[KaylaLynnAllen]

Hello everyone,

 

My name is Kayla Allen and I currently use a Toshiba Laptop (Windows 7 Home Premium) that is currently being attacked by a program known as Search Protect. My grandmother had me use a Canon Installer disk so that I could have a printer/scan desktop menu with a lot of options that would make life a bit easier for projects. The installation went smoothly, and when everything was finished, the process took me to the Canon website where suddenly a bunch of pop ups shot up and began downloading virus into my computer. For over an hour I spent my time trying to uninstall programs in the Programs And Features menu, but I noticed even after uninstallation some of the scams didn't disappear from the menu, and Search Protect wouldn't let me uninstall it period saying I didn't have Administrator Access when I actually do and I only use one account period on my laptop.

 

So I tried doing some research as to what steps could be taken, and the only advice I found where a person was in the same situation as I was, was to go to Command Prompt and manually delete the bugs from there; However I've never been taught or shown on how to use Command Prompt so after a while of trying I just gave up.

 

So here's where I'm at:

1) Search Protect won't let me uninstall it

2) Uninstalled programs will still pop up on my Programs And Features menu such as:

a) KNCTR

b) MyPcBackup version 2.04

c) OneSoftPerDay 025.1004

d) Search Protect

 

Attached Thumbnails

• 
• 
• 
• 
• 

[Advertisements]

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

click on the Addition.txt box. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[RKinner]

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

click on the Addition.txt box. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[KaylaLynnAllen]

# AdwCleaner v4.200 - Logfile created 06/04/2015 at 21:30:36

# Updated 29/03/2015 by Xplode

# Database : 2015-04-06.3 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Owner - OWNER-PC

# Running from : C:\Users\Owner\Documents\adwcleaner_4.200.exe

# Option : Cleaning

 

***** [ Services ] *****

 

[#] Service Deleted : CltMngSvc

Service Deleted : Orbiter

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Windows Discount

Folder Deleted : C:\ProgramData\LolliScan

Folder Deleted : C:\Program Files (x86)\globalUpdate

Folder Deleted : C:\Program Files (x86)\Movies App

Folder Deleted : C:\Program Files (x86)\PCFixSpeed

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Program Files (x86)\SearchProtect

Folder Deleted : C:\Program Files (x86)\ORBTR

Folder Deleted : C:\Program Files (x86)\Windows Discount

Folder Deleted : C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager

Folder Deleted : C:\Program Files (x86)\CloudScout Parental Control

Folder Deleted : C:\Users\Owner\AppData\Local\Temp\Cyti Web

Folder Deleted : C:\Program Files\BubbleSound

Folder Deleted : C:\Users\Owner\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Owner\AppData\Local\SearchProtect

Folder Deleted : C:\Users\Owner\AppData\Local\Pro_PC_Cleaner

Folder Deleted : C:\Users\Owner\AppData\LocalLow\zoomify

Folder Deleted : C:\Users\Owner\AppData\Roaming\Nosibay

Folder Deleted : C:\Users\Owner\AppData\Roaming\Store

Folder Deleted : C:\Users\Owner\AppData\Roaming\WTools

File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

File Deleted : C:\Windows\shost.bin

File Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\Owner\AppData\Roaming\Bubble Dock.boostrap.log

File Deleted : C:\Users\Owner\AppData\Roaming\Bubble Dock.installation.log

File Deleted : C:\Users\Owner\AppData\Roaming\Selection Tools.installation.log

File Deleted : C:\Users\Owner\AppData\Roaming\WindApp.boostrap.log

File Deleted : C:\Users\Owner\AppData\Roaming\WindApp.installation.log

File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk

 

***** [ Scheduled tasks ] *****

 

Task Deleted : ProPCCleaner_Popup

Task Deleted : ProPCCleaner_Start

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]

Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\Nosibay

Key Deleted : HKCU\Software\Store

Key Deleted : HKCU\Software\torch

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\StormWatchApp

Key Deleted : HKCU\Software\WTools

Key Deleted : HKCU\Software\ProPCCleanerLanguage

Key Deleted : HKCU\Software\ProPCCleanerConfig

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE

Key Deleted : HKCU\Software\AppDataLow\Software\zoomify

Key Deleted : HKLM\SOFTWARE\CompeteInc

Key Deleted : HKLM\SOFTWARE\EZ Software Updater

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\SearchProtect

Key Deleted : HKLM\SOFTWARE\torch

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKLM\SOFTWARE\ORBTR

Key Deleted : HKLM\SOFTWARE\SPPDCOM

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59680D1A-6A49-4E85-BB42-6886773DF589}_is1

Key Deleted : [x64] HKLM\SOFTWARE\WebBar

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17689

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

 

-\\ Google Chrome v41.0.2272.118

 

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaafeopjhkcolncjbedbhofpocmdbn

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330484&octid=EB_ORIGINAL_CTID&ISID=M52C7801A-E0E2-4AF1-8807-E8AEA825CC02&SearchSource=55&CUI=&UM=8&UP=SP70EAFBC8-4ADE-4ACE-B5F8-5A0F0941B342&SSPV=

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3330484&octid=EB_ORIGINAL_CTID&ISID=M52C7801A-E0E2-4AF1-8807-E8AEA825CC02&SearchSource=55&CUI=&UM=8&UP=SP70EAFBC8-4ADE-4ACE-B5F8-5A0F0941B342&SSPV=

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",

         "usage_count": 0

      }

   },

   "extensions": {

      "settings": {

         "aaaaafeopjhkcolncjbedbhofpocmdbn": {

            "ack_prompt_count": 2,

            "active_permissions": {

               "api": [ "nativeMessaging", "searchProvider", "startupPages", "storage", "webRequest", "webRequestBlocking" ],

               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],

               "manifest_permissions": [  ]

            },

            "commands": {

 

            },

            "content_settings": [  ],

            "creation_flags": 9,

            "events": [  ],

            "from_bookmark": false,

            "from_webstore": true,

            "incognito_content_settings": [  ],

            "incognito_preferences": {

 

            },

            "initial_keybindings_set": true,

            "install_time": "13064841072615407",

            "lastpingday": "13064835594520774",

            "location": 6,

            "manifest": {

               "background": {

                  "scripts": [ "common/config.js", "common/registry.js", "common/utils.js", "common/reporting.js", "settings/common/redirect.js", "settings/Imesh/background.js" ]

               },

               "chrome_settings_overrides_": {

                  "search_provider": {

                     "alternate_urls": [  ],

                     "encoding": "UTF-8

 

*************************

 

AdwCleaner[R0].txt - [9809 bytes] - [06/04/2015 21:28:40]

AdwCleaner[S0].txt - [8620 bytes] - [06/04/2015 21:30:36]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8679  bytes] ##########

[KaylaLynnAllen]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.5.2 (04.06.2015:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Mon 04/06/2015 at 21:40:10.64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 04/06/2015 at 21:48:16.47

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[KaylaLynnAllen]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.5.2 (04.06.2015:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Mon 04/06/2015 at 21:40:10.64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 04/06/2015 at 21:48:16.47

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[KaylaLynnAllen]

 

# AdwCleaner v4.200 - Logfile created 06/04/2015 at 21:30:36

# Updated 29/03/2015 by Xplode

# Database : 2015-04-06.3 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Owner - OWNER-PC

# Running from : C:\Users\Owner\Documents\adwcleaner_4.200.exe

# Option : Cleaning

 

***** [ Services ] *****

 

[#] Service Deleted : CltMngSvc

Service Deleted : Orbiter

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Windows Discount

Folder Deleted : C:\ProgramData\LolliScan

Folder Deleted : C:\Program Files (x86)\globalUpdate

Folder Deleted : C:\Program Files (x86)\Movies App

Folder Deleted : C:\Program Files (x86)\PCFixSpeed

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Program Files (x86)\SearchProtect

