afzobgxi.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/19/2014 at 23:18:43.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[zep516]

Looks good I thought there might be more adware...

I just closed the second window and got another pop-up window with "Error 1706.No valid source could be found for product ScanSoft PaperPort 11. The Windows Installer cannot continue." I press "OK

That looks like some scanner / printer software issue, we can look at other issues when the Malware is gone


Getting late again.....

Last thing for tonite.

You already have Malwarebytes installed so you may not have to download it, I will however provide the instructions for running it if you need them.

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
/Post that log

Thanks
Joe

[DXhound]

Joe,

 

     OK, I downloaded MBAM again (just to be sure I had the latest) and ran it (as Administrator) from the Desktop.  When it looked like it had completed the scan, I clicked on the "View Detailed Log" and then on "Export."  But, at that point a dialog box popped asking for a re-boot.  After the re-boot, I had to open MBAM (as it did not open on it's own) and I was not able to find the "View Detailed Log" button.  I did go into "History" and saved the "Protection Log" as "MBAM_Protection_Log_11-20-2014.txt" and I saved the "Scan Log" as "MBAM_Scanning_History_Log_11-19-2014.txt" and have attached both to this Post.  I hope that is the detailed info you need.  If not, please tell me how to find it.

 

     BTW, upon re-boot, I had to go through the same Dog and Pony show of aborting the installation of "ScanSoft PaperPort 11".   Now, time for bed.

 

 

Clark

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Scan, 11/20/2014 12:08:11 AM, SYSTEM, HP-KITCHEN, Manual, Start:11/19/2014 11:53:20 PM, Duration:10 min 9 sec, Threat Scan, Completed, 0 Malware Detections, 89 Non-Malware Detections,

(end)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/19/2014
Scan Time: 11:53:20 PM
Logfile: MBAM_Scanning_History_Log_11-19-2014.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.20.01
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Evelyn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316286
Time Elapsed: 10 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\Dictionaries, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\extensions, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Data, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules, Quarantined, [a49b5de0700cf046351eb779c2413ac6],

Files: 81
PUP.Optional.DownloadAssistant, C:\Users\Evelyn\Downloads\Unconfirmed 73478.crdownload, Quarantined, [ed52003d4c30ef475e5bb025d42dfb05],
PUP.Optional.DownloadAdmin, C:\Users\Evelyn\Downloads\Unconfirmed 881398.crdownload, Quarantined, [88b78cb184f8191d71f3451317e92ad6],
PUP.Optional.DownloadAssistant, C:\Users\Evelyn\Downloads\Unconfirmed 241542.crdownload, Quarantined, [9aa568d51f5d22146950f7de46bb09f7],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\msvcp110.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\msvcr110.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\icudt.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome_100_percent.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome_child.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\content_resources.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\d3dcompiler_46.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\debug.log, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\First Run, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\libEGL.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\libGLESv2.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\metro_driver.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\nacl64.exe, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\nacl_irt_x86_32.nexe, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\nacl_irt_x86_64.nexe, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\resources.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\Dictionaries\en-US-3-0.bdic, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\hi.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\am.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ar.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\bg.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\bn.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ca.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\cs.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\da.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\de.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\el.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\en-GB.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\en-US.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\es-419.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\es.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\et.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\fa.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\fi.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\fil.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\fr.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\gu.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\he.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\hr.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\hu.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\id.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\it.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ja.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\kn.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ko.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\lt.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\lv.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ml.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\mr.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ms.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\nb.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\nl.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\pl.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\pt-BR.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\pt-PT.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ro.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ru.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sk.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sl.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sr.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sv.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sw.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ta.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\te.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\th.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\tr.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\uk.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\vi.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\zh-CN.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\zh-TW.pak, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash\manifest.json, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Data\ResPack2.bin, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\7z.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmlProc.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\InSes.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],
PUP.Optional.IdleCrawler.A, C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\NavSupp.dll, Quarantined, [a49b5de0700cf046351eb779c2413ac6],

Physical Sectors: 0
(No malicious items detected)


(end)

[zep516]

Nice job Malwarebytes

How is the computer, other then that scan soft thing? I'll see what I can find about that. Is there a printer or scanner installed and what is the make of it?

Joe

[DXhound]

Joe,

 

     Windows Task Manager reports no instances of Chrome.exe that I can see under Processes.  CPU usage is running from 0% to 6% with Mozilla Thunderbird and Mozilla Firefox both open.  This work we have done seems to have cured the initial problem of the CPU running 50% or greater all the time and the multiple instances of Chrome.exe running.

 

     After running AdwCleaner is when the computer began trying to install the ScanSoft software.  It had not done that before.  It continues to do that every time I re-boot the computer.

 

     Looking at Devices and Printers, I see the following installed:

 

Brother MFC-7840W (Network Printer - as the default printing device)

Brother PC-FAX v.2.1

Fax

Microsoft XPS Document Writer

PaperPort Image Printer

PDF Complete

 

     I'm pretty sure that the ScanSoft software is part of the Brother MFC-7840W software package.  However, I don't know why it suddenly tries to install itself on each re-boot of the computer.  I'm thinking something that AdwCleaner did caused this to start.  ScanSoft is NOT installed as a program (Start | Search Programs and Files | Scan  - does not show anything except "Scanner Setup Wizard", "Scanner Utility", and "Windows Fax and Scan."

 

     There is a folder under Program Files (x86) called "ScanSoft" and it contains a folder called "PaperPort."

 

C:\Program Files (x86)\ScanSoft\PaperPort

 

     Let me know what else I can do to help track this down.

 

     Thanks again for all your effort and time!

 

 

Clark

[zep516]

I have the same printer, and the same folders as you.

I'm thinking how to approach this without reinstalling the printer software that's all I can think of for now.


AdwCleaner deleted a Malware type of entry and nothing to do with scansoft that I can see.

So let me think about this for a bit.

Joe

[DXhound]

Joe,

 

     Sorry I didn't respond last night but "life" got in the way here.  Anyway, I'm back so let me know what you come up with for the ScanSoft issue.

 

     Thanks again for all you have done!

 

 

Clark

[zep516]

Hello,

Are you currently using the printer Brother MFC-7840W ?

[DXhound]

Joe,

 

     Yes, the Brother is the "Network" printer for all computers in the house.  It is being used by the computer we have been working on.

 

 

CLark

[zep516]

OK,

I'm still looking into this as I'm somewhat stumped. I really don't want to reinstall the printer software, and I just don't want to go and delete the scansoft and related folders, nor do I want to put the entry back that adwcleaner removed....

I'll get back to you. Finally some free time.

Joe

[DXhound]

Joe,

 

     Would a possible option be to just go ahead and install the ScanSoft program and then delete it?  Of course, in doing that I am assuming that the fact that the computer wants to install ScanSoft has to do with the fact that I have previously installed the Brother package and that this ScanSoft installation is not some Malware.

 

     Obviously this is not a "mission critical" deal so please, take your time.  The main problem of the "Multiple chrome.exe *32" malware seems to have been corrected.

 

 

Clark

[zep516]

Yes go ahead and install scansoft if you have the ability to. It's not Malware. I have it on my machine too as I use a Brother printer.