The following entries are false positives:
C:\Documents and Settings\User\Application Data\ProgSense (included with some software to look for updates - nothing malicious or deceiving)
C:\Documents and Settings\User\Application Data\Simple Adblock (adblocker now known as Adblock Plus knowingly installed by user for Internet Explorer)
C:\Documents and Settings\User\Local Settings\Application Data\Hola (knowingly installed by user)
HKCU\Software\ProgSense (included with some software to look for updates - nothing malicious or deceiving)
HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} (belongs to ZoomBrowser EX, a Canon camera utility)
The following are proxy settings knowingly added by user:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - socks=localhost:1234
Thanks in advance for correcting the issue.
@cocochepeau
Here are most of the entries I could find. I believe the Hotspot Shield drivers might be the culprit. One user had a driver inside Device Manager. Replacing that driver with one from another working computer seems to have corrected the connection issue.
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
File Deleted : C:\Windows\System32\drivers\taphss6.sys
File Deleted : C:\Windows\System32\drivers\hssdrv6.sys
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKCU\Software\anchorfree
Folder Found : C:\Users\Sid\AppData\Roaming\hotspot shield
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
@Me1 We're working on this issue. Can you send us a report showing what has been deleted exactly?
After running you program the only things I could see listed were the files under the files tab. I selected them and selected the clean button. Your program cleaned them, closed my computer and rebooted. All seemed well until I went into my task manager. To my surprise under the processes tab, 82 Background Processes were listed in addition to 5 Apps. Many seemed to be duplicates (25) (Google Chrome (32 bit). Is this normal? Was it a mistake to delete those files? If so can it be reversed? If not why wasn't there a strong warning stating the consequences?
I used your software to try and delete V9 and DeltaHomes, but no luck. It seemed to 'clean' up alot of things, but I haven't noticed any change. Can I please get some help?
New Malware
===========
Name: Searchult
Action: Change home page of Firefox/Chrome
Location: %UserProfile%\AppData\Roaming\Macwebtoise
*Need to close explorer.exe to disinfect
Good Morning!
I'm trying to uninstall your program. I'm assuming it's a single use program, that is download it when you need it, then, delete it. I'm afraid I don't understand your above term "using the 'mode uninstall.'
I see Adware in my downloads file, but there's no uninstaller. It's not listed in "Programs & Features," so I can't uninstall from there.
I'm trying to get numerous SearchScopes entries OUT of my registry. While I successfully downloaded & ran Adware from Bleeping Computer this morning, when I tried to download from your site, Sonar blocked it. I don't know what Sonar is, so I figure I'd better uninstall, clean out Adware, and do some reading before I try again.
Is the "mode uninstall" a new term/function? Can someone help me understand,please? Appreciativley...
I had a computer that was infected with a browser hijacking called gamersinfo.org but Adwcleaner didn't pick it up. Maybe you haven't added it to the database so would really appriciate if you did.
Bitdefender Total Security 2014 me détecte une vérole dès que je veux télécharger la version 4.107.
"Le fichier C:\Users\[MonNom]\AppData\Local\Temp\a9B3yjOH.exe a été infecté par Gen:Variant.Graftor.171167."
@tonypl6 : It was a "small" bug in the database. It has been fixed yesterday with the database update.
Sorry for the desagrement,