[Satchfan]

Before we clean up, I’d like to check your computer’s security.


Run Security Check

Download Security Check by screen317 from here or here.

• save it to your Desktop.
• double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Satchfan
 

 

[Advertisements]

Prior to this last step I ran Microsoft Security Essentials both a Quick and Full scan and each time the color indicator stays yellow indicating an issue and it says that I have not ran a scan recently even though the time of the34 last scan shows as just a few minutes ago.

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spyder2express    
 A1PCCleaner    
 Java 7 Update 9 
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.257 
 Adobe Reader 9 
 Adobe Reader XI 
 Mozilla Firefox 27.0.1 Firefox out of Date! 
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

[ethermac56]

Prior to this last step I ran Microsoft Security Essentials both a Quick and Full scan and each time the color indicator stays yellow indicating an issue and it says that I have not ran a scan recently even though the time of the34 last scan shows as just a few minutes ago.

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spyder2express    
 A1PCCleaner    
 Java 7 Update 9 
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.257 
 Adobe Reader 9 
 Adobe Reader XI 
 Mozilla Firefox 27.0.1 Firefox out of Date! 
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

[Satchfan]

Prior to this last step I ran Microsoft Security Essentials both a Quick and Full scan and each time the color indicator stays yellow indicating an issue and it says that I have not ran a scan recently even though the time of the34 last scan shows as just a few minutes ago.

 

Apparently this is a common glitch with Microsoft Security Essentials, (MSE). See this.
 

Personally, I'd choose to run a different antivirus as over the years it has slid down in the test results and at one point even Microsoft was advising Windows users to use a third-party antivirus instead.

If you choose to use a different one, I've included instructions below.

 

===================================================

Your computer appears to be clean.


Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

• double click on adwcleaner.exe to run the tool
• click on Uninstall
• confirm with Yes.

===================================================

Download & run Delfix

• download Delfix from here to remove many of the tools we've used during the cleaning process.
• ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:

o    Create registry backup
o    Purge system restore

• click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Antivirus

Should you choose to use a different antivirus, do the following:

Download and install one of these free antivirus programs:

Free Avast Home Edition
Avira AntiVir® Personal Edition Classic

• save the antivirus you choose to your desktop
• click Start, Control Panel, Programs and Features
• scroll down the list click on Microsoft Security Client and then on Remove
• install the antivirus saved to your desktop.

===================================================

Uninstall/update Programs

Your version of Java is out-of-date and need to be removed and updated.
 

• click Start, Control Panel, Programs and Features
• scroll down the list and look for any Java entry
• if they are present, click on each and then on Remove.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”



Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===========================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===========================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===========================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

===========================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

 

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

[ethermac56]

I JUST got a popup saying my computer may be at risk for a security problem and then it gave a percentage of change like 94% chance I have a problem.......

[ethermac56]

So I am going to hold off on doing anything else until you get a chance to look at this..

[Satchfan]

Is the popup from Microsoft Security Essentials? If you intend keeping MSE then you can disable the security alert via Control Panel > Security Center. On the left hand side of the security center window, click on "Change the way Security Center alerts me" and uncheck the bottom one.

 

Let me know if that stopped the problem.

 

Satchfan

[ethermac56]

The popup remains in place in the middle of this page..no program is associated nwith it. It now shows on all screens.  this is the text from that popup

 

.Warning
Your PC may be at Risk
Check for Malware and Registry Issues

You need to fix your PC problem immeadiately. Your data
is on 94% risk.

That is what the popup says. When I hit Control Panel I do not have a
Security option/icon.

Edited by ethermac56, 20 January 2015 - 03:09 PM.

[Satchfan]

Not sure what could be happening here because all logs appeared to be fine.

 

Run RogueKiller

 

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.

Download RogueKiller to your desktop

• close all running programs
• for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
• when the pre-scan is finished, click on Scan
• click on Report and copy/paste the content in your next post
• NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.

