Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo has taken over Chrome and Firefox


  • Please log in to reply
12 replies to this topic

#1 Banksman

Banksman

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 28 October 2015 - 09:15 AM

Hi. I use Windows Vista and I have an issue. I downloaded a program which obviously had some trash attached to it and this now turns my Chrome and Firefox home pages to Yahoo. All searches I run, even through Google, redirect to search results on Yahoo.

 

Whenever I open Chrome or Firefox I get a yahoo search page regardless of what my home pages are set to or what my default search engine is (it's google and I deleted all other search engines from that list).

  • I've checked add ins and disabled or deleted any that could be suspicious.
  • I've uninstalled a couple of programs that installed as part of me trying to install some free scanning software - which is obviously where this problem has come from.
  • I've tried two system restores (from two different restore points from over a week ago), both ran to the point of rebooting only to tell me it hadn't completed due to an unspecified error.
  • I've come across some program called "Spigot" on lots of searches across the net but I don't have that or any traces of it's name on my computer that I can tell.

Any help you can give would be much appreciated. I'm ran Malwarebytes and quarantined a load of stuff and that hasn't made any difference. I'm currently running ESET on line scanner. Please can you let me know what I should run next and it what order and what logs you need to see? I was asked to re-post as a new topic when I hijacked this topic: http://www.bleepingcomputer.com/forums/t/592341/yahoo-has-hijacked-my-chrome-google-homepage/page-3.

 

The problem seems to be something called searchinterneat-a.akamaihd.net which I discovered when MBAM intervened when I was doing a search as I guess it redirects there every time I search and rightly MBAM doesn't like the software. I don't know if that helps?

 

Many thanks in advance.

 

John



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,892 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 28 October 2015 - 11:53 AM

When Eset finishes, post its log of what was found and quarantined. We'll go from there.

 

EDIT: Please download MiniToolBox and run it after posting the Eset log.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries

Edited by buddy215, 28 October 2015 - 12:02 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Banksman

Banksman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 28 October 2015 - 12:31 PM

Thanks buddy. 3.5 hours in and 14% completed on Eset - I think I'm realising the folly of not worrying previously about cleaning my computer. It wasn't broken so I didn't fix it - but now it looks like it could be messy. 30 infected files found so far.

 

It will probably be a few hours or tomorrow before I post again in view of the time its taking to run. Thanks for your help so far. 

John



#4 Banksman

Banksman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 29 October 2015 - 02:26 AM

 

When Eset finishes, post its log of what was found and quarantined. We'll go from there.

 

EDIT: Please download MiniToolBox and run it after posting the Eset log.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries

 

 

Hi buddy215,

 

Here is the Eset scan results (which are now currently quarantined):

 