Folder Deleted : C:\Program Files (x86)\ORBTR

Folder Deleted : C:\Program Files (x86)\Windows Discount

Folder Deleted : C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager

Folder Deleted : C:\Program Files (x86)\CloudScout Parental Control

Folder Deleted : C:\Users\Owner\AppData\Local\Temp\Cyti Web

Folder Deleted : C:\Program Files\BubbleSound

Folder Deleted : C:\Users\Owner\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Owner\AppData\Local\SearchProtect

Folder Deleted : C:\Users\Owner\AppData\Local\Pro_PC_Cleaner

Folder Deleted : C:\Users\Owner\AppData\LocalLow\zoomify

Folder Deleted : C:\Users\Owner\AppData\Roaming\Nosibay

Folder Deleted : C:\Users\Owner\AppData\Roaming\Store

Folder Deleted : C:\Users\Owner\AppData\Roaming\WTools

File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

File Deleted : C:\Windows\shost.bin

File Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\Owner\AppData\Roaming\Bubble Dock.boostrap.log

File Deleted : C:\Users\Owner\AppData\Roaming\Bubble Dock.installation.log

File Deleted : C:\Users\Owner\AppData\Roaming\Selection Tools.installation.log

File Deleted : C:\Users\Owner\AppData\Roaming\WindApp.boostrap.log

File Deleted : C:\Users\Owner\AppData\Roaming\WindApp.installation.log

File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk

 

***** [ Scheduled tasks ] *****

 

Task Deleted : ProPCCleaner_Popup

Task Deleted : ProPCCleaner_Start

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]

Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\Nosibay

Key Deleted : HKCU\Software\Store

Key Deleted : HKCU\Software\torch

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\StormWatchApp

Key Deleted : HKCU\Software\WTools

Key Deleted : HKCU\Software\ProPCCleanerLanguage

Key Deleted : HKCU\Software\ProPCCleanerConfig

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE

Key Deleted : HKCU\Software\AppDataLow\Software\zoomify

Key Deleted : HKLM\SOFTWARE\CompeteInc

Key Deleted : HKLM\SOFTWARE\EZ Software Updater

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\SearchProtect

Key Deleted : HKLM\SOFTWARE\torch

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKLM\SOFTWARE\ORBTR

Key Deleted : HKLM\SOFTWARE\SPPDCOM

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59680D1A-6A49-4E85-BB42-6886773DF589}_is1

Key Deleted : [x64] HKLM\SOFTWARE\WebBar

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17689

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

 

-\\ Google Chrome v41.0.2272.118

 

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaafeopjhkcolncjbedbhofpocmdbn

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330484&octid=EB_ORIGINAL_CTID&ISID=M52C7801A-E0E2-4AF1-8807-E8AEA825CC02&SearchSource=55&CUI=&UM=8&UP=SP70EAFBC8-4ADE-4ACE-B5F8-5A0F0941B342&SSPV=

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3330484&octid=EB_ORIGINAL_CTID&ISID=M52C7801A-E0E2-4AF1-8807-E8AEA825CC02&SearchSource=55&CUI=&UM=8&UP=SP70EAFBC8-4ADE-4ACE-B5F8-5A0F0941B342&SSPV=

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",

         "usage_count": 0

      }

   },

   "extensions": {

      "settings": {

         "aaaaafeopjhkcolncjbedbhofpocmdbn": {

            "ack_prompt_count": 2,

            "active_permissions": {

               "api": [ "nativeMessaging", "searchProvider", "startupPages", "storage", "webRequest", "webRequestBlocking" ],

               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],

               "manifest_permissions": [  ]

            },

            "commands": {

 

            },

            "content_settings": [  ],

            "creation_flags": 9,

            "events": [  ],

            "from_bookmark": false,

            "from_webstore": true,

            "incognito_content_settings": [  ],

            "incognito_preferences": {

 

            },

            "initial_keybindings_set": true,

            "install_time": "13064841072615407",

            "lastpingday": "13064835594520774",

            "location": 6,

            "manifest": {

               "background": {

                  "scripts": [ "common/config.js", "common/registry.js", "common/utils.js", "common/reporting.js", "settings/common/redirect.js", "settings/Imesh/background.js" ]

