AdwCleaner Report

Hello,

Ok. Please relaunch AdwCleaner, and click on [Clean]. Then, share the created logfile. Here's the documentation if needed.

Then,

• Download ZHPDiag from Nicolas on his website
• Then run it with administrator's rights (with right click)
• Then upload the log file on up2share (you will find it on your desktop, just drop the file on the upload zone)
• Then post the link in your reply

Regards,

Hello,

Here's the link to the ZHPDiag report:

https://up2sha.re/file?f=0pwfM84Xvkjz

barsim

Hello,

Can you share me the AdwCleaner logfile ? It's located in C:\AdwCleaner\AdwCleaner[S1].txt

I'm analyzing the ZHPDiag report.

Regards,

Hello,

Before:

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 16:47:22
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : sjb - SJB-PC
# Running from : C:\Users\sjb\Favorites\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\sjb\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\UpdateStar
Key Found : HKCU\Software\IObit Apps
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\IObit Apps
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\IObit Apps Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\SmartPCFixer
Key Found : [x64] HKLM\SOFTWARE\SmartPCFixer
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\zInstaller\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2713 bytes] ##########

After:

# AdwCleaner v5.022 - Logfile created 28/11/2015 at 12:08:46
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : sjb - SJB-PC
# Running from : C:\Users\sjb\Favorites\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [588 bytes] ##########

barsim

Hello,

We'll use MBAM to remove some stuff, and then clean the remainings with ZHPFix like you did with Chapi if needed :

• Launch MalwareByte's Anti Malware from your desktop
• Click on the tab Settings -> Detection & Protection -> PUP/PUM and check "Treat these detections like malware".
• Tab Exam choose Threats, click on Scan now, and click on Launch the exam.
• If something is detected, choose to Quarantine everything. If it asks you to reboot the computer, do it.
• After the reboot (or at the end of the exam), launch Malwarebytes -> click on History -> Application logs -> Select the last exam log -> Show.
• Click on Export -> text file (*.txt) -> Choose the desktop as destination, name the file "report-mbam" for example, and click on Save.
• Paste the logfile in your next answer.

Regards,

Hello,

Here's MalwareByte's log:

Malwarebytes Anti-Malware www.malwarebytes.org

Scan Date: 11/30/2015 Scan Time: 5:32 PM Logfile: Scan.txt Administrator: Yes

Version: 2.2.0.1024 Malware Database: v2015.11.30.06 Rootkit Database: v2015.11.26.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled

OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: sjb

Scan Type: Threat Scan Result: Completed Objects Scanned: 345611 Time Elapsed: 55 min, 38 sec

Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled

Processes: 0 (No malicious items detected)

Modules: 0 (No malicious items detected)

Registry Keys: 0 (No malicious items detected)

Registry Values: 0 (No malicious items detected)

Registry Data: 0 (No malicious items detected)

Folders: 0 (No malicious items detected)

Files: 0 (No malicious items detected)

Physical Sectors: 0 (No malicious items detected)

(end)

Thank you for the tips

Hello,

Please repeat what you did with Chapi with ZHPFix, but using the following content :

Script ZHPFix:

O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {0099B484-C24C-4D5F-8167-B0F6DF196E72} ©
HKLM\SOFTWARE\Wow6432Node\McAfee
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
HKCU\SOFTWARE\BitDefender
HKCU\SOFTWARE\McAfee
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\McSiteAdvisor.xml
O43 - CFD: 30/03/2015 - [] D -- C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 30/08/2014 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 22/11/2015 - [] D -- C:\ProgramData\ProductData
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
EmptyTemp
EmptyFlash

Regards,

Here's the Report after running the ZHPFix tool, but didn't select the ZHPFix while it was running. Was I right?

Script ZHPFix:

O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {0099B484-C24C-4D5F-8167-B0F6DF196E72} ©
HKLM\SOFTWARE\Wow6432Node\McAfee
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
HKCU\SOFTWARE\BitDefender
HKCU\SOFTWARE\McAfee
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\McSiteAdvisor.xml
O43 - CFD: 30/03/2015 - [] D -- C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 30/08/2014 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 22/11/2015 - [] D -- C:\ProgramData\ProductData
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
EmptyTemp
EmptyFlash

barsim

Here's the Report after running the ZHPFix tool, but didn't select the ZHPFix REMOVAL while it was running. Was I right?

