Malware cleanup


  1. PSCO2007
    Posts : 1,261
    Windows 7 Professional X64
       New #1

    Malware cleanup


    andrew129260 said:
    Yes it is an advanced tool, meant for someone to look at the log. Not just for anyone to install. Sorry If I did not make that clear at all. That was my fault. That does sound like a lot of items though, if you want I suggest creating a new thread and posting your log so I can take a look.
    I had uninstalled the program yesterday and reinstalled it.

    This scan took about 10 minutes and then said "failed" after finding 27 processes.

    I ran it agin, but don't see a way to save a log.

    It said 17 processes, but this is all I see.

    I've included a pic.
    Attached Thumbnails Attached Thumbnails Malware cleanup-herd-pic.png  
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    Let's see what AdwCleaner picks up ...


    Download AdwCleaner by Xplode and save to your Desktop.



    Step 1.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Step 2.
    Using AdwCleaner v3: Scan & Clean:
    This time click on the Clean button.
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder


    ******Post both .txt logs
      My Computer
    Quote Quote

  4. PSCO2007
    Posts : 1,261
    Windows 7 Professional X64
    Thread Starter
       New #3

    # AdwCleaner v3.308 - Report created 27/08/2014 at 20:51:43
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : PAUL 91512 - PAUL91512-PC
    # Running from : C:\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
    File Found : C:\Users\PAUL 91512\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\user.js
    File Found : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
    File Found : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
    File Found : C:\Users\PAUL 91512-2\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
    File Found : C:\Users\Public\Desktop\Open It!.lnk
    Folder Found : C:\EZDownloader
    Folder Found : C:\open it!
    Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\Program Files (x86)\fileopenerpro
    Folder Found : C:\Program Files (x86)\NCH Software
    Folder Found : C:\Program Files (x86)\openit
    Folder Found : C:\Program Files (x86)\Ss-Helper
    Folder Found : C:\Program Files (x86)\surf. and keepp
    Folder Found : C:\Program Files\PC Optimizer Pro
    Folder Found : C:\ProgramData\AVG SafeGuard toolbar
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\DeowNlooad keeper
    Folder Found : C:\ProgramData\DownLiooaD keeeopeer
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Converter
    Folder Found : C:\ProgramData\NCH Software
    Folder Found : C:\ProgramData\QuickSet
    Folder Found : C:\ProgramData\ssaafe saave
    Folder Found : C:\ProgramData\surf. and keepp
    Folder Found : C:\ProgramData\WinterSoft
    Folder Found : C:\Users\PAUL 91512\AppData\Local\eSupport.com
    Folder Found : C:\Users\PAUL 91512\AppData\Local\visi_coupon
    Folder Found : C:\Users\PAUL 91512\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Found : C:\Users\PAUL 91512\AppData\Roaming\DSite
    Folder Found : C:\Users\PAUL 91512\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Found : C:\Users\PAUL 91512\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\Extensions\iueeo6-x@yyoaviwbrkgoua.org
    Folder Found : C:\Users\PAUL 91512\AppData\Roaming\NCH Software
    Folder Found : C:\Users\PAUL 91512\AppData\Roaming\SendSpace
    Folder Found : C:\Users\PAUL 91512-2\AppData\Local\AVG SafeGuard toolbar
    Folder Found : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
    Folder Found : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
    Folder Found : C:\Users\PAUL 91512-2\AppData\Local\visi_coupon
    Folder Found : C:\Users\PAUL 91512-2\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Found : C:\Users\PAUL 91512-2\AppData\Roaming\NCH Software
    Folder Found : C:\Video Converter

    ***** [ Scheduled Tasks ] *****

    Task Found : Driver Booster Update
    Task Found : DSite

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Classes\pokki
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\dsiteproducts
    Key Found : HKCU\Software\Headlight
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\pc optimizer pro
    Key Found : HKCU\Software\RegisteredApplicationsEx
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\tuguu sl
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\dsiteproducts
    Key Found : [x64] HKCU\Software\Headlight
    Key Found : [x64] HKCU\Software\IM
    Key Found : [x64] HKCU\Software\InstallCore
    Key Found : [x64] HKCU\Software\pc optimizer pro
    Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
    Key Found : [x64] HKCU\Software\Softonic
    Key Found : [x64] HKCU\Software\tuguu sl
    Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Found : HKLM\SOFTWARE\Classes\and
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
    Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\surf
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd43_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd43_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_faststone-capture_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_faststone-capture_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoscape_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoscape_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_289822ec
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\SP Global
    Key Found : HKLM\SOFTWARE\SProtector
    Key Found : HKLM\SOFTWARE\Uniblue
    Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9 D0
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
    Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\PAUL 91512\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\prefs.js ]