 

 

Satchfan
 

[ethermac56]

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Susan [Administrator]
Mode : Scan -- Date : 01/20/2015 23:24:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 25 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2405160577-2414623752-3231226182-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2405160577-2414623752-3231226182-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{053B0C20-4E50-4910-BEB5-1F29654F2FF5} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1338A57D-11D7-41E5-A668-1D0CEEB9AC9C} | DhcpNameServer : 192.168.6.1 64.134.255.2 64.134.255.10 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{053B0C20-4E50-4910-BEB5-1F29654F2FF5} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1338A57D-11D7-41E5-A668-1D0CEEB9AC9C} | DhcpNameServer : 192.168.6.1 64.134.255.2 64.134.255.10 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{053B0C20-4E50-4910-BEB5-1F29654F2FF5} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1338A57D-11D7-41E5-A668-1D0CEEB9AC9C} | DhcpNameServer : 192.168.6.1 64.134.255.2 64.134.255.10 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5055GSX +++++
--- User ---
[MBR] b5507210a52889c2c7446b54eadae934
[BSP] 243743416e46f951508ec056ff5df4eb : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Satchfan]

Nothing sinister there. We’ll reset your browsers and see if AdwCleaner finds anything with a new scan.


Registry cleaners

In an earlier post I asked you to remove a registry cleaner, (Tuneup computer A1PCCleaner) but not sure that you did.

It's not a good idea to use registry cleaners/boosters. The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to get rid of Tuneup computer A1PCCleaner and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other computer.

• click Start, Control Panel, Programs and Features
• click on Tuneup computer A1PCCleaner and then on Uninstall.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

One of the malware experts, miekiemoes, has an excellent write-up here
Another excellent article by Bill Castner is located here
Another from quietman7 here

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here

• on Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
• give it a few seconds to appear
• copy/paste the entire script inside the codebox below into the input field of Zoek:
  

  
  autoclean;
  emptyalltemp;
  emptyclsid;
  FFdefaults;
  iedefaults;
  chrdefaults;
  
  

• close any open programs.
• click the Run script button, and wait. It takes a few minutes to run.
• when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
• if a reboot is needed, the log will be opened after the reboot.

===================================================

Uninstall AdwCleaner

• double click on adwcleaner.exe to run the tool
• click on Uninstall
• confirm with Yes

Download AdwCleaner again from here and save it to your desktop.

• run AdwCleaner
• when it has finished, select Clean
• if it asks to reboot, allow the reboot
• on reboot a log will be produced; please attach the content of the log to your next reply with the zoek-results.log.

Any change?

Satchfan

 

 

[ethermac56]

Bootup today shows no pop up like before

A1PCCleaner removed.

Results of soek scan:


Zoek.exe v5.0.0.0 Updated 18-01-2015
Tool run by Susan on Wed 01/21/2015 at 17:16:50.20.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Susan\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1/21/2015 5:19:03 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Graboid deleted successfully
C:\PROGRA~2\Imagenomic deleted successfully
C:\PROGRA~2\LucasArts deleted successfully
C:\PROGRA~2\COMMON~1\AOL deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\PhotoStitch deleted successfully
C:\PROGRA~3\ZoomBrowser deleted successfully
C:\Users\Susan\AppData\Roaming\WinRAR deleted successfully
C:\Users\Susan\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2405160577-2414623752-3231226182-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.msn.com/?...&osmkt=en-us");
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("keyword.URL", "http://search.yahoo....pe=293224&p=");