               },

               "chrome_settings_overrides_": {

                  "search_provider": {

                     "alternate_urls": [  ],

                     "encoding": "UTF-8

 

*************************

 

AdwCleaner[R0].txt - [9809 bytes] - [06/04/2015 21:28:40]

AdwCleaner[S0].txt - [8620 bytes] - [06/04/2015 21:30:36]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8679  bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.5.2 (04.06.2015:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Mon 04/06/2015 at 21:40:10.64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 04/06/2015 at 21:48:16.47

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[KaylaLynnAllen]

Alright I've done everything recommended but these virus like scams are still in my Program And Features Uninstall menu and they keep popping up when I turn on my computer trying to install itself into my laptop.

 

Attached Thumbnails

• 

[KaylaLynnAllen]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.5.3 (04.07.2015:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Tue 04/07/2015 at 19:43:14.61

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Program Files (x86)\ospd_us_1004"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 04/07/2015 at 19:50:01.36

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[KaylaLynnAllen]

# AdwCleaner v4.200 - Logfile created 07/04/2015 at 19:53:29

# Updated 29/03/2015 by Xplode

# Database : 2015-04-06.3 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Owner - OWNER-PC

# Running from : C:\Users\Owner\Documents\adwcleaner_4.200.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17689

 

 

-\\ Google Chrome v41.0.2272.118

 

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334624&octid=EB_ORIGINAL_CTID&ISID=M94A0476E-F515-4541-A6F2-898FD4961BC2&SearchSource=58&CUI=&UM=8&UP=SP2DC6F823-CC75-4D03-9988-D22DADA730C3&q={searchTerms}&D=040815&SSPV=

 

*************************

 

AdwCleaner[R0].txt - [9809 bytes] - [06/04/2015 21:28:40]

AdwCleaner[R1].txt - [4034 bytes] - [07/04/2015 19:40:00]

AdwCleaner[R2].txt - [1311 bytes] - [07/04/2015 19:44:54]

AdwCleaner[R3].txt - [1370 bytes] - [07/04/2015 19:47:32]

AdwCleaner[S0].txt - [8779 bytes] - [06/04/2015 21:30:36]

AdwCleaner[S1].txt - [3776 bytes] - [07/04/2015 19:42:21]

AdwCleaner[S2].txt - [1297 bytes] - [07/04/2015 19:53:29]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1356  bytes] ##########

[KaylaLynnAllen]

So I cleaned the laptop again using those products you're recommending and those same crappy things popped up against trying to install and I found them under the Uninstall menu again as well...

 

 

I really need help here.

Attached Thumbnails

• 

[RKinner]

I need your FRST logs.  FRST was called for after the Junkware Removal Tool.

 

Also tonight let Avast do a boot time scan as follows:

 

How to do a boot-time scan while you sleep:

First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:

[KaylaLynnAllen]

Alright I did the quick scan and the boot scan last night, but I'm confused on finding the orange ball where you're asking me to change the settings. I opened up my task bar below where I did see a orange like circle, so I saved a picture to show you my options.

Attached Thumbnails

• 

[RKinner]

Once the Quick Scan reaches 100 % and stops you will be able to change it in the upper right where it says Quick Scan in the picture.  Click on the Down arrow to the right of Quick Scan and it will show you a boot-time scan option.

[KaylaLynnAllen]

Alright I made it this far. I scanned and then boot scanned a few times because the report didn't pop up, so I read your post over and tried to make sure I was doing everything step by step. I just can't seemed to find the detailed report..hmmmm

Attached Thumbnails

• 
• 

[RKinner]

Looks like you didn't quite follow instructions since you should have told it to move everything to the chest instead of Automatically fix or Delete but if the boot time scan is now clean, please 

 

Run FRST (remember to right click and Run As Admin)  check the Additions box and then Scan.  You will get two logs.  Post them both.