C:\Documents and Settings\John\Application Data\RHEng\858720D24B7C4331ACD3D1660A508D2B\WWE_1.42.6.2.exe a variant of Win32/Wajam.M potentially unwanted application
C:\Documents and Settings\John\Local Settings\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\John\Local Settings\Temp\ASKB38E.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\John\Local Settings\Temp\ASKD0D1.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\John\Local Settings\Temp\FreemakeVideoConverterFull.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Documents and Settings\John\Local Settings\Temp\icc.dll.44900472 Win32/InstallCore.YX potentially unwanted application
C:\Documents and Settings\John\Local Settings\Temp\ICReinstall_scannersoftware_setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Documents and Settings\John\Local Settings\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\John\Local Settings\Temp\vzf-2063899968935556371.dll a variant of Win32/Bunndle potentially unsafe application
C:\Documents and Settings\John\Local Settings\Temp\in33D452AE\5CC1FF05_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application
C:\Documents and Settings\Test\AppData\Local\Temporary Internet Files\Content.IE5\7S2ERV2Y\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application
C:\Documents and Settings\Test\AppData\Local\Temporary Internet Files\Content.IE5\7T1FRKL4\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Documents and Settings\Test\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\7S2ERV2Y\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application
C:\Documents and Settings\Test\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T1FRKL4\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Documents and Settings\Test\Local Settings\Temporary Internet Files\Content.IE5\7S2ERV2Y\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application
C:\Documents and Settings\Test\Local Settings\Temporary Internet Files\Content.IE5\7T1FRKL4\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\John\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\AppData\Local\Temp\ASKB38E.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\AppData\Local\Temp\ASKD0D1.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\AppData\Local\Temp\FreemakeVideoConverterFull.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\John\AppData\Local\Temp\icc.dll.44900472 Win32/InstallCore.YX potentially unwanted application
C:\Users\John\AppData\Local\Temp\ICReinstall_scannersoftware_setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Users\John\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\AppData\Local\Temp\vzf-2063899968935556371.dll a variant of Win32/Bunndle potentially unsafe application
C:\Users\John\AppData\Local\Temp\in33D452AE\5CC1FF05_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application
C:\Users\John\AppData\Roaming\RHEng\858720D24B7C4331ACD3D1660A508D2B\WWE_1.42.6.2.exe a variant of Win32/Wajam.M potentially unwanted application
C:\Users\John\Application Data\RHEng\858720D24B7C4331ACD3D1660A508D2B\WWE_1.42.6.2.exe a variant of Win32/Wajam.M potentially unwanted application
C:\Users\John\Downloads\ccsetup511.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\John\Downloads\scannersoftware_setup.msi a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Users\John\Local Settings\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\Local Settings\Temp\ASKB38E.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\Local Settings\Temp\ASKD0D1.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\Local Settings\Temp\FreemakeVideoConverterFull.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\John\Local Settings\Temp\icc.dll.44900472 Win32/InstallCore.YX potentially unwanted application
C:\Users\John\Local Settings\Temp\ICReinstall_scannersoftware_setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Users\John\Local Settings\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\Local Settings\Temp\vzf-2063899968935556371.dll a variant of Win32/Bunndle potentially unsafe application
C:\Users\John\Local Settings\Temp\in33D452AE\5CC1FF05_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application
C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7S2ERV2Y\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T1FRKL4\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Test\AppData\Local\Temporary Internet Files\Content.IE5\7S2ERV2Y\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Test\AppData\Local\Temporary Internet Files\Content.IE5\7T1FRKL4\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Test\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\7S2ERV2Y\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Test\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T1FRKL4\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Test\Local Settings\Temporary Internet Files\Content.IE5\7S2ERV2Y\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Test\Local Settings\Temporary Internet Files\Content.IE5\7T1FRKL4\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Documents and Settings\John\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Temp\ASKB38E.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Temp\ASKD0D1.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Temp\FreemakeVideoConverterFull.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Documents and Settings\John\AppData\Local\Temp\icc.dll.44900472 Win32/InstallCore.YX potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Temp\ICReinstall_scannersoftware_setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Temp\vzf-2063899968935556371.dll a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Temp\in33D452AE\5CC1FF05_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Roaming\RHEng\858720D24B7C4331ACD3D1660A508D2B\WWE_1.42.6.2.exe a variant of Win32/Wajam.M potentially unwanted application deleted - quarantined
C:\Documents and Settings\John\Downloads\ccsetup511.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\John\Downloads\scannersoftware_setup.msi a variant of Win32/InstallCore.ACZ potentially unwanted application deleted - quarantined
C:\Documents and Settings\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7S2ERV2Y\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T1FRKL4\tbedrs[1].dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined
C:\Old prog files\Program Files\Program Files\ahead (nero)\CR-AC243 (nero key generator).zip a variant of Win32/Keygen.CY potentially unsafe application deleted - quarantined
C:\Program Files\Vuze\.install4j\i4j_extf_12_5p83tu.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe Win32/Somoto.F potentially unwanted application deleted - quarantined
C:\Program Files\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined
C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Program Files\Vuze\.install4j\i4j_extf_7_5p83tu.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Program Files\Vuze\.install4j\i4j_extf_9_5p83tu.xpi Win32/Toolbar.Conduit.A potentially unwanted application deleted - quarantined
C:\Program Files\Vuze\.install4j\user\mism.exe Win32/Toolbar.Conduit.AP potentially unwanted application deleted - quarantined
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch potentially unwanted application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch potentially unwanted application cleaned by deleting - quarantined
C:\Program Files\Wondershare\Dr.Fone for Android\Root\run_root_shell Android/Exploit.Lotoor.EZ trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\79429.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
Operating memory a variant of Win32/Toolbar.MyWebSearch potentially unwanted application deleted (after the next restart) - quarantined
 
And here is the Mini Tool Box results:
 
MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by John (administrator) on 29-10-2015 at 07:19:19
Running from "C:\Users\John\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: KP315AA-ABU m9265.uk Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
USB Wireless 802.11 b/g Adaptor = Wireless Network Connection (Connected)
Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)
Bluetooth PAN Network Adapter = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Desktop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth PAN Network Adapter
   Physical Address. . . . . . . . . : 00-15-83-16-C0-B7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : USB Wireless 802.11 b/g Adaptor
   Physical Address. . . . . . . . . : 00-16-44-A1-40-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8003:dda4:e3cb:10e5%9(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.128(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 28 October 2015 12:11:37
   Lease Expires . . . . . . . . . . : 30 October 2015 00:11:35
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 151000644
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-6F-5B-9A-00-1F-C6-04-08-77
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-1F-C6-04-08-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{38AE2382-E671-4BD8-A6C6-5D1782442F34}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:840f:200d:426:3f57:fe7f(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::200d:426:3f57:fe7f%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{6743E489-23A2-4816-8FB0-67E57FFF0225}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : isatap.home
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  bthub.home
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2a00:1450:4009:80b::200e
 216.58.209.238
 
 
 
Pinging google.com [216.58.209.238] with 32 bytes of data:
 
Reply from 216.58.209.238: bytes=32 time=21ms TTL=55
 
Reply from 216.58.209.238: bytes=32 time=23ms TTL=55
 
 
 
Ping statistics for 216.58.209.238:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 21ms, Maximum = 23ms, Average = 22ms
 
Server:  bthub.home
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
Reply from 206.190.36.45: bytes=32 time=199ms TTL=44
 
Reply from 206.190.36.45: bytes=32 time=198ms TTL=44
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 198ms, Maximum = 199ms, Average = 198ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 17 ...00 15 83 16 c0 b7 ...... Bluetooth PAN Network Adapter
  9 ...00 16 44 a1 40 b4 ...... USB Wireless 802.11 b/g Adaptor
  8 ...00 1f c6 04 08 77 ...... Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 18 ...00 00 00 00 00 00 00 e0  isatap.{38AE2382-E671-4BD8-A6C6-5D1782442F34}
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 14 ...00 00 00 00 00 00 00 e0  isatap.{6743E489-23A2-4816-8FB0-67E57FFF0225}
 25 ...00 00 00 00 00 00 00 e0  isatap.home
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.128     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.128    281
    192.168.1.128  255.255.255.255         On-link     192.168.1.128    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.128    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.128    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.128    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 10     18 2001::/32                On-link
 10    266 2001:0:5cf2:840f:200d:426:3f57:fe7f/128
                                    On-link
  9    281 fe80::/64                On-link
 10    266 fe80::/64                On-link
 10    266 fe80::200d:426:3f57:fe7f/128
                                    On-link
  9    281 fe80::8003:dda4:e3cb:10e5/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
**** End of log ****
 
 
 
Please let me know what I should do next. Many thanks.