    Line Found : user_pref("aol_toolbar.default.homepage.check", false);
    Line Found : user_pref("aol_toolbar.default.search.check", false);
    Line Found : user_pref("extensions.4smM.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top && ![...]
    Line Found : user_pref("extensions.CIT3457.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 && window.self == window.[...]
    Line Found : user_pref("extensions.CyyMSyQV5.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 && window.self == windo[...]
    Line Found : user_pref("extensions.QjhJX1.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.ty[...]
    Line Found : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
    Line Found : user_pref("extentions.webcake.installId", "5440dce4-9e54-4f4d-ac9f-3e0b9cb4eed9");
    Line Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1371083307628");
    Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");
    Line Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
    Line Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");

    [ File : C:\Users\PAUL 91512-2\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\prefs.js ]

    Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

    -\\ Google Chrome v37.0.2062.94

    [ File : C:\Users\PAUL 91512\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Found [Search Provider] : hxxp://www.shop.arbroinc.com/searchquick-submit.sc?keywords={searchTerms}
    Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Found [Search Provider] : hxxp://www.vidohe.com/video-search-results.php?q={searchTerms}&cx=005536796155304041479%3Ahbixpuuu7l8&cof=FORID%3A11&from=os-family

    [ File : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
    Found [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
    Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
    Found [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
    Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
    Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl

    *************************

    AdwCleaner[R0].txt - [16488 octets] - [27/08/2014 20:51:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16549 octets] ##########

    Ran the cleaner as well.
      My Computer
    Quote Quote

  6. PSCO2007
    Posts : 1,261
    Windows 7 Professional X64
    Thread Starter
       New #4

    Tried to send the cleaning file - said too long.

    I tried to send it in a Zip file - does not attach.
      My Computer
    Quote Quote

  7. PSCO2007
    Posts : 1,261
    Windows 7 Professional X64
    Thread Starter
       New #5

    # AdwCleaner v3.308 - Report created 27/08/2014 at 20:54:46
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : PAUL 91512 - PAUL91512-PC
    # Running from : C:\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\EZDownloader
    Folder Deleted : C:\open it!
    Folder Deleted : C:\Video Converter
    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\ProgramData\QuickSet
    Folder Deleted : C:\ProgramData\WinterSoft
    Folder Deleted : C:\ProgramData\DeowNlooad keeper
    Folder Deleted : C:\ProgramData\DownLiooaD keeeopeer
    Folder Deleted : C:\ProgramData\ssaafe saave
    Folder Deleted : C:\ProgramData\surf. and keepp
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Converter
    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\fileopenerpro
    Folder Deleted : C:\Program Files (x86)\NCH Software
    Folder Deleted : C:\Program Files (x86)\openit
    Folder Deleted : C:\Program Files (x86)\Ss-Helper
    Folder Deleted : C:\Program Files (x86)\surf. and keepp
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\PC Optimizer Pro
    Folder Deleted : C:\Users\PAUL 91512\AppData\Local\eSupport.com
    Folder Deleted : C:\Users\PAUL 91512\AppData\Local\visi_coupon
    Folder Deleted : C:\Users\PAUL 91512\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\PAUL 91512\AppData\Roaming\DSite
    Folder Deleted : C:\Users\PAUL 91512\AppData\Roaming\NCH Software
    Folder Deleted : C:\Users\PAUL 91512\AppData\Roaming\SendSpace
    Folder Deleted : C:\Users\PAUL 91512-2\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\PAUL 91512-2\AppData\Local\visi_coupon
    Folder Deleted : C:\Users\PAUL 91512-2\AppData\Roaming\NCH Software
    Folder Deleted : C:\Users\PAUL 91512\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : C:\Users\PAUL 91512-2\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : C:\Users\PAUL 91512\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\Extensions\iueeo6-x@yyoaviwbrkgoua.org
    Folder Deleted : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
    Folder Deleted : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
    File Deleted : C:\Users\PAUL 91512-2\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
    File Deleted : C:\Users\Public\Desktop\Open It!.lnk
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
    File Deleted : C:\Users\PAUL 91512\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\user.js
    File Deleted : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
    File Deleted : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    Task Deleted : Driver Booster Update
    Task Deleted : DSite

