logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

[Solved] PUP.Optional.Legacy and PUP.Optional.WebProtector - how to remove these threats?

Lordo50PL 4560 17
Best answers

How can I remove AdwCleaner detections for PUP.Optional.Legacy and PUP.Optional.WebProtector that keep coming back after cleanup?

Uninstall AlphaGo, BikaQ Rss, McAfee Security Scan Plus, McAfee True Key, and McAfee WebAdvisor, then run the FRST fixlist as instructed to remove leftover tasks, hosts entries, browser hooks, and the hijacked search settings [#17387185] Manually reset the browser search engines in Chrome and Firefox back to Google; one reply specifically says to do this even if Chrome is not installed, and to change Firefox’s AdBlock to uBlock Origin [#17387598][#17403326] If AdwCleaner still detects the Firefox search engine afterward, export bookmarks, delete the Firefox profile directory, and scan with Malwarebytes, removing anything it finds [#17403326][#17387140]
Generated by the language model.
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Report a violation of the law
| New topic
  • #1 17387000
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    Hi, the scan from AdwCleaner showed me 10 threats. When unfolded, it showed 9 is from PUP.Optional.Legacy and those 1 are from PUP.OptionalWebProtector. I cleaned with AdwCleaner, restarted the PC, and then shows these 10 threats. Thanks for the help in advance. Screenshots from FRST and AdwCleanera
    Attachments:
    • PUP.Optional.Legacy and PUP.Optional.WebProtector - how to remove these threats? AdwCleaner.PNG (78.09 KB) You must be logged in to download this attachment.
    • FRST.txt (38.82 KB) You must be logged in to download this attachment.
    • Addition.txt (113.84 KB) You must be logged in to download this attachment.
  • ADVERTISEMENT
  • #2 17387022
    RADU23
    VIP Meritorious for electroda.pl
    Posts: 20712
    Help: 2425
    Rate: 1726
    Otwórz notatnik i wklej zawartość:
    Quote:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia [X]
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: G - G:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: H - H:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: I - I:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: L - L:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {2ee2d6f2-8321-11e6-b487-d8cb8a3928f3} - H:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {3819b187-46fc-11e7-8091-d8cb8a3928f3} - V:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {3df9fc90-4701-11e5-98de-d8cb8a3928f3} - J:\RunGame.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {508f90eb-01f1-11e5-8953-d8cb8a3928f3} - G:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {874bea60-347c-11e5-b6c6-d8cb8a3928f3} - G:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {8f93200f-33c1-11e5-bbb3-d8cb8a3928f3} - H:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {93b83d9c-0a1e-11e6-9bd0-d8cb8a3928f3} - G:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {93b83dae-0a1e-11e6-9bd0-d8cb8a3928f3} - I:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {c80d3735-3540-11e5-8d42-d8cb8a3928f3} - I:\Startme.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {e149127f-0adb-11e6-bc07-d8cb8a3928f3} - G:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {ee49597f-d5af-11e6-a62e-d8cb8a3928f3} - J:\setup.exe
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\MountPoints2: {f1d33b67-3428-11e5-a256-d8cb8a3928f3} - G:\setup.exe
    ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (Brak pliku)
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
    Toolbar: HKU\S-1-5-21-3455255253-503408873-1182082362-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    Toolbar: HKU\S-1-5-21-3455255253-503408873-1182082362-1000 -> Brak nazwy - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Brak pliku
    FF Plugin: @Microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [Brak pliku]
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [Brak pliku]
    FF Plugin-x32: @Microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @TOOLS.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [Brak pliku]
    FF Plugin-x32: @TOOLS.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [Brak pliku]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
    S3 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]
    S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" [X]
    S3 ISCTAgent; "C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe" [X]
    S3 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