#5 buddy215

buddy215

  • BC Advisor
  • 12,892 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 29 October 2015 - 06:30 AM

Lots and lots of adware. There was one item that may concern another gadget/ phone you may want to look into.....C:\Program Files\Wondershare\Dr.Fone for Android\Root\run_root_shell Android/Exploit.Lotoor.EZ trojan cleaned by deleting - quarantined

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Post the three lists mentioned below using CCleaner after completing the other scans.

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 Banksman

Banksman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 29 October 2015 - 08:54 AM

Thanks again Buddy. Firstly the Dr Fone thing isn't anything I use - it was something I tried some time ago but don't need anymore. I don't think it's an issue, but let me know if I need to take further action with it.

 

After doing all of this, the problem I initially reported is still present with Yahoo still appearing on my browser whenever I use the search facility.

 

Here is what you have asked for with large red text separating reports.

 

I ran CC cleaner to start with as you asked.

 

Here is the ADW cleaner log. I should point out that when trying to delete folders the program froze up, so I re-ran it and unchecked most of the folders which is why some of them are not deleted. Please let me know if you want me to retry this or try something else:

 

# AdwCleaner v5.015 - Logfile created 29/10/2015 at 13:07:03
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : John - DESKTOP
# Running from : C:\Users\John\Downloads\adwcleaner_5.015 (2).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[x] Folder Not Deleted : C:\Users\John\AppData\Local\RewardsArcade 
[x] Folder Not Deleted : C:\Users\John\AppData\Local\RewardsArcade
[x] Folder Not Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[x] Folder Not Deleted : C:\Users\John\AppData\LocalLow\Conduit
[x] Folder Not Deleted : C:\Users\John\AppData\LocalLow\ConduitEngine
[x] Folder Not Deleted : C:\Users\John\AppData\LocalLow\FunWebProducts
[-] Folder Deleted : C:\Users\John\AppData\LocalLow\MyWebSearch
[x] Folder Not Deleted : C:\Users\John\AppData\LocalLow\Vuze_Remote
[x] Folder Not Deleted : C:\Users\John\AppData\Roaming\Mysearchdial
[x] Folder Not Deleted : C:\Users\John\AppData\Roaming\OpenCandy
[x] Folder Not Deleted : C:\Users\John\AppData\Roaming\Systweak
[x] Folder Not Deleted : C:\Users\John\AppData\Roaming\RHEng
[x] Folder Not Deleted : C:\Users\Test\AppData\Local\AskPartnerNetwork
[x] Folder Not Deleted : C:\Users\Test\AppData\Local\Conduit
[x] Folder Not Deleted : C:\Users\Test\AppData\LocalLow\Conduit
[x] Folder Not Deleted : C:\Users\Test\AppData\LocalLow\FunWebProducts
[-] Folder Deleted : C:\Users\Test\AppData\LocalLow\MyWebSearch
[x] Folder Not Deleted : C:\Users\Test\AppData\LocalLow\PriceGong
[x] Folder Not Deleted : C:\Users\Test\AppData\LocalLow\Vuze_Remote
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rzmzni6m.default\user.js
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Cr_Installer
[-] Key Deleted : HKCU\Software\FunWebProducts
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\MyWebSearch
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\UpdateStar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\FocusInteractive
[-] Key Deleted : HKLM\SOFTWARE\Fun Web Products
[-] Key Deleted : HKLM\SOFTWARE\MetaStream
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\MyWebSearch
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Viewpoint
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RewardsArcade
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
[!] Key Not Deleted : HKU\S-1-5-21-3390517832-2872913246-3331840494-1000\Software\AppDataLow\Software\Conduit
[!] Key Not Deleted : HKU\S-1-5-21-3390517832-2872913246-3331840494-1000\Software\AppDataLow\Software\MyWebSearch
[-] Key Deleted : HKU\S-1-5-21-3390517832-2872913246-3331840494-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKU\S-1-5-21-3390517832-2872913246-3331840494-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\AppDataLow\Software\MyWebSearch
[-] Key Deleted : HKU\S-1-5-21-3390517832-2872913246-3331840494-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKU\S-1-5-21-3390517832-2872913246-3331840494-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\AppDataLow\Software\MyWebSearch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A88C0B3E-E7FC-495E-B077-F8855339CCF7}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7650C5B-DEA3-43E2-9B26-43502F2EF54E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A88C0B3E-E7FC-495E-B077-F8855339CCF7}
[!] Key Not Deleted : HKU\S-1-5-21-3390517832-2872913246-3331840494-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A88C0B3E-E7FC-495E-B077-F8855339CCF7}
[!] Key Not Deleted : HKU\S-1-5-21-3390517832-2872913246-3331840494-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7650C5B-DEA3-43E2-9B26-43502F2EF54E}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dcmagccbogebndpoodhhhafmofelpffh
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [16434 bytes] ##########
 

