Do I have a virus? Help please!

Solved/Closed
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016 - Feb 17, 2016 at 10:30 AM
 Perrinicus - Feb 23, 2016 at 10:17 AM
Ok, so basically:
I tried to download a game.
It came with all kinds of crazy programmes, which I deleted.
I'm now unable to connect to the Internet on my browsers even though my internet connection is perfectly fine.
It says that I am trying to connect using "a DNS server outside of our network" (I'm a BT HUB user)

Please save my skin here, guys n gals!!

Oh I'm on a Toshiba Satellite using Windows 8, by the way.

15 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 22, 2016 at 05:04 PM
Hi

There are 46 malware items in your machine.

1. Please remove (delete) Spybot Search and Destroy. That software is obsolete and will come in conflict with your present antivirus.

2. Download, install and run adwcleaner:

https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/

A log will be produced which you can post here.

3. 1. Download Script ZHPFix here

https://nicolascoolman.eu

2. Select and copy all of the following bold lines.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O20 - AppInit_DLLs: . (...) - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll (.not file.)
O42 - Logiciel: AVG PC TuneUp 2014 - (.AVG.) [HKLM][64Bits] -- {01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O42 - Logiciel: UpdaterEX - (.UpdaterEX.) [HKCU][64Bits] -- UpdaterEX
HKLM\SOFTWARE\Wow6432Node\5b538f8cb33def13
HKLM\SOFTWARE\Wow6432Node\SearchProtect
HKCU\SOFTWARE\5b538f8cb33def13
HKCU\SOFTWARE\UpdaterEX
3 - CFD: 08/02/2014 - [] D -- C:\Program Files (x86)\BonanzaDeals
3 - CFD: 18/02/2016 - [] D -- C:\Program Files (x86)\DNS Unlocker
3 - CFD: 18/02/2016 - [] D -- C:\Program Files (x86)\dply_en_015020240
3 - CFD: 17/02/2016 - [0] D -- C:\Program Files (x86)\Oasis Space
3 - CFD: 30/09/2013 - [0] D -- C:\ProgramData\Babylon
3 - CFD: 17/12/2013 - [] D -- C:\ProgramData\BitGuard
3 - CFD: 25/01/2014 - [0] SHD -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
3 - CFD: 30/09/2013 - [] D -- C:\Users\Briony\AppData\Roaming\Babylon
3 - CFD: 18/10/2013 - [] D -- C:\Users\Briony\AppData\Roaming\UpdaterEX
3 - CFD: 18/02/2016 - [] D -- C:\Users\Briony\AppData\Local\dply_en_015020240
O45 - LFCP:[MD5.13D4FD2014F8293AC6710FCDDCB22C5B] 17/02/2016 A -- C:\WINDOWS\Prefetch\DPLY_EN_015020240 - UNINSTALL-E76805C6.pf
O45 - LFCP:[MD5.89B4945108AC59958B13B26D47F1256D] 18/02/2016 A -- C:\WINDOWS\Prefetch\DPLY_EN_015020240.EXE-60BF14D3.pf
O45 - LFCP:[MD5.47ECCCF4876254D495E90FE6F40FC16B] 17/02/2016 A -- C:\WINDOWS\Prefetch\OASISDPLY_EN_015020240.EXE-329A506A.pf
O45 - LFCP:[MD5.FDE03CEDDADC908E99EFF69BC306538F] 17/02/2016 A -- C:\WINDOWS\Prefetch\OASISSPACE_SETUP.EXE-0C0813B4.pf
O45 - LFCP:[MD5.F82A46383B82DC799CEC7A049215CF0C] 18/02/2016 A -- C:\WINDOWS\Prefetch\UPDPLY_EN_015020240.EXE-D0E8E255.pf
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Doko Search) - http://www.doko-search.com/
O69 - SBI: SearchScopes [HKCU] {2C661B38-B039-4C66-BE36-928418913380} - (Mysearchdial) - http://start.mysearchdial.com/
O69 - SBI: SearchScopes [HKLM] {2C661B38-B039-4C66-BE36-928418913380} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com/
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
C:\Program Files (x86)\BonanzaDeals
C:\Program Files (x86)\DNS Unlocker
C:\Program Files (x86)\dply_en_015020240
C:\Program Files (x86)\Oasis Space
C:\ProgramData\Babylon
C:\ProgramData\BitGuard
C:\Users\Briony\AppData\Roaming\Babylon
C:\Users\Briony\AppData\Roaming\UpdaterEX
C:\Users\Briony\AppData\Local\dply_en_015020240
C:\WINDOWS\Prefetch\DPLY_EN_015020240 - UNINSTALL-E76805C6.pf
C:\WINDOWS\Prefetch\DPLY_EN_015020240.EXE-60BF14D3.pf
C:\WINDOWS\Prefetch\OASISDPLY_EN_015020240.EXE-329A506A.pf
C:\WINDOWS\Prefetch\OASISSPACE_SETUP.EXE-0C0813B4.pf
C:\WINDOWS\Prefetch\UPDPLY_EN_015020240.EXE-D0E8E255.pf
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2C661B38-B039-4C66-BE36-928418913380}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2C661B38-B039-4C66-BE36-928418913380}



3 Close all applications and open ZHP Fix

4. Click on the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Good luck
1
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 17, 2016 at 05:16 PM
Greetings,

Yes! I am 99% sure that you not only have a virus but all kinds of malware.