    S3 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]
    S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe" [X]
    S3 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [X]
    S3 MSI_Trigger_Service; "C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe" [X]
    S3 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
    U3 a2o9sgas; Brak ImagePath
    S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
    S3 MSICDSetup; \??\F:\CDriver64.sys [X]
    S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [X]
    S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
    S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    U3 mbr; \??\C:\Users\KuBa\AppData\Local\Temp\mbr.sys [X] Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> Brak pliku
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll -> Brak pliku
    ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll -> Brak pliku
    ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> Brak pliku
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\KuBa\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll -> Brak pliku
    Task: {0998749E-DAE1-4241-9C50-539BF6405A49} - System32\Tasks\Update\NoMansSky => C:\Users\KuBa\AppData\Roaming\nomanssky.exe C:\Windows\system32\pcalua.exe -a "E:\Need For Speed\Need For Speed Carbon\PLIKI\setup.exe" -d "E:\Need For Speed\Need For Speed Carbon\PLIKI"
    Task: {1AC8D168-1057-40E1-94CD-7270355229F7} - System32\Tasks\{4FECA074-9EC3-41AD-9134-717B0089CB11} => C:\Windows\system32\pcalua.exe -a "C:\Games\No Man's Sky\GRA\No Man's Sky\LanguageSetup.exe" -d "C:\Games\No Man's Sky\GRA\No Man's Sky"
    Task: {1FAD3036-4810-4D27-BC7F-9B5C56386B61} - \SmartStats Service -> Brak pliku C:\Windows\system32\pcalua.exe -a "I:\Support\SimCity 4 Deluxe_uninst.exe" -d I:\Support
    Task: {33B11D07-94C4-40A4-B781-B796BD6B77A7} - System32\Tasks\{883A3A88-5101-4D01-854A-E762F87E2AF9} => C:\Windows\system32\pcalua.exe -a G:\Redist\DirectX\dxsetup.exe -d G:\Redist\DirectX
    Task: {41CFCA97-CE2A-40B0-A701-6D4CF33B86C6} - System32\Tasks\{51F574E0-53EB-476F-BD5B-0A7547594912} => C:\Windows\system32\pcalua.exe -a "C:\Games\No Man's Sky (gra)\No Man's Sky\LanguageSetup.exe" -d "C:\Games\No Man's Sky (gra)\No Man's Sky"
    Task: {521DB5D4-C85B-4CCA-9B86-50DAC39866BD} - System32\Tasks\{B7BC4E3D-1E0B-4349-B383-C8682075982D} => C:\Windows\system32\pcalua.exe -a F:\Sims3Setup.exe -d F:\
    Task: {56F0AE2C-55EA-4E2A-A3BC-C412AC1C2EBA} - System32\Tasks\{7A792ACB-8587-4BE8-9E2E-4A0B5294DA0E} => C:\Windows\system32\pcalua.exe -a "E:\L.A Noire\L.A.Noire\DLCinstall.exe" -d "E:\L.A Noire\L.A.Noire"
    Task: {6769A4D4-BAB3-4913-9899-8191EE2868AE} - System32\Tasks\{29F80B67-A402-4277-9CE0-B3F31332AEDE} => C:\Windows\system32\pcalua.exe -a "E:\fifa 16\FIFA 16 Super Deluxe Edition -SKIDROWCRACK\Launcher.exe" -d "E:\fifa 16\FIFA 16 Super Deluxe Edition -SKIDROWCRACK"
    Task: {8340868E-9B83-46D4-9992-99D7DA597D08} - System32\Tasks\{2F4DD942-587D-4A07-9ADE-33ED238E865A} => C:\Windows\system32\pcalua.exe -a "E:\Need For Speed SHIFT 2\Need For Speed Shift 2 - Unleashed\PLIKI\EASetup.exe" -d "E:\Need For Speed SHIFT 2\Need For Speed Shift 2 - Unleashed\PLIKI"
    Task: {964386A0-0C00-4206-A607-1BFC38C010EC} - System32\Tasks\{87530B60-D4FD-4A7F-AECA-BA840816E2BB} => C:\Windows\system32\pcalua.exe -a C:\Users\KuBa\Downloads\setup_SoundInjector.exe -d C:\Users\KuBa\Downloads
    Task: {D97D437E-1305-47F2-AEFE-BE2A5E24E81E} - System32\Tasks\{1A6EF079-4253-49F8-BE4A-D98982D9C11B} => C:\Windows\system32\pcalua.exe -a I:\SC4_uninst.exe -d I:\
    Task: {ED4633DC-22FF-4B05-B652-FA284027B462} - \DC5F45B0-5A8B-D27B-5091-505158DFD905 -> Brak pliku C:\Windows\system32\pcalua.exe -a "E:\fifa 16\FIFA 16 Super Deluxe Edition -SKIDROWCRACK\Origin.Games.Reg.Tools.v2.0-3DM.exe" -d "E:\fifa 16\FIFA 16 Super Deluxe Edition -SKIDROWCRACK"
    AlternateDataStreams: C:\Users\KuBa:Heroes & Generals [38]
    AlternateDataStreams: C:\Users\Public\AppData:CSM [468]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.
  • #3 17387059
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    After repairing and restarting the PC, I still get the same 10 threats as before: /
    Attachments:
    • PUP.Optional.Legacy and PUP.Optional.WebProtector - how to remove these threats? ADW.PNG (70.25 KB) You must be logged in to download this attachment.
  • #4 17387063
    RADU23
    VIP Meritorious for electroda.pl
    Posts: 20712
    Help: 2425
    Rate: 1726
    Post the FRST logs again.
  • ADVERTISEMENT
  • #5 17387066
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    Re-fix and restart ??