 

Here is the JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by John on 29/10/2015 at 13:26:46.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\189F6D048E923EA48B11D15B30CDAC81
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\661134B612233374391C95E8AC373BA3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A08449608E3CA1F4ABF236256A256754
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A431C8F3F57D7844B89242F5F7A5F62C
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B448F401EF39C8346BF7BE9B8D1C7060
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D538E650623CB2C43AD5FBF587227D55
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{246C3152-D3E7-4ABB-B95B-246BD3B5426D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{246C3152-D3E7-4ABB-B95B-246BD3B5426D}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\John\Appdata\Local\rewardsarcade
Successfully deleted: [Folder] C:\Users\John\Appdata\LocalLow\conduit
Successfully deleted: [Folder] C:\Users\John\Appdata\LocalLow\conduitengine
Successfully deleted: [Folder] C:\Users\John\Appdata\LocalLow\funwebproducts
Successfully deleted: [Folder] C:\Users\John\Appdata\LocalLow\vuze_remote
Successfully deleted: [Folder] C:\Users\John\AppData\Roaming\mysearchdial
Successfully deleted: [Folder] C:\Users\John\AppData\Roaming\opencandy
Successfully deleted: [Folder] C:\Users\John\AppData\Roaming\systweak
Successfully deleted: [Folder] C:\users\Public\Documents\guid
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\rzmzni6m.default\minidumps [7 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
 
[C:\Users\John\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\John\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\John\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\John\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/10/2015 at 13:35:22.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Here are the three CC cleaner logs generated after everything else:

 

Startup

 

Yes HKCU:Run Amazon Music Amazon Services LLC "C:\Users\John\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Yes HKCU:Run FlickrUploadr Paul Betts "C:\Users\John\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
Yes HKCU:Run HPAdvisor Hewlett-Packard C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Yes HKCU:Run KiesPDLR Samsung C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Yes HKCU:Run LDM Logitech C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Yes HKCU:Run Nokia.PCSync "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\John\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run swg Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKCU:Run Unified Remote v2 C:\Program Files\Unified Remote\RemoteServer.exe
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKCU:Run Wondershare Helper Compact.exe "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Yes HKLM:Run ALUAlert c:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Yes HKLM:Run HostManager AOL Inc. C:\Program Files\Common Files\AOL\1239914408\ee\AOLSoftware.exe
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run HP Health Check Scheduler [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run hpsysdrv Hewlett-Packard Company c:\hp\support\hpsysdrv.exe
Yes HKLM:Run HTC Sync Loader "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
Yes HKLM:Run IAAnotif Intel Corporation "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run KBD C:\HP\KBD\KbdStub.EXE
Yes HKLM:Run KiesTrayAgent Samsung Electronics Co., Ltd. C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
Yes HKLM:Run Logitech Hardware Abstraction Layer Logitech Inc. KHALMNPR.EXE
Yes HKLM:Run mcpltui_exe McAfee, Inc. "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
Yes HKLM:Run mcui_exe McAfee, Inc. "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run NokiaMServer C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Yes HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Yes HKLM:Run NvSvc Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
Yes HKLM:Run OsdMaestro OsdMaestro "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RivaTuner "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /T
Yes HKLM:Run RtHDVCpl Realtek Semiconductor RtHDVCpl.exe
Yes HKLM:Run SetPoint Logitech Inc. C:\Program Files\Logitech\SetPoint\SetPoint.EXE
Yes HKLM:Run SunJavaUpdateReg Sun Microsystems, Inc. "C:\Windows\system32\jureg.exe"
Yes HKLM:Run WinampAgent "C:\Program Files\Winamp\winampa.exe"
Yes HKLM:Run Windows Defender Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Yes Startup Common Logitech Desktop Messenger.lnk Logitech C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Yes Startup Common Logitech SetPoint.lnk Logitech Inc. C:\Program Files\Logitech\SetPoint\SetPoint.exe
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
Yes Startup User E-mail - Shortcut.lnk

 

 

 

Scheduled

 

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Amazon Music Helper Amazon Services LLC C:\Users\John\AppData\Local\Amazon Music\Amazon Music Helper.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\WINDOWS\System32\browserchoice.exe /launch
Yes Task Google Software Updater Google C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start
Yes Task GoogleUpdateTaskMachineCore1cf4859910aa10 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d0010e988b7376 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d08f322a4093d6 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA1cf6bae3f306c5 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d0010e99480cb6 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d04059c291b4b0 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d08f322acd4376 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCustParticipation HP Photosmart 7510 series Hewlett-Packard Co. "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005
Yes Task JavaUpdateJohn Sun Microsystems, Inc. C:\Windows\system32\jusched.exe
Yes Task Launch HTC Sync Loader C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup
Yes Task SpyHunter4Startup Enigma Software Group USA, LLC. "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s
Yes Task {07EE50B3-86FB-41B8-B661-8D6082C6051D} Microsoft Corporation C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN
Yes Task {6491C2EF-1B6E-4AB3-AA63-578F1E76DFBA} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\John\AppData\Local\Temp\Temp2_IVT2.6.0.8P.zip\2.6.0.8P\SETUP.EXE
Yes Task {6A472EE0-B10D-487F-954D-29B9AB7EB164} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\John\Desktop\IVT2.6.0.8P\2.6.0.8P\SETUP.EXE -d C:\Users\John\Desktop\IVT2.6.0.8P\2.6.0.8P
Yes Task {7B863976-739C-4488-9B0B-7D117D7C2708} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\John\AppData\Local\Temp\Temp1_IVT2.6.0.8P.zip\2.6.0.8P\SETUP.EXE
 