Added to C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default

user.js not found
---- Lines srchvstrn removed from prefs.js ----
user_pref("extensions.srchvstrn.aflt", "vst_ggfc_15_03_ch");
user_pref("extensions.srchvstrn.AL", 2);
user_pref("extensions.srchvstrn.appId", "{4CB3598A-82E8-4D1F-983F-061238AE696E}");
user_pref("extensions.srchvstrn.cd", "2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1B
user_pref("extensions.srchvstrn.cr", "1243036849");
user_pref("extensions.srchvstrn.dfltSrch", true);
user_pref("extensions.srchvstrn.dnsErr", true);
user_pref("extensions.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.id", "701A04D98D51F4D7");
user_pref("extensions.srchvstrn.instlDay", "16450");
user_pref("extensions.srchvstrn.instlRef", "142905_s3");
user_pref("extensions.srchvstrn.prdct", "srchvstrn");
user_pref("extensions.srchvstrn.vrsn", "");
user_pref("extensions.srchvstrn.vrsni", "");
user_pref("extensions.srchvstrn_i.newTab", true);
user_pref("extensions.srchvstrn_i.vrsnTs", "6:22:15");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_20150121_0533_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\GUTAD20.tmp deleted
C:\PROGRA~2\GUMAD1F.tmp deleted
C:\PROGRA~2\Return to Castle Wolfenstein - Platinum Edition deleted
C:\PROGRA~2\Setup Support for Consumer Input deleted
C:\Users\Susan\AppData\Roaming\WB.CFG deleted
C:\Users\Susan\AppData\Roaming\Compete deleted
C:\Users\Susan\AppData\Roaming\1H1Q1V1N1N1O1R deleted
C:\Users\Susan\AppData\Roaming\ZoomBrowser EX deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\tasks\CIMT_S-1-5-21-2405160577-2414623752-3231226182-1001 deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\CT2786678 deleted
C:\Users\Susan\Downloads\setup.exe deleted
C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\conduit deleted
"C:\windows\Installer\126e3a.msi" deleted
"C:\Users\Susan\AppData\Local\{39007869-378B-47F3-81EC-661C1667EC64}" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fkkcgfbgohboipdhliafmacjnhjbhmim - No path found[]

Google Voice Search Hotword (Beta) - Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?...220DHP&pc=U220"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?...220DHP&pc=U220"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{C884A1F9-31D5-4324-A0B7-6D75D50BB840}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{B24B6165-CC09-48FD-97F0-918945E685B2} Bing Url="http://www.bing.com/...c=IE-SearchBox"
{C884A1F9-31D5-4324-A0B7-6D75D50BB840} Google Url="https://www.google.c...={searchTerms}"
{D0D3E76D-0AB5-4F4B-BA42-38BC81B80673} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2405160577-2414623752-3231226182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-2405160577-2414623752-3231226182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D0D3E76D-0AB5-4F4B-BA42-38BC81B80673} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{03A46474-3535-CA2C-D23F-E8F6750383AA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{914A0820-7A29-D161-41B7-FE8DAC8381CF} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Susan\AppData\Local\Mozilla\Firefox\Profiles\ltqckq7g.default\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=232 folders=73 42898680 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Susan\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Susan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 01/21/2015 at 17:40:33.50 ======================

Did not find an instance of AdwCleaner on this computer..downloading it now and results in following email

[ethermac56]

Log fron new instance of AdwCleaner to follow:# AdwCleaner v4.108 - Report created 21/01/2015 at 17:59:28
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Susan - SUSAN-PC
# Running from : C:\Users\Susan\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v27.0.1 (en-US)


-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [32971 octets] - [16/01/2015 05:30:07]
AdwCleaner[R1].txt - [2935 octets] - [16/01/2015 05:40:41]
AdwCleaner[R2].txt - [1033 octets] - [21/01/2015 17:47:29]
AdwCleaner[R3].txt - [1094 octets] - [21/01/2015 17:51:25]
AdwCleaner[S0].txt - [33169 octets] - [16/01/2015 05:34:22]
AdwCleaner[S1].txt - [3018 octets] - [16/01/2015 05:42:49]
AdwCleaner[S2].txt - [1016 octets] - [21/01/2015 17:59:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1076 octets] ##########

this program now deleted

[Satchfan]

So all now OK?

[ethermac56]

I believe so..thank you!

[Satchfan]

Good.

 

I'll leave this open for a further 24 hours after which I'll close it assuming that all is still well.

 

Regards

 

Satchfan