    Added after 3 [minutes]:

    I also send the result of the repair.
    Attachments:
    • Fixlog.txt (28.97 KB) You must be logged in to download this attachment.
  • #6 17387072
    RADU23
    VIP Meritorious for electroda.pl
    Posts: 20712
    Help: 2425
    Rate: 1726
    Reload the logs. FRST + Addition.
  • #7 17387081
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    I'm sending

    Added after 2 [minutes]:

    Here are new.
    Attachments:
    • FRST.txt (32.91 KB) You must be logged in to download this attachment.
    • Addition.txt (108.02 KB) You must be logged in to download this attachment.
  • Helpful post
    #8 17387109
    RADU23
    VIP Meritorious for electroda.pl
    Posts: 20712
    Help: 2425
    Rate: 1726
    Fixlist to be performed (procedure as above)
    Quote:
    ShortcutTarget: GIGABYTE OC_GURU.lnk -> C: \ Program Files (x86) \ GIGABYTE \ GIGABYTE OC_GURU II \ OC_GURU.exe (No file)
    U3 a33747rd; ImagePath is missing
    AlphaGo (HKLM-x32 \ ... \ {B20B3A3C-91E3-4326-8A0F-B3C012574F8C}) (Version: 1.1.2 - Default Company Name)
  • #9 17387113
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    Repair, I will restart the computer and let me know.

    Added after 9 [minutes]:

    On AdwCleaner it shows 10 more threats, do you know any similar antivirus ??
  • #11 17387148
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    I have already scanned this program, but it will try to do something. I also reset the browsers a moment ago, maybe it will do something :D
  • ADVERTISEMENT
  • Helpful post
    #12 17387185
    krzychupar
    Level 43  
    Posts: 6807
    Help: 1490
    Rate: 633
    Odinstaluj:

    AlphaGo
    BikaQ Rss
    McAfee Security Scan Plus
    McAfee True Key
    McAfee WebAdvisor