 

Programs

 

7-Zip 4.65 29/10/2010 3.13 MB
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 17/04/2009 14.0 MB
Adobe AIR Adobe Systems Incorporated 09/09/2012 29.1 MB 3.2.0.2070
Adobe Flash Player 19 ActiveX Adobe Systems Incorporated 16/10/2015 19.0.0.226
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 16/10/2015 19.0.0.226
Adobe Reader 8.3.1 Adobe Systems Incorporated 14/09/2011 8.3.1
AIM 7 28/08/2010 15.9 MB
Amazon Music Amazon Services LLC 29/05/2015 179 MB 3.9.5.820
AOL Toolbar 5.0 AOL 14/04/2009 2.61 MB 5.0.67.2
AOL Uninstaller (Choose which Products to Remove) AOL Inc. 21/02/2011
Apple Application Support Apple Inc. 09/03/2014 64.0 MB 2.3.6
Apple Software Update Apple Inc. 14/07/2011 2.38 MB 2.1.3.127
ArcSoft PhotoStudio 6 ArcSoft 05/06/2014 54.2 MB 6.0.0.163
Ask Shopping Toolbar 14/04/2008 4.31 MB
Auction Sentry Auction Sentry 06/01/2011 4.18 MB 3.00.10
Audacity 1.3.7 (Unicode) Audacity Team 19/05/2009 19.0 MB
BBC iPlayer Desktop British Broadcasting Corp. 09/05/2011 1.63 MB 3.2.6
bluefin 3.5.1.0 22/06/2010 2.31 MB
Bluesoleil2.6.0.8 Release 070517 IVT Corporation 12/07/2009 11.3 MB 2.6.0.8 Release 070517
Bonjour Apple Inc. 25/03/2014 1.08 MB 3.0.0.10
CanoScan Toolbox Ver4.1 21/01/2010 960 KB
CCleaner Piriform 28/10/2015 9.27 MB 5.11
Compatibility Pack for the 2007 Office system Microsoft Corporation 15/10/2015 12.0.6612.1000
CyberLink DVD Suite Deluxe CyberLink Corp. 09/04/2009 49.0 MB 5.5.1126
Dropbox Dropbox, Inc. 18/09/2014 66.1 MB 2.10.30
DVD Decrypter (Remove Only) 23/04/2009 932 KB
Enhanced Multimedia Keyboard Solution Hewlett-Packard 25/04/2009 6.85 MB
EPSON TWAIN 5 SEIKO EPSON Corp. 13/05/2009 2.38 MB 5.71.0000
ESET Online Scanner v3 28/10/2015 168 MB
Flickr Uploadr for Windows Flickr 29/10/2015 114 MB 0.9.94.252
Freemake Video Converter version 4.1.6 Ellora Assets Corporation 11/04/2015 68.8 MB 4.1.6
FTDI USB Serial Converter Drivers FTDI Ltd 22/06/2010 2.00.00
Google Chrome Google Inc. 13/06/2009 59.3 MB 46.0.2490.80
Google Drive Google, Inc. 22/10/2015 31.3 MB 1.25.0523.2491
Google Earth Google 13/06/2015 179 MB 7.1.5.1557
Google Toolbar for Internet Explorer Google Inc. 25/09/2015 10.0 MB 7.5.6904.2028
Google Updater Google Inc. 03/10/2011 3.59 MB 2.4.2432.1652
Hardware Diagnostic Tools PC-Doctor, Inc. 09/04/2009 86.1 MB 5.1.4748.24
Hauppauge MCE XP/Vista Software Encoder (2.0.25180) Hauppauge Computer Works, Inc. 09/04/2009 152 KB 2.0.25180
HP Active Support Library 14/04/2008
HP Customer Experience Enhancements Hewlett-Packard 14/04/2008 0.98 MB 5.6.0.2499
HP Customer Participation Program 10.0 HP 27/07/2012 261 MB 10.0
HP Easy Setup - Frontend Hewlett-Packard 14/04/2008 1.98 MB 5.6.0.2542
HP ePrint Hewlett-Packard 25/03/2014 29.0 MB 12.0.13351.1658
HP Imaging Device Functions 10.0 HP 27/07/2012 1.52 MB 10.0
HP On-Screen Cap/Num/Scroll Lock Indicator Hewlett-Packard 09/04/2009
HP Photo Creations HP 07/02/2014 2.78 MB 1.0.0.7702
HP Photosmart 7510 series Basic Device Software Hewlett-Packard Co. 07/02/2014 93.8 MB 28.0.1315.0
HP Photosmart 7510 series Help Hewlett Packard 07/02/2014 11.4 MB 140.0.2.2
HP Photosmart 7510 series Product Improvement Study Hewlett-Packard Co. 07/02/2014 6.43 MB 28.0.1315.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2 HP 27/07/2012 20.9 MB 10.0
HP Photosmart Appliance Printer Driver Software 8.0.D HP 14/07/2009 13.7 MB 8.0
HP Photosmart Essential HP 14/07/2009 11.4 MB 1.12.0.46
HP Photosmart Essential 2.5 HP 09/04/2009 3.20 MB 2.5
HP Solution Center 10.0 HP 27/07/2012 2.27 MB 10.0
HP Support Solutions Framework Hewlett-Packard Company 25/03/2014 6.62 MB 11.50.0012
HP Total Care Advisor Hewlett-Packard 14/04/2008 24.5 MB 1.6.12.2542
HP Update Hewlett-Packard 11/08/2014 3.94 MB 5.005.002.002
HTC BMP USB Driver HTC 22/04/2011 252 KB 1.0.5375
HTC Driver Installer HTC Corporation 09/09/2012 1.87 MB 3.0.0.021
HTC Sync HTC Corporation 09/09/2012 46.9 MB 3.2.20
Intel® Graphics Media Accelerator Driver Intel Corporation 20/03/2012
Intel® Matrix Storage Manager 15/04/2009 3.77 MB
Java™ 6 Update 39 Oracle 23/07/2012 95.6 MB 6.0.390
Java™ SE Runtime Environment 6 Update 1 Sun Microsystems, Inc. 14/04/2008 167 MB 1.6.0.10
LabelPrint CyberLink Corp. 09/04/2009 204 MB 2.2.2329
LightScribe System Software  1.10.23.1 http://www.lightscribe.com 14/04/2008 22.5 MB 1.10.23.1
Logitech Desktop Messenger Logitech, Inc. 10/05/2009 15.9 MB 2.01.02
Logitech SetPoint Logitech 10/05/2009 42.7 MB 2.60
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 28/10/2015 55.8 MB 2.2.0.1024
