PUP.Optional.Legacy and PUP.Optional.WebProtector - how to remove these threats?

Question

Hi, the scan from AdwCleaner showed me 10 threats. When unfolded, it showed 9 is from PUP.Optional.Legacy and those 1 are from PUP.OptionalWebProtecto...

RADU23 · Accepted Answer

Fixlist to be performed (procedure as above)

RADU23 · Accepted Answer

Perform MBAM scan and delete anything it detects => https://www.malwarebytes.org/dl-confirm/

krzychupar · Accepted Answer

Odinstaluj:

AlphaGo
BikaQ Rss
McAfee Security Scan Plus
McAfee True Key
McAfee WebAdvisor

Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: {0AD91B18-00F1-46B8-96A1-DDE43333188A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe
Task: {A9954469-EEC4-4752-AEFE-CC4414BCBA28} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Hosts:
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (Brak pliku)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0FC95CCA7F089DEF10582A2B398477E1&v=20160421&ts=AHEqAH8oAnQoAE..
CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0FC95CCA7F089DEF10582A2B398477E1&v=20160421&ts=AHEqAH8oAnQoAE.."
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1471332729&from=c3a00815&uid=hitachixhde721010sla330_ms14k17k&z=7647ba4ae4769ebef88806eg0z0m0gbc4ceo2m0cbg&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
U3 a33747rd; Brak ImagePath
2017-03-06 15:43 - 2017-03-21 14:09 - 000008164 _____ () C:\Program Files (x86)\metadata
2015-07-31 10:08 - 2015-08-21 09:48 - 000000024 _____ () C: \ Users \ KuBa \ AppData \ Roaming \ appdataFr25.bin
2015-12-31 14:33 - 2015-12-31 14:33 - 000000000 _____ () C: \ Users \ KuBa \ AppData \ Roaming \ mediaconverter.io.lock
2016-01-02 18:26 - 2016-01-02 18:26 - 000000000 _____ () C: \ Users \ KuBa \ AppData \ Roaming \ mediaload.io.lock
2015-10-23 14:34 - 2015-10-23 14:34 - 000000600 _____ () C: \ Users \ KuBa \ AppData \ Roaming \ winscp.rnd
2018-03-28 11:56 - 2018-03-28 11:56 - 000140800 _____ () C: \ Users \ KuBa \ AppData \ Local \ installer.dat
2016-01-10 14:09 - 2016-01-10 14:09 - 000000000 ___SH () C: \ Users \ KuBa \ AppData \ Local \ LumaEmu
EmptyTemp:

Save the file as fixlist.txt and put it in the folder where you have FRST.exe.
Run FRST and click Fix.

Added after 1 [minutes]:

As the problem persists, delete C: \ FRST and close the topic.

Kolobos · Accepted Answer

Manually remove these search engines in Chrome and Firefox and change to google.

RADU23 · Accepted Answer

Post the FRST logs again.