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Classes\pokki
    Key Deleted : HKLM\SOFTWARE\Classes\and
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\surf
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_289822ec
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd43_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd43_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_faststone-capture_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_faststone-capture_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoscape_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoscape_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\pc optimizer pro
    Key Deleted : HKCU\Software\RegisteredApplicationsEx
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\tuguu sl
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\SP Global
    Key Deleted : HKLM\SOFTWARE\SProtector
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
    Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9 D0

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\PAUL 91512\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\prefs.js ]

    Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Line Deleted : user_pref("aol_toolbar.default.search.check", false);
    Line Deleted : user_pref("extensions.4smM.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top && ![...]
    Line Deleted : user_pref("extensions.CIT3457.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 && window.self == window.[...]
    Line Deleted : user_pref("extensions.CyyMSyQV5.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 && window.self == windo[...]
    Line Deleted : user_pref("extensions.QjhJX1.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.ty[...]
    Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
    Line Deleted : user_pref("extentions.webcake.installId", "5440dce4-9e54-4f4d-ac9f-3e0b9cb4eed9");
    Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1371083307628");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
    Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
    Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");

    [ File : C:\Users\PAUL 91512-2\AppData\Roaming\Mozilla\Firefox\Profiles\ygxmtbyr.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

    -\\ Google Chrome v37.0.2062.94

    [ File : C:\Users\PAUL 91512\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Deleted [Search Provider] : hxxp://www.shop.arbroinc.com/searchquick-submit.sc?keywords={searchTerms}
    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.vidohe.com/video-search-results.php?q={searchTerms}&cx=005536796155304041479%3Ahbixpuuu7l8&cof=FORID%3A11&from=os-family

    [ File : C:\Users\PAUL 91512-2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
    Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
    Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
    Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
    Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
    Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl

    *************************

    AdwCleaner[R0].txt - [16722 octets] - [27/08/2014 20:51:43]
    AdwCleaner[S0].txt - [16339 octets] - [27/08/2014 20:54:46]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16400 octets] ##########
      My Computer
    Quote Quote

  8. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #6

    Good PSCO ... now download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop.
    Save any unsaved work. TFC will close ALL open programs including your browser!
    Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

    Important! Manually reboot the machine to ensure a complete clean.


    After cleaning all temps using TFC, see if Herdprotect is still flagging 27 things.
      My Computer
    Quote Quote

  10. PSCO2007
    Posts : 1,261
    Windows 7 Professional X64
    Thread Starter
       New #7

    Hi,

    I had a hard time finding this thread- the email sent me to the old one and I guess you moved this thread.

    Here are the results after following your instructions and rerunning Herdprotect:

    I don't see a way to to see the log - If I go to the folder, it just has the logs from yesterday.

    I've not removed anything yet.

    I also noticed that my C drive is now 9gbs less, even though I didn't do anything.

    My PC is also running quite a bit faster - had no idea that so much garbage was slowing it down.!
    Attached Thumbnails Attached Thumbnails Malware cleanup-herd-pic-1-8-28-14.png   Malware cleanup-herd-pic-2-8-28-14.png   Malware cleanup-herd-pic-3-8-28-14.png   Malware cleanup-herd-pic-4-8-28-14.png   Malware cleanup-herd-pic-5-8-28-14.png  

    Malware cleanup-herd-pic-6-8-28-14.png  
    Last edited by PSCO2007; 28 Aug 2014 at 15:58.
      My Computer
    Quote Quote

  11. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #8

    Please do this next ..


    Remove/Uninstall AdwCleaner:
    Double click on AdwCleaner.exe to run the tool again. Click on the Uninstall button.
    Click Yes when asked are you sure you want to uninstall.
    Both AdwCleaner.exe, its folder and all logs will be removed.


    This cleaner is continually being updated, so if you need it again, you'll need to redownload it.


    Keep TFC and use it!
      My Computer
    Quote Quote

  12. PSCO2007
    Posts : 1,261
    Windows 7 Professional X64
    Thread Starter
       New #9

    What about the processes that Herd found - I didn't delete anything.
      My Computer
    Quote Quote

  13. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #10

    I don't use Herdprotect (it mostly found 'unsigned files').... let's see what Eset finds.


    I'd like you to scan your machine with ESET OnlineScan
    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push
    11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Push the button.
    13. Push
      My Computer
    Quote Quote

 

  Related Discussions
Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to...
My friend brings me his Win7Pro laptop with some newish variant of the Ukash malware (Trojan.Winlock). System Restore didn't work, so I used the Admin account to run Malwarebytes scan which helped. His usual login account (Fred) has admin privs, but just before it should load the desktop, it...
Read more at: Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 04:47.
Find Us