McAfee AntiVirus Plus McAfee, Inc. 16/06/2015 232 MB 14.0.339
McAfee Security Scan Plus McAfee, Inc. 14/06/2014 11.5 MB 3.8.150.1
McAfee Virtual Technician McAfee, Inc. 25/08/2012 6.32 MB 6.5.0.2101
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 15/04/2009 27.8 MB
Microsoft .NET Framework 4.5.2 Microsoft Corporation 05/02/2015 251 MB 4.5.51209
Microsoft Office Live Meeting 2007 Microsoft Corporation 12/06/2013 51.2 MB 8.0.6362.215
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 15/10/2015 12.0.6612.1000
Microsoft Office Professional 2007 Microsoft Corporation 27/03/2012 584 MB 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 11/08/2015 5.1.40728.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29/07/2009 251 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16/06/2011 294 KB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 04/10/2009 199 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 06/06/2011 592 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 03/10/2009 2.05 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09/09/2012 233 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16/06/2011 594 KB 9.0.30729.6161
Microsoft Works Microsoft Corporation 10/10/2012 9.7.0621
Mozilla Firefox 41.0.2 (x86 en-GB) Mozilla 16/10/2015 85.2 MB 41.0.2
Mozilla Maintenance Service Mozilla 16/10/2015 224 KB 41.0.2.5765
MP3MyMP3 3.0 Bruce McArthur 18/05/2009 9.67 MB
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 24/04/2009 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24/11/2009 1.33 MB 4.20.9876.0
MSXML 4.0 SP3 Parser Microsoft Corporation 22/04/2011 1.47 MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 12/07/2012 1.53 MB 4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 09/01/2013 1.54 MB 4.30.2117.0
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 22/04/2011 1.53 MB 4.30.2107.0
muvee autoProducer 6.1 muvee Technologies 14/04/2008 147 MB 6.10.050
My HP Games WildTangent 09/04/2009 128 MB HPCMPQ1902
Nokia Map Loader Nokia 13/08/2009 4.30 MB 3.0.22
Nokia Ovi Application Installer 6.85.3011 Nokia 23/03/2010
Nokia Ovi Content Copier 6.85.3011 Nokia 23/03/2010
Nokia Ovi One Touch Access 6.85.3019 Nokia 23/03/2010
Nokia Ovi System Utilities 6.85.3018 Nokia 23/03/2010
Nokia Photos Nokia 23/03/2010 141 MB 1.6.387
Nokia Software Updater Nokia Corporation 04/04/2011 44.8 MB 02.06.009.44618
NVIDIA Drivers 22/04/2009
OCR Software by I.R.I.S. 10.0 HP 27/07/2012 2.27 MB 10.0
OpenOffice.org 3.1 OpenOffice.org 18/10/2009 358 MB 3.1.9420
PC Connectivity Solution Nokia 14/01/2011 12.8 MB 10.42.0.0
Power2Go CyberLink Corp. 09/04/2009 136 MB 5.6.3610
PowerDirector CyberLink Corp. 14/04/2008 325 MB 6.5.2420
QuickTime 7 Apple Inc. 27/09/2015 70.3 MB 7.78.80.95
Rapport Trusteer 22/04/2012 29.4 MB 3.5.1108.73
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15/04/2009 21.0 MB 6.0.1.5789
RivaTuner v2.24 Alexey Nicolaychuk 09/05/2009 37.0 MB v2.24
Roxio Backup MyPC Roxio 24/10/2009 18.6 MB 7.0.0
RTC Client API v1.2 Microsoft 16/04/2009 109 KB 1.2.0000
Samsung Kies Samsung Electronics Co., Ltd. 12/01/2015 182 MB 2.6.3.14123.5
Samsung Kies3 Samsung Electronics Co., Ltd. 22/10/2014 82.7 MB 3.2.14083.17
Samsung Story Album Viewer Samsung Electronics Co., Ltd. 22/09/2013 40.6 MB 1.0.0.13054_1
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 12/01/2015 33.7 MB 1.5.49.0
Shop for HP Supplies HP 27/07/2012 261 MB 10.0
Skype™ 7.0 Skype Technologies S.A. 14/04/2015 47.7 MB 7.0.102
sp41121 Hewlett-Packard 16/04/2009
Spotify 18/09/2010 4.20 MB 0.4.7
Spotify Spotify AB 24/07/2012 4.20 MB 0.8.3.222.g317ab79d
SpyHunter 4 Enigma Software Group, LLC 28/10/2015 57.3 MB 4.20.9.4533
SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51 eRightSoft 03/07/2012 48.7 MB v2012.build.51
Tesco Download Manager 23/09/2010 1.17 MB
Uninstall AOL Emergency Connect Utility 1.0 16/04/2009
Veetle TV Veetle, Inc 28/01/2014 10.0 MB 0.9.19
Vista Codec Package Shark007 20/04/2009 53.9 MB 5.1.9
Vuze Azureus Software, Inc. 16/07/2013 38.9 MB 5.0.0.0
Winamp Nullsoft, Inc 27/04/2009 32.9 MB 5.552 
Windows 7 Upgrade Advisor Microsoft Corporation 25/08/2011 8.77 MB 2.0.5000.0
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) Nokia 14/01/2011 3.05 MB 08/22/2008 7.0.0.0
Windows Live Essentials Microsoft Corporation 24/10/2010 15.4.3502.0922
WinZip 11.2 WinZip Computing, S.L. 28/07/2009 11.7 MB 11.3.8261
Wondershare Dr.Fone for Android(Build 4.8.2.142) Wondershare Software Co.,Ltd. 07/01/2015 67.1 MB 4.8.2.142