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    Task: {0AD91B18-00F1-46B8-96A1-DDE43333188A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe
    Task: {A9954469-EEC4-4752-AEFE-CC4414BCBA28} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
    Hosts:
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (McAfee, LLC.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (Brak pliku)
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0FC95CCA7F089DEF10582A2B398477E1&v=20160421&ts=AHEqAH8oAnQoAE..
    CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0FC95CCA7F089DEF10582A2B398477E1&v=20160421&ts=AHEqAH8oAnQoAE.."
    CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1471332729&from=c3a00815&uid=hitachixhde721010sla330_ms14k17k&z=7647ba4ae4769ebef88806eg0z0m0gbc4ceo2m0cbg&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> nice
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    U3 a33747rd; Brak ImagePath
    2017-03-06 15:43 - 2017-03-21 14:09 - 000008164 _____ () C:\Program Files (x86)\metadata
    2015-07-31 10:08 - 2015-08-21 09:48 - 000000024 _____ () C: \ Users \ KuBa \ AppData \ Roaming \ appdataFr25.bin
    2015-12-31 14:33 - 2015-12-31 14:33 - 000000000 _____ () C: \ Users \ KuBa \ AppData \ Roaming \ mediaconverter.io.lock
    2016-01-02 18:26 - 2016-01-02 18:26 - 000000000 _____ () C: \ Users \ KuBa \ AppData \ Roaming \ mediaload.io.lock
    2015-10-23 14:34 - 2015-10-23 14:34 - 000000600 _____ () C: \ Users \ KuBa \ AppData \ Roaming \ winscp.rnd
    2018-03-28 11:56 - 2018-03-28 11:56 - 000140800 _____ () C: \ Users \ KuBa \ AppData \ Local \ installer.dat
    2016-01-10 14:09 - 2016-01-10 14:09 - 000000000 ___SH () C: \ Users \ KuBa \ AppData \ Local \ LumaEmu
    EmptyTemp:

    Save the file as fixlist.txt and put it in the folder where you have FRST.exe.
    Run FRST and click Fix.

    Added after 1 [minutes]:

    As the problem persists, delete C: \ FRST and close the topic.
  • #13 17387544
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    Thanks for the help :D

    Added after 21 [minutes]:

    4 threats disappeared, 6 detected, here is a screenshot from AdwCleaner
    Attachments:
    • PUP.Optional.Legacy and PUP.Optional.WebProtector - how to remove these threats? ADW.PNG (53.76 KB) You must be logged in to download this attachment.
  • ADVERTISEMENT
  • Helpful post
    #14 17387598
    Kolobos
    IT specialist
    Posts: 85152
    Help: 17158
    Rate: 10418
    Manually remove these search engines in Chrome and Firefox and change to google.
  • #15 17387644
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    The only problem is that I do not have Chrome on my computer, and on Firefox I have Google as the default: /
  • Helpful post
    #16 17403006
    RADU23
    VIP Meritorious for electroda.pl
    Posts: 20712
    Help: 2425
    Rate: 1726
    Post the FRST logs again.
  • Helpful post
    #17 17403326
    Kolobos
    IT specialist
    Posts: 85152
    Help: 17158
    Rate: 10418
    Odinstaluj AVG PC TuneUp 2015

    Usuwam profil Chrome skoro i tak go nie masz.

