08 Aug 2015   #1

Windows 7 Home Premium 64 bit
Problems with IE8, Ran Hitman & Bleep, don't know what to delete

Hi I am new to this forum and wonder if someone could give me some help please.

My computer is slow to start up. Can’t update IE8. when I do it won’t connect to the internet. some sites get “Script on page making it run slowly” . Also other problems. I regularly run Malewarebytes.

I have run the Bleepingcomputer adware remover, which shows 94 registry entries for possible deletion.
Also Hitman pro, which showed 194 references to Yahoo Toolbar, 1 to Softonic and 50 Tracking Cookies with option to Delete. Hitman said no threats but 251 traces. Whatever that means. And 3 suspicious but said to ignore.

I have been told to delete everything that comes up on these 2 programs but there seems to be a lot to delete and they look like they belong to programs I use. I don’t know what to keep or delete.

For example Bleepingcomp shows Under Services and under Files alot of AVG Secure Search and AVG Security Toolbar. references also Yahoo Companion

Under Regristry - here are a few examples, some look as though they belong to programs whilst others I have no idea what they are.
AVG Secure Search HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99
HKLM\SOFTWARE\Classes\AppID\{1FDFF \ScriptHelper.EXE \ViProtocol.DLL
\Classes\protector_dll.protector \TypeLib\ \ViProtocol.ViProtocolOLE
Explorer\Browser Helper Objects CurrentVersion\Ext\PreApproved\
l\Yahoo! Companion HKU\.DEFAULT\Software\IGearSettings

and alot of :
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8101 references

How do I know which to keep and which to delete? I don't want to delete registry items that are important to windows and Yahoo and AVG etc
Thanks in advance for any for any help you can give.

08 Aug 2015   #2

Win-7-Pro64bit 7-H-Prem-64bit

Hi and welcome to SevenForums,
Depending on where you downloaded AVG and Yahoo stuff it can be packed with other stuff and it's all too common,
Best advice is to uninstall Yahoo if you got it from CNet.... and didn't get it directly from Yahoo,

BHO's are browser helpers of which no browser needs them and often cause more problems than benefits
Personally I would delete anything they found

I would also encourage you to upgrade your browser to at least ie9 then ie10.
Post all scan results.

Slow well you could show us your msconfig startup list but with all of the items you speak of I doubt it's necessary
You just need to delete the findings and reset your browser deleting any personal settings and start over.
Internet Explorer - Reset
08 Aug 2015   #3

Windows 7 Home Premium 64 bit

Thanks for reply

Sorry what does BHO stand for?

I have tried several times to update IE8 but new versions 9, 10 and 11 won't connect to the internet and I have to uninstall.

Yahoo came with BT Broadband
Recently reinstalled AVG, can't remember where from

At startup, I have already stopped all programs at startup that I don’t think I need immediately ie camera, printer, Quicktime, Adobe etc

There are 2 unknown ones
ISUSPM Startup Unknown HKCU Microsoft
Vprotect App Unknown HKLM Microsoft which I have left on for now.

These are some of the files that come up on Bleepingcomputer that are suggested may be deleted.
I keep deleting iwin games but it keeps coming back despite that all of my games have somehow been uninstalled somewhere along the way.

There are about 95 of these type of files

Folder Found : C:\ProgramData\Avg_Update_0814tb
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
Folder Found : C:\ProgramData\Yahoo! Companion

Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKCU\Software\AVG Security Toolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1}
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0247-
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-

Also Web Browsers

Internet Explorer v8.0.7601.
-\\ Google Chrome v44.0.2403.130
[C:\Users \Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://{searchTerms}

Why does it suggest that I should delete these?

Thanks for help
08 Aug 2015   #4

Win-7-Pro64bit 7-H-Prem-64bit

BHO = Browser Helper Object.

AVG isn't the best antivirus and can be pretty unfriendly to windows
I wouldn't worry about the findings clean and reset your browser completely afterwards.