 

 

 

 

Thanks again Buddy and sorry it's such a mess.

 

Please let me know what I need to do next.

 

Thanks,

John



#7 buddy215

buddy215

  • BC Advisor
  • 12,892 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 29 October 2015 - 09:16 AM

Rerun AdwCleaner....you don't delete individual folders under the tabs. Once the scan is finished simply click on the clean button. It will 

reboot the computer to complete the removal of what it found. Some of what it found was deleted by JRT.

 

Uninstall Google Chrome using Download Revo Uninstaller Freeware in Advanced Mode. Allow it to remove your Chrome profile, too.

 

While you do the above I will look over the lists you posted.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 Banksman

Banksman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 29 October 2015 - 09:48 AM

Thanks. Should I uninstall Firefox too as the issue is affecting that as well? I re-ran ADW and it worked OK this time - this was the log:

 

# AdwCleaner v5.015 - Logfile created 29/10/2015 at 14:28:39
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : John - DESKTOP
# Running from : C:\Users\John\Downloads\adwcleaner_5.015 (2).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\John\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Test\AppData\Local\AskPartnerNetwork
[-] Folder Deleted : C:\Users\Test\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Test\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Test\AppData\LocalLow\FunWebProducts
[-] Folder Deleted : C:\Users\Test\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\Test\AppData\LocalLow\Vuze_Remote
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1106 bytes] ##########


#9 buddy215

buddy215

  • BC Advisor
  • 12,892 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 29 October 2015 - 10:05 AM

Suggest you reinstall Chrome first before doing a clean uninstall of Firefox. That way you can import the Firefox bookmarks into Chrome before

doing the clean uninstall of Firefox...which means deleting your Firefox profile, too.

 

Disable these Windows Startups: Use CCleaner by clicking on each item and then choosing Disable on the right

Yes HKCU:Run Amazon Music Amazon Services LLC "C:\Users\John\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Yes HKCU:Run FlickrUploadr Paul Betts "C:\Users\John\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
Yes HKCU:Run HPAdvisor Hewlett-Packard C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Yes HKCU:Run KiesPDLR Samsung C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Yes HKCU:Run LDM Logitech C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\John\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run swg Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKCU:Run Wondershare Helper Compact.exe "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Yes HKLM:Run ALUAlert c:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Yes HKLM:Run HostManager AOL Inc. C:\Program Files\Common Files\AOL\1239914408\ee\AOLSoftware.exe
Yes HKLM:Run HP Health Check Scheduler [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run hpsysdrv Hewlett-Packard Company c:\hp\support\hpsysdrv.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RivaTuner "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /T
Yes HKLM:Run SunJavaUpdateReg Sun Microsystems, Inc. "C:\Windows\system32\jureg.exe"
Yes HKLM:Run WinampAgent "C:\Program Files\Winamp\winampa.exe"
 
Disable these Scheduled Tasks:

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Amazon Music Helper Amazon Services LLC C:\Users\John\AppData\Local\Amazon Music\Amazon Music Helper.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\WINDOWS\System32\browserchoice.exe /launch
Yes Task Google Software Updater Google C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start
Yes Task GoogleUpdateTaskMachineCore1cf4859910aa10 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d0010e988b7376 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d08f322a4093d6 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA1cf6bae3f306c5 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d0010e99480cb6 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d04059c291b4b0 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d08f322acd4376 Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCustParticipation HP Photosmart 7510 series Hewlett-Packard Co. "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005
Yes Task JavaUpdateJohn Sun Microsystems, Inc. C:\Windows\system32\jusched.exe
 