Kolobos · Accepted Answer

Odinstaluj AVG PC TuneUp 2015 Usuwam profil Chrome skoro i tak go nie masz. W Firefox zmien AdBlock na uBlock Origin. Wykonaj Fixlist.txt dla FRST:CloseProcesses:Task: {0AD91B18-00F1-46B8-96A1-DDE43333188A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exeTask: {102A2A0E-8F49-476C-B20F-38B311E35F77} - System32\Tasks\{AA1C0489-7441-4B8B-96EF-AD74FB558435} => E:\The Sims\The Sims 4\Game\Bin\TS4.exeTask: {102A7D8B-6CC0-4FFC-A266-1A3FA34E8C03} - System32\Tasks\{CDC83F4B-13F8-4FE1-9C2A-537AC0C93A25} => C:\Users\KuBa\Desktop\FOLDER DO MUZYK (1)\Sound_Injector.exeTask: {13FA5A02-5B38-4C7F-A314-435A2B179E3C} - System32\Tasks\InstallShield Update Service => C:\Users\KuBa\AppData\Roaming\Macromedia\ISSCH\issch.exeTask: {185518FC-9C8C-40F6-8AD4-C5427E4F4D73} - System32\Tasks\{F243C99D-FFAA-45C0-A347-A5850E1D0497} => C:\Games\Rise of the Tomb Raider\PLIKI\Rise of the Tomb Raider\ROTTR.exeTask: {1A32595F-3905-40C3-ADEA-5F8F5C99451C} - System32\Tasks\{A3AE7A1A-A95B-4EFF-8E09-C595E6E7EF2C} => C:\Users\KuBa\Desktop\TronReplacer.exeTask: {3FBCEA49-948F-41FC-B91C-4358727F2BA9} - System32\Tasks\Java Update Schedule => C:\Users\KuBa\AppData\Roaming\RHEng\Java\jusched.exeTask: {41EB0D48-613D-4C39-A402-BCE7932812C9} - System32\Tasks\{4A8773EF-1990-4A22-BF69-5FDFC5BF9E09} => E:\Fallout\Fallout 4\Fallout4Launcher.exeTask: {53C46840-0EE5-4B28-B07C-5499078AC157} - System32\Tasks\{DB55CC46-30C4-4636-9EFE-3D4C3E321223} => E:\The Sims\The Sims 4\Game\Bin\TS4.exeTask: {53C62ECB-F563-4989-B9FA-F9486C209B7E} - System32\Tasks\{DDD8B494-DE11-4DC6-891B-334ABC5AE643} => E:\MK 10\MK10\Binaries\Retail\MK10.exeTask: {6525E7F1-72B2-4579-B8C0-FB7B3C8435BE} - System32\Tasks\{12060637-942A-424F-854B-48D670AEF71F} => E:\L.A Noire\L.A\LANLauncher.exeTask: {667ECC1A-C494-42B6-837E-D1D5FB8748DB} - System32\Tasks\{B281F935-AE51-4BB9-ADC7-A9580EBE32F8} => E:\MK 10\MK10\Binaries\Retail\MK10.exeTask: {6D739BFF-6F88-4672-ABD7-EEB9EE7348D9} - System32\Tasks\{B9127F75-6138-4AD4-ABDA-BAD724C5B966} => D:\Dodatktowe Gry\Skyrim\The Elder Scrolls V Skyrim - Legendary Edition\SkyrimLauncher.exeTask: {762A6AB2-391A-49F6-94B3-6F1317DE19E1} - System32\Tasks\{62434376-6060-46F7-AD2E-1AD7E27E6086} => E:\sim city\Apps\SimCity 4.exeTask: {7961DE7C-0A46-4523-B0A4-2484ABD09B4E} - System32\Tasks\{DD1B8D58-B7E0-40A2-A41C-29043E6E751A} => E:\MK 10\MK10\Binaries\Retail\MK10.exeTask: {7E0DF934-430F-48BD-B4C3-B4DCF2E36794} - System32\Tasks\{0ECDD56F-2056-4D5C-B994-B7BBA973F179} => E:\fallout\Fallout 4\Fallout4Launcher.exeTask: {8153EE37-118C-4261-AE4D-6E1F632B2365} - System32\Tasks\{C91AFCF6-1D24-46FC-B690-DC9D332E5AC6} => C:\Users\KuBa\Desktop\TronReplacer.exeTask: {84E12D77-D2AF-438C-89AA-14882F5F2092} - System32\Tasks\{79CADB6D-EED5-43B0-B84B-B19E109E702B} => C:\Users\KuBa\AppData\Roaming\uTorrent\uTorrent.exe [2018-08-02] (BitTorrent Inc.)Task: {9180532F-37EE-4CD3-8DFB-44EA00C89D1C} - System32\Tasks\{0AA44E7B-0AA0-4407-8814-C4DF73915298} => E:\The Sims 4\The Sims 4\Game\Bin\TS4.exeTask: {92E547C9-6E6B-471A-942E-05B0E4502AC7} - System32\Tasks\{AC5294C8-58F9-49F7-80E8-156646E2D074} => C:\Users\KuBa\Desktop\TronReplacer.exeTask: {9B8CA9F3-D9E5-4DED-B526-AB70ABDD88C1} - System32\Tasks\{5CEEA823-4D6A-46C9-8A2F-E99DAF0F4E16} => C:\Program Files (x86)\Steam\Steam.exeTask: {A9954469-EEC4-4752-AEFE-CC4414BCBA28} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exeTask: {AA0984C6-4487-4509-B19B-A73682EB9E72} - System32\Tasks\{64906ABC-3B73-496E-9F08-02E0BF0AFAFB} => C:\Users\KuBa\Desktop\TronReplacer.exeTask: {C4095B55-317D-4DC0-99A7-7F8CE9CBB5FA} - System32\Tasks\{47DB1C44-A36C-4EDF-9610-D27EC2BF5853} => E:\fifa 16\FIFA 16 Super Deluxe Edition -SKIDROWCRACK\Launcher.exeTask: {CED252B7-4C9F-4EF9-9DE3-B4729D7624F8} - System32\Tasks\{E3E16EE6-52E6-4906-B62C-5F7C7BDBC6CF} => C:\Users\KuBa\Desktop\Tube Tycoon\TubeTycoon.exeTask: {DA304D14-EAF9-4D68-A965-4EF1412D8A0A} - System32\Tasks\{DA37DF07-9B65-4DEA-971E-8F8A92B0A1EC} => E:\Formuła\F1 2015\F1_2015.exeTask: {DB2E1FCD-DDD0-44E0-80C5-77FADF5CEBDB} - System32\Tasks\{CA38E7E1-ED6C-43CC-8089-F44DA8B2B45A} => C:\Users\KuBa\AppData\Roaming\uTorrent\uTorrent.exe [2018-08-02] (BitTorrent Inc.)Task: {DB799162-F35B-4F64-8B00-5D5592E8B0C4} - System32\Tasks\{9F66C28B-FC7A-4FA3-831B-70063BA4756F} => E:\MK 10\MK10\Binaries\Retail\MK10.exeTask: {DC399B06-E959-402A-8845-902178E16CC8} - System32\Tasks\{5A1C6ADE-EA0E-4AE1-B185-D9E45F71D544} => E:\assasins\Assasin's Creed Syndicate\Assassins Creed Syndicate\ACS.exeTask: {E6837737-CDA0-4AF1-A94D-2687F309C9E4} - System32\Tasks\{AE51C5B5-791B-4BFE-93E7-E7F3DB06C1AA} => E:\assasins\Assassin's Creed Unity\ACU.exeTask: {EEC7601F-8A49-48CB-AED2-547EB79C11CD} - System32\Tasks\{F0446FC6-5B79-4CE1-AA2E-1B2DD3D03416} => E:\The Sims 4\The Sims 4\Game\Bin\TS4.exeTask: {FDF23FFD-FB5E-4EE1-8F57-264F5CCC6A0F} - System32\Tasks\{4C48A979-9A09-47DE-B579-A166F46CEA71} => D:\Deamon\DAEMON Tools Lite\DTLauncher.exeHosts:HKLM-x32\...\Run: [Smart File Advisor] => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassocHKLM-x32\...\Run: [SFAUpdater] => "C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe"HKU\S-1-5-21-3455255253-503408873-1182082362-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exeLsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)FF user.js: detected! => C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\049qzy6p.default\user.js [2017-06-30]C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\049qzy6p.default\Extensions\{44543b60-e1c1-4173-be0b-81c96bac3d41}.xpiFF Extension: (Wooden Seal 1.0.1) - C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\049qzy6p.default\Extensions\{44543b60-e1c1-4173-be0b-81c96bac3d41}.xpi [2016-03-24] [Przestarzałe] [Brak podpisu cyfrowego]FF SearchPlugin: C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\049qzy6p.default\searchplugins\avast-search.xml [2016-03-27]C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\129oag1q.Domyślny kuuubba-1505998550367\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi FF Extension: (AdBlock) - C:\Users\KuBa\AppData\Roaming\Mozilla\Firefox\Profiles\129oag1q.Domyślny kuuubba-1505998550367\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-07-26]FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpiC:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpiFF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpiCHR DefaultProfile: DefaultCHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0FC95CCA7F089DEF10582A2B398477E1&v=20160421&ts=AHEqAH8oAnQoAE..CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0FC95CCA7F089DEF10582A2B398477E1&v=20160421&ts=AHEqAH8oAnQoAE.." CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1471332729&from=c3a00815&uid=hitachixhde721010sla330_ms14k17k&z=7647ba4ae4769ebef88806eg0z0m0gbc4ceo2m0cbg&q={searchTerms}CHR DefaultSearchKeyword: Default -> niceCHR Profile: C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default [2018-03-28]C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Adblock Plus) - C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-03]CHR Extension: (Brak nazwy) - C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-01]CHR Extension: (Brak nazwy) - C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpabmjecillbmlhmkbibekmbnidhopk [2016-08-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\KuBa\AppData\Local\Google\Chrome\User Data\Default\Extensions
mmhkkegccagdldgiimedpiccmgmieda [2016-07-10]R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)S3 DHCPArbSvc; "C:\Program Files\Common Files\System\svc\dllhost.exe"R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)U3 a33747rd; Brak ImagePath2018-07-20 10:19 - 2016-12-16 16:07 - 000000000 ____D C:\Program Files (x86)\McAfee2017-03-06 15:43 - 2017-03-21 14:09 - 000008164 _____ () C:\Program Files (x86)\metadata2015-07-31 10:08 - 2015-08-21 09:48 - 000000024 _____ () C:\Users\KuBa\AppData\Roaming\appdataFr25.bin2015-12-31 14:33 - 2015-12-31 14:33 - 000000000 _____ () C:\Users\KuBa\AppData\Roaming\mediaconverter.io.lock2016-01-02 18:26 - 2016-01-02 18:26 - 000000000 _____ () C:\Users\KuBa\AppData\Roaming\mediaload.io.lock2018-03-28 11:56 - 2018-03-28 11:56 - 000140800 _____ () C: \ Users \ KuBa \ AppData \ Local \ installer.dat If, after execution, adwc will still detect the search engine in FF, download bookmarks from Firefox and delete the browser profile directory.