    W Firefox zmien AdBlock na uBlock Origin.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {0AD91B18-00F1-46B8-96A1-DDE43333188A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe
    Task: {102A2A0E-8F49-476C-B20F-38B311E35F77} - System32\Tasks\{AA1C0489-7441-4B8B-96EF-AD74FB558435} => E:\The Sims\The Sims 4\Game\Bin\TS4.exe
    Task: {102A7D8B-6CC0-4FFC-A266-1A3FA34E8C03} - System32\Tasks\{CDC83F4B-13F8-4FE1-9C2A-537AC0C93A25} => C:\Users\KuBa\Desktop\FOLDER DO MUZYK (1)\Sound_Injector.exe
    Task: {13FA5A02-5B38-4C7F-A314-435A2B179E3C} - System32\Tasks\InstallShield Update Service => C:\Users\KuBa\AppData\Roaming\Macromedia\ISSCH\issch.exe
    Task: {185518FC-9C8C-40F6-8AD4-C5427E4F4D73} - System32\Tasks\{F243C99D-FFAA-45C0-A347-A5850E1D0497} => C:\Games\Rise of the Tomb Raider\PLIKI\Rise of the Tomb Raider\ROTTR.exe
    Task: {1A32595F-3905-40C3-ADEA-5F8F5C99451C} - System32\Tasks\{A3AE7A1A-A95B-4EFF-8E09-C595E6E7EF2C} => C:\Users\KuBa\Desktop\TronReplacer.exe
    Task: {3FBCEA49-948F-41FC-B91C-4358727F2BA9} - System32\Tasks\Java Update Schedule => C:\Users\KuBa\AppData\Roaming\RHEng\Java\jusched.exe
    Task: {41EB0D48-613D-4C39-A402-BCE7932812C9} - System32\Tasks\{4A8773EF-1990-4A22-BF69-5FDFC5BF9E09} => E:\Fallout\Fallout 4\Fallout4Launcher.exe
    Task: {53C46840-0EE5-4B28-B07C-5499078AC157} - System32\Tasks\{DB55CC46-30C4-4636-9EFE-3D4C3E321223} => E:\The Sims\The Sims 4\Game\Bin\TS4.exe
    Task: {53C62ECB-F563-4989-B9FA-F9486C209B7E} - System32\Tasks\{DDD8B494-DE11-4DC6-891B-334ABC5AE643} => E:\MK 10\MK10\Binaries\Retail\MK10.exe
    Task: {6525E7F1-72B2-4579-B8C0-FB7B3C8435BE} - System32\Tasks\{12060637-942A-424F-854B-48D670AEF71F} => E:\L.A Noire\L.A\LANLauncher.exe
    Task: {667ECC1A-C494-42B6-837E-D1D5FB8748DB} - System32\Tasks\{B281F935-AE51-4BB9-ADC7-A9580EBE32F8} => E:\MK 10\MK10\Binaries\Retail\MK10.exe
    Task: {6D739BFF-6F88-4672-ABD7-EEB9EE7348D9} - System32\Tasks\{B9127F75-6138-4AD4-ABDA-BAD724C5B966} => D:\Dodatktowe Gry\Skyrim\The Elder Scrolls V Skyrim - Legendary Edition\SkyrimLauncher.exe
    Task: {762A6AB2-391A-49F6-94B3-6F1317DE19E1} - System32\Tasks\{62434376-6060-46F7-AD2E-1AD7E27E6086} => E:\sim city\Apps\SimCity 4.exe
    Task: {7961DE7C-0A46-4523-B0A4-2484ABD09B4E} - System32\Tasks\{DD1B8D58-B7E0-40A2-A41C-29043E6E751A} => E:\MK 10\MK10\Binaries\Retail\MK10.exe
    Task: {7E0DF934-430F-48BD-B4C3-B4DCF2E36794} - System32\Tasks\{0ECDD56F-2056-4D5C-B994-B7BBA973F179} => E:\fallout\Fallout 4\Fallout4Launcher.exe
    Task: {8153EE37-118C-4261-AE4D-6E1F632B2365} - System32\Tasks\{C91AFCF6-1D24-46FC-B690-DC9D332E5AC6} => C:\Users\KuBa\Desktop\TronReplacer.exe
    Task: {84E12D77-D2AF-438C-89AA-14882F5F2092} - System32\Tasks\{79CADB6D-EED5-43B0-B84B-B19E109E702B} => C:\Users\KuBa\AppData\Roaming\uTorrent\uTorrent.exe [2018-08-02] (BitTorrent Inc.)
    Task: {9180532F-37EE-4CD3-8DFB-44EA00C89D1C} - System32\Tasks\{0AA44E7B-0AA0-4407-8814-C4DF73915298} => E:\The Sims 4\The Sims 4\Game\Bin\TS4.exe
    Task: {92E547C9-6E6B-471A-942E-05B0E4502AC7} - System32\Tasks\{AC5294C8-58F9-49F7-80E8-156646E2D074} => C:\Users\KuBa\Desktop\TronReplacer.exe
    Task: {9B8CA9F3-D9E5-4DED-B526-AB70ABDD88C1} - System32\Tasks\{5CEEA823-4D6A-46C9-8A2F-E99DAF0F4E16} => C:\Program Files (x86)\Steam\Steam.exe
    Task: {A9954469-EEC4-4752-AEFE-CC4414BCBA28} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
    Task: {AA0984C6-4487-4509-B19B-A73682EB9E72} - System32\Tasks\{64906ABC-3B73-496E-9F08-02E0BF0AFAFB} => C:\Users\KuBa\Desktop\TronReplacer.exe
    Task: {C4095B55-317D-4DC0-99A7-7F8CE9CBB5FA} - System32\Tasks\{47DB1C44-A36C-4EDF-9610-D27EC2BF5853} => E:\fifa 16\FIFA 16 Super Deluxe Edition -SKIDROWCRACK\Launcher.exe
    Task: {CED252B7-4C9F-4EF9-9DE3-B4729D7624F8} - System32\Tasks\{E3E16EE6-52E6-4906-B62C-5F7C7BDBC6CF} => C:\Users\KuBa\Desktop\Tube Tycoon\TubeTycoon.exe
    Task: {DA304D14-EAF9-4D68-A965-4EF1412D8A0A} - System32\Tasks\{DA37DF07-9B65-4DEA-971E-8F8A92B0A1EC} => E:\Formuła\F1 2015\F1_2015.exe