I would also recommend rechecking anything you unchecked on startup before you uninstall anything
Unchecking startup items is a trouble shooting step not a permanent solution
Most programs have options in their settings to start with windows or not.
10 Aug 2015   #5

Windows 7 Home Premium 64 bit

Thanks for suggestions. I am doing a couple of backups of all my photo files which take a while to do. then I will run bleep/adware again and delete them all and see what happens. If IE 8 still doesn't update and improves its performance I will have to try another browser.

10 Aug 2015   #6

Win-7-Pro64bit 7-H-Prem-64bit

Try this,

I would uninstall AVG
Be sure to run the removal tool too after doing it from Uninstall a program

Use Panda or Avast instead.
10 Aug 2015   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Please do this...

Using AdwCleaner: Scan & Clean:
Click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder


After doing the above, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer Download - Geeks to Go Forum and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser! This will also eliminate all desktop shortcuts, so just be aware!
Right-click on TFC.exe to run it, and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion!

Important! Manually reboot the machine to ensure a complete clean.

Please tell us if your computer is still having problems.
14 Aug 2015   #8

Windows 7 Home Premium 64 bit

Ok I've run adware remover and cleaned off all that it highlighted. iwin task bar seems to have finally been removed although there are still iwin files that don't do anything.

I have finally managed to update IE8 to IE11 which took a few minutes. Last time I tried it took over an hour and then wouldn't work. So success at last.

Haven't run TFC yet as unsure how to manually reboot.

I have ordered a new monitor, which seems to have got lost in transit. By the time it arrives I hope to have updated the Graphics card. Scheduled updates have failed and the site says it needs Java. Computer Active magazine says to get rid of Java as it is a security risk. But if NVidia needs Java to update then surely it has to stay on the PC?

Here is the list of files that adware deleted. Hope you don't see anything that I shouldn't have deleted.

# AdwCleaner v4.208 - Logfile created 12/08/2015 at 22:05:17

# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username :
# Running from : C:\Users\\Documents\adware snipca\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : AVG Security Toolbar Service
[#] Service Deleted : YahooAUService
[#] Service Deleted : vToolbarUpdater18.1.9

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Avg_Update_0814tb
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Games
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
Folder Deleted : C:\Users\Public\Documents\iWin
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\ Games
Folder Deleted : C:\Program Files (x86)\iwin games
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Lor\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Lor\Application Data\iWin

***** [ Scheduled tasks ] *****
Task Deleted : RunAsStdUser Task

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\IGearSettings
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\

***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.7601.18896
-\\ Google Chrome v44.0.2403.155

[C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://{searchTerms}


AdwCleaner[S1].txt - [10229 bytes] - [12/08/2015 22:05:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10289 bytes] ##########

I have been thinking of buying Kaspersky anti-virus but a lot of people say that AVG is Ok. Some say Bitdefender is good but have heard it has some problems.

Thanks for any more comments you may have and for looking at the above list.
16 Aug 2015   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Haven't run TFC yet as unsure how to manually reboot
"Reboot" means to restart your computer.

Click on the start button... then hover over the arrow next to the 'shut down' button. There should be a menu that has "restart" in it. Click on "restart".
16 Aug 2015   #10

Windows 7 Home Premium 64 bit

Thanks I thought manual reboot was more technical. I can manage restart.

I ran Herd Protect a couple of times and it only brought up 2 suspect items but said they were inconclusive but one said it was a Trojan so how can it be inconclusive?

Status: Inconclusive (not enough data for an accurate detection)

Scan engine Detection

File name: sintfnt.dll

Agnitum Outpost Trojan.PR.Ranky
ESafe Win32.Ranky.Ma
Trend Micro House Call PAK_Generic.001
Trend Micro PAK_Generic.001

File name: sintf32.dll
Bkav FE HW32.CDB
Jiangmin Packed.Katusha.ahkz
Trend Micro House Call PAK_Generic.001
Trend Micro PAK_Generic.001

I looked up sint.dll but it said dll were essential registry items so I don't want to delete them if they are essential. and I don't know what all the other terms mean ie PAK-Generic.

How come different ones show different things. Hitman shows a lot of things but I would have to pay to use it now, whilst AVG and Kaspersky and Avast say everything ok?

Any info on Sint.dll would be helpful.