For a start:

Run and type in the following commands

ipconfig /release
ipconfig /all
ipconfig /flushdns
ipconfig /renew

netsh int ip set dns
netsh winsock reset

Try to open your browser. If it does not work, see if you can boot in safe mode with networking and let me know

Ambucias
Virus/Security Contributor
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 18, 2016 at 04:47 AM
Ok, sorry... But how do I "run" on Windows 8? Also, really struggling with safe mode... Kept restarting it and tapping f8 but it never seems to enter safe mode?
Sorry about this... I'm not very confident with this kind of stuff. Thanks so much for your help!!
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 18, 2016 at 05:34 AM
Yep, found run and went through those commands and the browser still does the exact same thing:

"You are seeing this page because you are using a BT service which requires the use of BT DNS Servers and it appears that you are attempting to connect using a DNS server outside of our network. Our BT protect and BT Parental Controls services both require use of our BT DNS to keep you safe online. You may have selected a different server in your network settings or installed an application that uses an alternative service.
To turn off BT Protect or to delete Parental controls, log in to www.bt.com/mysecurityhub"

Still haven't figured safe mode out though
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 18, 2016 at 05:57 AM
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 18, 2016 at 06:13 AM
Right... In safe mode with networking now. Thanks for that, it was very helpful!

Unfortunately that exact same message is coming up when I try to access my browsers (it only shows up on chrome, ie simply won't load anything)
0

Didn't find the answer you are looking for?

Ask a question
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 18, 2016 at 06:19 AM
I am guessing that someone in your entourage has set parental controls and restrictions on the machine for which I cannot help.
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 18, 2016 at 06:22 AM
But we haven't set any parental controls on the machine... Would it be worth calling my provider to see if they have put parental controls on?
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 18, 2016 at 06:23 AM
I was going to suggest that for it seems to come from BT.

Good luck
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 18, 2016 at 06:24 AM
Ok thank you! Will post here if I manage to access internet.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 18, 2016 at 06:26 AM
I am looking forward to your reply.
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 18, 2016 at 08:36 AM
Ok. I performed a system restore (back to the 11th Feb) and can now access the Internet. I feel that this will not have gotten rid of the virus/malware so can you please recommend what I should do next?

Thanks a lot for all your help so far. You've been great!
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 18, 2016 at 06:54 AM
Right... I have no parental controls on my BT account... The plot is truly thickening! Is there anything else you could suggest? Thanks so much for all your help!
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 18, 2016 at 07:20 AM
Just tried re-running all those commands whilst in safe mode with networking but it was to no avail... Feeling pretty helpless right now
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 18, 2016 at 04:15 PM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.

1. Open this link and download ZHPDiag3 :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)

4. Double click on the short cut ZHPDiag on your Destktop.

5. Click on Full.

Wait for the tool to finished (maybe a long time)

6. Close ZHPDiag.

7. To transmit the report, click on this link :

https://authentification.site

8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from Speedyshare and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 22, 2016 at 04:39 AM
Thanks so much mate. Got this diagnostic info for you here...

http://speedy.sh/fBU8N/ZHPDiag.txt

Sorry it's been a while! Been ridiculously busy with work. Thanks again for all your help :)
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164 > Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 22, 2016 at 06:52 AM
Okay, thanks for the report.

There are lots of malware on your machine.

Will give you solution later on today.
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 22, 2016 at 07:59 PM
Hey! OK, so the adwcleaner download isn't working for my pc... it downloads the file but i'm unable to open it. Any ideas?

I ran the ZHP Fix:

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Briony at 23/02/2016 00:25:18
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Recycle Bin emptied (00mn 03s)
Prefetcher emptied

========== Software ==========
ABSENT Uninstall Process: c:\users\briony\appdata\roaming\updaterex\updateproc\updatetask.exe

========== Registry keys ==========
REMOVES Software Key: {01BD4FC9-2F86-4706-A62E-774BB7E9D308} [AVG PC TuneUp 2014]
REMOVES Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
REMOVES: HKLM\SOFTWARE\Wow6432Node\5b538f8cb33def13
REMOVES: HKLM\SOFTWARE\Wow6432Node\SearchProtect
REMOVES: HKCU\SOFTWARE\5b538f8cb33def13
REMOVES: HKCU\SOFTWARE\UpdaterEX
REMOVES: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
REMOVES: SearchScopes :{2C661B38-B039-4C66-BE36-928418913380}
REMOVES:* HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2C661B38-B039-4C66-BE36-928418913380}

========== Registry values ==========
ABSENT value Standard Profile: FirewallRaz :
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}
REMOVES: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}
REMOVES: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
REMOVES: FirewallRaz (None) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}

========== Elements of the registry data ==========
REMOVES AppInit: \PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll

========== Folders ==========
Deletes temporary Windows (0)
REMOVES Flash Cookies (0)
REMOVES: c:\program files (x86)\bonanzadeals
REMOVES: c:\program files (x86)\dns unlocker
REMOVES: c:\program files (x86)\dply_en_015020240
REMOVES: c:\program files (x86)\oasis space
REMOVES: c:\programdata\babylon
REMOVES: c:\programdata\bitguard
REMOVES: c:\users\briony\appdata\roaming\babylon
REMOVES: c:\users\briony\appdata\roaming\updaterex
REMOVES: c:\users\briony\appdata\local\dply_en_015020240

========== Files ==========
Deletes temporary Windows (0) (0 octets)
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\windows\prefetch\dply_en_015020240 - uninstall-e76805c6.pf
REMOVES: c:\windows\prefetch\dply_en_015020240.exe-60bf14d3.pf
REMOVES: c:\windows\prefetch\oasisdply_en_015020240.exe-329a506a.pf
REMOVES: c:\windows\prefetch\oasisspace_setup.exe-0c0813b4.pf
REMOVES: c:\windows\prefetch\updply_en_015020240.exe-d0e8e255.pf

========== Other ==========
NON-TREATY 3 - CFD: 08/02/2014 - [] D -- C:\Program Files (x86)\BonanzaDeals
NON-TREATY 3 - CFD: 18/02/2016 - [] D -- C:\Program Files (x86)\DNS Unlocker
NON-TREATY 3 - CFD: 18/02/2016 - [] D -- C:\Program Files (x86)\dply_en_015020240
NON-TREATY 3 - CFD: 17/02/2016 - [0] D -- C:\Program Files (x86)\Oasis Space
NON-TREATY 3 - CFD: 30/09/2013 - [0] D -- C:\ProgramData\Babylon
NON-TREATY 3 - CFD: 17/12/2013 - [] D -- C:\ProgramData\BitGuard
NON-TREATY 3 - CFD: 25/01/2014 - [0] SHD -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
NON-TREATY 3 - CFD: 30/09/2013 - [] D -- C:\Users\Briony\AppData\Roaming\Babylon
NON-TREATY 3 - CFD: 18/10/2013 - [] D -- C:\Users\Briony\AppData\Roaming\UpdaterEX
NON-TREATY 3 - CFD: 18/02/2016 - [] D -- C:\Users\Briony\AppData\Local\dply_en_015020240


========== Summary ==========
9 : Registry keys
6 : Registry values
1 : Elements of the registry data
11 : Folders
7 : Files
1 : Software
10 : Other


End of clean in 00mn 13s

========== Path to file report ==========
C:\Users\Briony\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/02/2016 00:25:22 [3667]

My replies don't seem to be posting :/
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 23, 2016 at 05:40 AM
For adwcleaner, run it as admin.
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 23, 2016 at 06:03 AM
Yeah, I have tried running it as admin. It just tells me this program is not compatible with my pc and to check for a compatible version with the software maker... Not a clue why it'd be saying that haha
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164 > Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 23, 2016 at 06:22 AM
I just updated to the latest version, see if it works:

https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 23, 2016 at 06:24 AM
yeah, it's running now. thanks :)
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164 > Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 23, 2016 at 06:26 AM
Finally!

God save the Queen!
0
Perrinicus Posts 16 Registration date Wednesday February 17, 2016 Status Member Last seen February 23, 2016
Feb 23, 2016 at 06:37 AM
# AdwCleaner v5.036 - Logfile created 23/02/2016 at 11:32:15
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Briony - LAPTOP
# Running from : C:\Users\Briony\Downloads\adwcleaner_5.036.exe
# Option : Cleaning
# Support : https://toolslib.net/forum
          • [ Services ] *****
          • [ Folders ] *****


[-] Folder Deleted : C:\ProgramData\DSearchLink
[-] Folder Deleted : C:\Users\Briony\AppData\LocalLow\Doko-Toolbar
[-] Folder Deleted : C:\Users\Briony\AppData\LocalLow\Mysearchdial
[-] Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
          • [ Files ] *****


[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Briony\AppData\Local\nwhb-v9.4.15.crx
[-] File Deleted : C:\Users\Briony\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhjjdgbhohaallcimgcmakfiobacimkm
[-] File Deleted : C:\Users\Briony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
          • [ DLLs ] *****
          • [ Shortcuts ] *****
          • [ Scheduled tasks ] *****
          • [ Registry ] *****


[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net
          • [ Web browsers ] *****


[-] [C:\Users\Briony\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aoejbmmillcdifgagjpdlaamnalbielp


:: "Tracing" keys removed
:: Winsock settings cleared


C:\AdwCleaner\AdwCleaner[C1].txt - [5603 bytes] - [23/02/2016 11:32:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [5425 bytes] - [23/02/2016 11:24:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5749 bytes] ##########
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 23, 2016 at 06:45 AM
That did it! Your machine is now as clean as the inside of an angel's underwear!

Yes, you may uninstall.
0
Superb! Now to recommence looking at angels whose underwear aren't so clean! Haha thanks a lot for all your help mate. You've been great!
0