    Task: {DB2E1FCD-DDD0-44E0-80C5-77FADF5CEBDB} - System32\Tasks\{CA38E7E1-ED6C-43CC-8089-F44DA8B2B45A} => C:\Users\KuBa\AppData\Roaming\uTorrent\uTorrent.exe [2018-08-02] (BitTorrent Inc.)
    Task: {DB799162-F35B-4F64-8B00-5D5592E8B0C4} - System32\Tasks\{9F66C28B-FC7A-4FA3-831B-70063BA4756F} => E:\MK 10\MK10\Binaries\Retail\MK10.exe
    Task: {DC399B06-E959-402A-8845-902178E16CC8} - System32\Tasks\{5A1C6ADE-EA0E-4AE1-B185-D9E45F71D544} => E:\assasins\Assasin's Creed Syndicate\Assassins Creed Syndicate\ACS.exe
    Task: {E6837737-CDA0-4AF1-A94D-2687F309C9E4} - System32\Tasks\{AE51C5B5-791B-4BFE-93E7-E7F3DB06C1AA} => E:\assasins\Assassin's Creed Unity\ACU.exe
    Task: {EEC7601F-8A49-48CB-AED2-547EB79C11CD} - System32\Tasks\{F0446FC6-5B79-4CE1-AA2E-1B2DD3D03416} => E:\The Sims 4\The Sims 4\Game\Bin\TS4.exe
    Task: {FDF23FFD-FB5E-4EE1-8F57-264F5CCC6A0F} - System32\Tasks\{4C48A979-9A09-47DE-B579-A166F46CEA71} => D:\Deamon\DAEMON Tools Lite\DTLauncher.exe
    Hosts:
    HKLM-x32\...\Run: [Smart File Advisor] => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
    HKLM-x32\...\Run: [SFAUpdater] => "C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe"
    HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
    Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
    URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    FF user.js: detected! => C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\049qzy6p.default\user.js [2017-06-30]
    C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\049qzy6p.default\Extensions\{44543b60-e1c1-4173-be0b-81c96bac3d41}.xpi
    FF Extension: (Wooden Seal 1.0.1) - C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\049qzy6p.default\Extensions\{44543b60-e1c1-4173-be0b-81c96bac3d41}.xpi [2016-03-24] [Przestarzałe] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\049qzy6p.default\searchplugins\avast-search.xml [2016-03-27]
    C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\129oag1q.Domyślny kuuubba-1505998550367\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi
    FF Extension: (AdBlock) - C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\129oag1q.Domyślny kuuubba-1505998550367\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-07-26]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0FC95CCA7F089DEF10582A2B398477E1&v=20160421&ts=AHEqAH8oAnQoAE..
    CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0FC95CCA7F089DEF10582A2B398477E1&v=20160421&ts=AHEqAH8oAnQoAE.."
    CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1471332729&from=c3a00815&uid=hitachixhde721010sla330_ms14k17k&z=7647ba4ae4769ebef88806eg0z0m0gbc4ceo2m0cbg&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> nice
    CHR Profile: C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default [2018-03-28]
    C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Adblock Plus) - C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-03]
    CHR Extension: (Brak nazwy) - C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-01]
    CHR Extension: (Brak nazwy) - C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpabmjecillbmlhmkbibekmbnidhopk [2016-08-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
    S3 DHCPArbSvc; "C:\Program Files\Common Files\System\svc\dllhost.exe"
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    U3 a33747rd; Brak ImagePath
    2018-07-20 10:19 - 2016-12-16 16:07 - 000000000 ____D C:\Program Files (x86)\McAfee
    2017-03-06 15:43 - 2017-03-21 14:09 - 000008164 _____ () C:\Program Files (x86)\metadata
    2015-07-31 10:08 - 2015-08-21 09:48 - 000000024 _____ () C:\Users\KuBa\AppData\Roaming\appdataFr25.bin
    2015-12-31 14:33 - 2015-12-31 14:33 - 000000000 _____ () C:\Users\KuBa\AppData\Roaming\mediaconverter.io.lock
    2016-01-02 18:26 - 2016-01-02 18:26 - 000000000 _____ () C:\Users\KuBa\AppData\Roaming\mediaload.io.lock
    2018-03-28 11:56 - 2018-03-28 11:56 - 000140800 _____ () C: \ Users \ KuBa \ AppData \ Local \ installer.dat

