pesky adware help please

[Twylla]

I have been blessed not to have needed you guys in a long time but now I find I have some kind of adware in my computer that is driving me mad...

It opens new tabs or windows on FireFox Mozilla browser when it feels like it and that bogs down my computer speed.  Or it will open a new tab for a Yahoo search when I click a link on a site I did want to open.

I have completed the first two steps House Cleaning and the AdwCleaner.  Working on the next step

Here is the results of my AdwCleaner scan

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.1
# -------------------------------
# Build:    07-04-2018
# Database: 2018-07-04.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-15-2018
# Duration: 00:00:15
# OS:       Windows 10 Home
# Scanned:  41365
# Detected: 13


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.CloudScout.BrwsrFlsh C:\Program Files (x86)\DnsIo

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.CloudScout.BrwsrFlsh HKLM\Software\Wow6432Node\DnsIo
PUP.Optional.CloudScout.BrwsrFlsh HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DnsIo
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\DNSUtils
PUP.Optional.Legacy             HKCU\Software\APN PIP
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{FCE1662E-06F1-413D-80CB-33D456D1CFCB}
PUP.Optional.Legacy             HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c31bd4ee-4f24-447b-8470-49151ebe45e1}|NameServer - "208.87.151.22,208.87.151.23"
PUP.Optional.Legacy             HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1e919f8-765d-4bdc-a33c-cc9164dff3e8}|NameServer - "208.87.151.22,208.87.151.23"
PUP.Optional.Legacy             HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aaec868e-d29c-4a94-a70e-6aa6dac1f774}|NameServer - "208.87.151.22,208.87.151.23"
PUP.Optional.Legacy             HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b40ef64-2c27-4337-b64c-ba7f99186e17}|NameServer - "208.87.151.22,208.87.151.23"
PUP.Optional.Legacy             HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}|NameServer - "208.87.151.22,208.87.151.23"

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             SwagButton

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

[Twylla]

Malwarebytes' Anti-Malware

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.1
# -------------------------------
# Build:    07-04-2018
# Database: 2018-07-04.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-15-2018
# Duration: 00:00:06
# OS:       Windows 10 Home
# Cleaned:  13
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\DnsIo

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\DnsIo
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DnsIo
Deleted       HKLM\Software\Wow6432Node\DNSUtils
Deleted       HKCU\Software\APN PIP
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{FCE1662E-06F1-413D-80CB-33D456D1CFCB}
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c31bd4ee-4f24-447b-8470-49151ebe45e1}|NameServer - "208.87.151.22,208.87.151.23"
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1e919f8-765d-4bdc-a33c-cc9164dff3e8}|NameServer - "208.87.151.22,208.87.151.23"
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aaec868e-d29c-4a94-a70e-6aa6dac1f774}|NameServer - "208.87.151.22,208.87.151.23"
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b40ef64-2c27-4337-b64c-ba7f99186e17}|NameServer - "208.87.151.22,208.87.151.23"
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}|NameServer - "208.87.151.22,208.87.151.23"

***** [ Chromium (and derivatives) ] *****

Deleted       SwagButton

***** [ Chromium URLs ] *****

Deleted       Ask

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

• Delete Tracing Keys
• Reset Winsock

*************************

AdwCleaner[S00].txt - [2575 octets] - [15/07/2018 09:57:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Twylla]

Security Check Results

 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Windows Defender   
McAfee VirusScan   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Adobe Flash Player    30.0.0.134 
 Google Chrome (67.0.3396.99)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Windows Defender MSASCuiL.exe   
 System Mechanic iologovernor64.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The Security log shows you have two AV's active on your computer. Windows Defender is the resident AV that comes with Windows 10. Running another AV  at the same time can cause conflicts. You should uninstall McAfee.

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

   

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   

    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   

    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   


    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   


    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

[Twylla]

I havent seen anything pop back up.  That seems to have worked Thank YOU Dave!!!

[SuperDave]

When you ran ESET did you click on "Clean all"?

[Twylla]

sadly it didnt work like I thought....
Yes I did hit Clean all with ESET

[SuperDave]

sadly it didnt work like I thought....
Yes I did hit Clean all with ESET

Ok, please give me an update on your computer.