RADU23 · Answer

Otwórz notatnik i wklej zawartość: Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.Uruchom FRST i kliknij w Fix/Napraw.

Lordo50PL · Answer

After repairing and restarting the PC, I still get the same 10 threats as before: /

Lordo50PL · Answer

Re-fix and restart ?? Added after 3 [minutes]: I also send the result of the repair.

RADU23 · Answer

Reload the logs. FRST + Addition.

Lordo50PL · Answer

I'm sending Added after 2 [minutes]: Here are new.

Lordo50PL · Answer

Repair, I will restart the computer and let me know. Added after 9 [minutes]: On AdwCleaner it shows 10 more threats, do you know any similar antivirus ??

Lordo50PL · Answer

I have already scanned this program, but it will try to do something. I also reset the browsers a moment ago, maybe it will do something

Lordo50PL · Answer

Thanks for the help :D Added after 21 [minutes]: 4 threats disappeared, 6 detected, here is a screenshot from AdwCleaner

Lordo50PL · Answer

The only problem is that I do not have Chrome on my computer, and on Firefox I have Google as the default: /

Lordo50PL · Answer

The problem fixed was helped by another person who knows more about it and helped me solve this problem. She told me that there are so many viruses on the computer that it is not profitable to clean it just to make a format. After the format, everything is faster and I have not encountered any problem yet

Thanks to everyone for your help ;)

Added after 33 [seconds]:

Computer format

[Solved] PUP.Optional.Legacy and PUP.Optional.WebProtector - how to remove these threats?