    If, after execution, adwc will still detect the search engine in FF, download bookmarks from Firefox and delete the browser profile directory.
  • #18 17415095
    Lordo50PL
    Level 7  
    Posts: 31
    Rate: 1
    The problem fixed was helped by another person who knows more about it and helped me solve this problem. She told me that there are so many viruses on the computer that it is not profitable to clean it just to make a format. After the format, everything is faster and I have not encountered any problem yet :D Thanks to everyone for your help ;)

    Added after 33 [seconds]:

    Computer format
| New topic
Report a violation of the law

Topic summary

✨ The discussion revolves around the persistent detection of PUP.Optional.Legacy and PUP.Optional.WebProtector by AdwCleaner, despite attempts to remove them. The user initially reported 10 threats, primarily from PUP.Optional.Legacy. Various responses suggested methods for removal, including posting FRST logs, performing repairs, and using Malwarebytes (MBAM) for additional scanning. Users recommended uninstalling specific programs like McAfee products and AVG PC TuneUp, as well as resetting browsers. Ultimately, the user resolved the issue by formatting the computer, which eliminated the threats and improved performance.
Generated by the language model.

FAQ

TL;DR: AdwCleaner flagged 10 threats; fix them via FRST + Malwarebytes—"Perform MBAM scan and delete anything it detects." Manually reset search engines to clear residues; replace browser profiles or, in extreme cases, format. [Elektroda, RADU23, post #17387140]

Why it matters: This FAQ helps Windows users remove PUP.Optional.Legacy/WebProtector that reappear after cleaning.

Quick Facts

What are PUP.Optional.Legacy and PUP.Optional.WebProtector?

They are Malwarebytes/AdwCleaner detection names for potentially unwanted program remnants and browser hijacker settings. In this case, they were tied to altered search providers and extensions like YesSearches/NiceSearches. Removing them usually needs FRST fixes plus browser cleanup to reset search scopes and profiles. [Elektroda, Kolobos, post #17403326]

How do I remove PUP.Optional.Legacy/WebProtector step-by-step?

Use FRST with a tailored fixlist, then reboot.
  1. Save the provided lines as fixlist.txt next to FRST.exe.
  2. Run FRST and click Fix/Napraw, then restart.
  3. Uninstall listed PUPs and clean temp data; rescan with AdwCleaner. This sequence was provided and refined by helpers in the thread. [Elektroda, krzychupar, post #17387185]

AdwCleaner still shows the same 10 threats after cleaning—why?