Delete These Scheduled Tasks:
Yes Task SpyHunter4Startup Enigma Software Group USA, LLC. "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s
Yes Task {07EE50B3-86FB-41B8-B661-8D6082C6051D} Microsoft Corporation C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN
Yes Task {6491C2EF-1B6E-4AB3-AA63-578F1E76DFBA} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\John\AppData\Local\Temp\Temp2_IVT2.6.0.8P.zip\2.6.0.8P\SETUP.EXE
Yes Task {6A472EE0-B10D-487F-954D-29B9AB7EB164} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\John\Desktop\IVT2.6.0.8P\2.6.0.8P\SETUP.EXE -d C:\Users\John\Desktop\IVT2.6.0.8P\2.6.0.8P
Yes Task {7B863976-739C-4488-9B0B-7D117D7C2708} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\John\AppData\Local\Temp\Temp1_IVT2.6.0.8P.zip\2.6.0.8P\SETUP.EXE
 
Uninstall These Programs:
Adobe AIR Adobe Systems Incorporated 09/09/2012 29.1 MB 3.2.0.2070
Adobe Reader 8.3.1 Adobe Systems Incorporated 14/09/2011 8.3.1
AIM 7 28/08/2010 15.9 MB
AOL Toolbar 5.0 AOL 14/04/2009 2.61 MB 5.0.67.2

AOL Uninstaller (Choose which Products to Remove) AOL Inc. 21/02/2011

Ask Shopping Toolbar 14/04/2008 4.31 MB
Auction Sentry Auction Sentry 06/01/2011 4.18 MB 3.00.10
Audacity 1.3.7 (Unicode) Audacity Team 19/05/2009 19.0 MB
BBC iPlayer Desktop British Broadcasting Corp. 09/05/2011 1.63 MB 3.2.6
ESET Online Scanner v3 28/10/2015 168 MB
Google Toolbar for Internet Explorer Google Inc. 25/09/2015 10.0 MB 7.5.6904.2028
Google Updater Google Inc. 03/10/2011 3.59 MB 2.4.2432.1652
Hardware Diagnostic Tools PC-Doctor, Inc. 09/04/2009 86.1 MB 5.1.4748.24
Java™ 6 Update 39 Oracle 23/07/2012 95.6 MB 6.0.390
Java™ SE Runtime Environment 6 Update 1 Sun Microsystems, Inc. 14/04/2008 167 MB 1.6.0.10
McAfee Virtual Technician McAfee, Inc. 25/08/2012 6.32 MB 6.5.0.2101
My HP Games WildTangent 09/04/2009 128 MB HPCMPQ1902
OpenOffice.org 3.1 OpenOffice.org 18/10/2009 358 MB 3.1.9420
Spotify 18/09/2010 4.20 MB 0.4.7
Spotify Spotify AB 24/07/2012 4.20 MB 0.8.3.222.g317ab79d
SpyHunter 4 Enigma Software Group, LLC 28/10/2015 57.3 MB 4.20.9.4533 (Uninstall while in safe mode using Revo Uninstaller)
Uninstall AOL Emergency Connect Utility 1.0 16/04/2009
Winamp Nullsoft, Inc 27/04/2009 32.9 MB 5.552
Windows Live Essentials Microsoft Corporation 24/10/2010 15.4.3502.0922
Wondershare Dr.Fone for Android(Build 4.8.2.142) Wondershare Software Co.,Ltd. 07/01/2015 67.1 MB 4.8.2.142

 

 
 
 
 
 
 
 
 

 

 

 

 

 
 
 
 
 
 
 
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 Banksman

Banksman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 29 October 2015 - 10:49 AM

Thanks buddy.

 

I've done all that you have asked above. One or two programs wouldn't uninstall for various reasons but most of them went.

 

Sorry to be unclear but do you want me to re-install Chrome now? We don't have any Firefox bookmarks we necessarily need to keep and transfer over.

 

I'll restart my machine now as I guess that will make some of the disabling above take effect. Please let me know what needs to be done next.

 

Thanks,

John



#11 buddy215

buddy215

  • BC Advisor
  • 12,892 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 29 October 2015 - 12:17 PM

Sometimes programs will not uninstall because they are active. Running the uninstaller while in safe mode often is successful.

 

If you prefer not to lose your Chrome bookmarks you can back them up before uninstalling Chrome.

you export all your bookmarks into a html file as a back-up. Chrome menu > Bookmarks > Bookmark manager > Organize > Export bookmarks to HTML file.

 

After you have completely uninstalled and reinstalled both browsers, please let me know if the search misdirect is still happening.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 Banksman

Banksman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 29 October 2015 - 12:55 PM

Actually - it does seem to have worked.

 

Thanks so much.

 

Whilst there are a-holes on the internet making malware / junkware etc. it's great to know there are people like you giving their time to help others for good rather than commercial gain.

 

Is there any way I can donate to this site as a thanks for what has been free assistance?

 

One final bit of advice - is it worth me running any of the tools that you have helped me with on any kind of basis to keep my computer tidy? It's time I paid attention to these matters and stopped hiding behind McAfee hoping it will keep my life hassle free.



#13 buddy215

buddy215

  • BC Advisor
  • 12,892 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 29 October 2015 - 01:10 PM

Give it a day or two before calling the cleanup a success.

 

Anytime you download and install free stuff you can count on it to attempt to install adware. That includes browser add-ons.

Once downloaded and not installed is the time to scan the install files.

 

No donation is required as the site is ad supported and volunteer help supported. If the adware does pop up again, I will refer you to

another forum here where those assisting you do accept donations. But not required.

 

You're welcome...enjoyed working with you...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users