Persistent detections usually mean hijacked search settings or scheduled tasks still recreate entries. The count can remain exactly 10 until profiles or search scopes are reset or removed. This behavior was observed after a repair and restart. [Elektroda, Lordo50PL, post #17387059]

What should I do when detections persist after a fix?

Post the FRST logs again. A helper will adjust the script and ask you to rerun Fix. This iterative approach targets leftovers that initial scripts miss. It is normal to repeat until detections stop. [Elektroda, RADU23, post #17387063]

MBAM didn’t find anything—what else helps?

Reset browsers and remove hijacker search engines manually. If AdwCleaner still detects the search engine in Firefox, export bookmarks and delete the Firefox profile folder to rebuild clean settings. This clears embedded search and extension residues. [Elektroda, Kolobos, post #17403326]

Why do Chrome items appear when Chrome isn’t installed?

Leftover Chrome user data can remain on disk and still be scanned. Helpers removed the Chrome profile even though Chrome wasn’t present. Delete the Chrome User Data\Default folder after backing up needed data, then rescan. [Elektroda, Kolobos, post #17403326]

How do I manually remove unwanted search engines in Firefox?

Open Firefox Settings > Search. Set Google as default and remove unknown engines. Then run Help > More Troubleshooting Information > Refresh Firefox if needed. "Manually remove these search engines in Chrome and Firefox and change to google." [Elektroda, Kolobos, post #17387598]

Which apps should I uninstall to reduce PUP detections?

Remove McAfee WebAdvisor, McAfee True Key, McAfee Security Scan Plus, AlphaGo, and BikaQ Rss. Helpers also killed related services and add-ons in the fixlist. Uninstalling cuts auto-reinstalls and reduces scan hits. [Elektroda, krzychupar, post #17387185]

What is FRST and what does fixlist.txt do?

FRST is a diagnostic and repair tool. It applies scripted fixes from fixlist.txt. You paste the provided entries into Notepad, save as fixlist.txt next to FRST.exe, then click Fix to remove unwanted policies, tasks, and services. [Elektroda, RADU23, post #17387022]

Should I rerun FRST and resubmit logs after each fix?

Yes. Helpers requested reloading FRST and Addition logs after each run. They refine the script until detections stop appearing on subsequent scans. This iterative loop is expected. [Elektroda, RADU23, post #17387072]

AdwCleaner flags YesSearches/NiceSearches—how do I clear them?

Change the default search engine to Google and remove YesSearches/NiceSearches from settings. If detections persist, export bookmarks and delete the Firefox profile directory. Recreate the profile and rescan to confirm removal. [Elektroda, Kolobos, post #17403326]

Is it safe to ignore PUP.Optional.WebProtector detections?

No. Remove them. "Perform MBAM scan and delete anything it detects." Ignoring PUPs leaves hijacks active and can respawn entries after reboot. Clean detections and reset browsers. [Elektroda, RADU23, post #17387140]

After cleaning, detections dropped from 10 to 6—what next?

Finish by manually removing or resetting browser search engines. Helpers emphasized clearing Chrome and Firefox search entries to eliminate remaining flags. Rescan with AdwCleaner to confirm a clean state. [Elektroda, Kolobos, post #17387598]

When should I format Windows?

Format if infections are extensive and cleaning is uneconomical. One user chose a full format and reported faster performance and no further problems afterward. This is a last-resort but effective reset. [Elektroda, Lordo50PL, post #17415095]

How do I back up Firefox bookmarks before deleting the profile?

In Firefox, open Bookmarks > Manage Bookmarks > Import and Backup > Backup, and save the file. After deleting the profile directory as advised, restore bookmarks from that backup in the same menu. [Elektroda, Kolobos, post #17403326]
Generated by the language model.
ADVERTISEMENT