Script ZHPFix:

O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {0099B484-C24C-4D5F-8167-B0F6DF196E72} ©
HKLM\SOFTWARE\Wow6432Node\McAfee
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
HKCU\SOFTWARE\BitDefender
HKCU\SOFTWARE\McAfee
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\McSiteAdvisor.xml
O43 - CFD: 30/03/2015 - [] D -- C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 30/08/2014 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 22/11/2015 - [] D -- C:\ProgramData\ProductData
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
EmptyTemp
EmptyFlash

barsim

---

barsim, 2015-12-02 17:20:41 (UTC)

Hello,

No, after the cleaning with ZHPFix, there should be a logfile on your Desktop :

I need the content of this file.

Regards,

The missing log-file:

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman,
Update du 19/10/2015
Fichier d'export Registre :
Run by sjb at 12/2/2015 10:12:58 AM
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (07mn AMs)

========== Software ==========
REMOVES: Adobe Shockwave Player 12.0

========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0099B484-C24C-4D5F-8167-B0F6DF196E72}]
REMOVES: HKLM\SOFTWARE\Wow6432Node\McAfee
REMOVES: HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
REMOVES: HKCU\SOFTWARE\BitDefender
REMOVES: HKCU\SOFTWARE\McAfee

========== Folders ==========
REMOVES: C:\Program Files (x86)\Spybot - Search & Destroy
REMOVES: C:\ProgramData\McAfee
REMOVES: C:\ProgramData\ProductData
REMOVES: c:\programdata\{baf091ca-86c4-4627-ada1-897e2621c1b0} Deletes temporary Windows (19) 
REMOVES Flash Cookies (0)

========== Files ==========
Deletes temporary Windows (54) (6,922,878 octets)
REMOVES Flash Cookies (0) (0 octets)

========== Summary ==========
5 : Registry keys
6 : Folders
2 : Files
1 : Software

End of clean in 34mn AMs

========== Path to file report ==========
C:\Users\sjb\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/2/2015 10:13:06 AM [1247]

Sorry for the wrong report submission previously! Should've double-checked b.efore doing so. Question: while the ZHPFix was running didn't select Remove the application,OK?

Hello,

Perfect.

Question: while the ZHPFix was running didn't select Remove the application,OK?

You should have to actually. But it's my fault, I haven't explained it, sorry.

To remove it manually :

1. Go to the start menu
2. Click on Control Panel
3. Programs > Uninstall a program
4. Look for Adobe Shockwave Player 12.0
5. Right click on it > Uninstall

To do a final check, can you then generate a new ZHPDiag report ?

Do you still have any symptoms ? (ads, redirections..)

Regards,

If reading the privously/lastly submitted ZHPFix report correctly, the Adobe Shockvawe 12.0 was removed according to the quote below:

"Recycle Bin emptied (07mn AMs)

========== Software ==========
REMOVES: Adobe Shockwave Player 12.0"

I was reffering to removal of ZHPFix itself in my Question while it was running the first time and generating report to desktop.

I have NO issues left anyway.

Thank you

Hello,

Oh, sorry I misunderstood.

So no, we'll remove every tool we used at the end, including ZHPFix :)

Can you regenerate a ZHPDiag report to make a last check ?

Regards,

Here's the link to the ZPHDiag:

https://up2sha.re/file?f=VGrPwkoCNfb0

Thank you

Here's the link to the ZPHDiag:

https://up2sha.re/file?f=VGrPwkoCNfb0

Thank you

---

barsim, 2015-12-06 15:40:08 (UTC)

Additionally here's the picture link:

https://up2sha.re/file?f=XdgvSr85Abg9

Hi fr33tux,

I'm anxiously waiting for your answer regarding my last sumission:

https://up2sha.re/file?f=VGrPwkoCNfb0

and https://up2sha.re/file?f=XdgvSr85Abg9

Thank you

Hello,

I'm really sorry. I answer you in the next 24 hours, I promise.

Sorry again,

Hello,

As promised, here's my answer :

We need to delete a las thing wit a ZHPFix script. Please repeat the procedure above with the following content :

Script ZHPFix:

C:\ProgramData\InstallMate
EmptyTemp
EmptyFlash
EmptyPrefetch

Then, share me the logfile.

Then, we'll begin the cleaning part :

1. Start CCleaner (there should be a shortcut on your Desktop)
2. Go in Options tab > Advanced, untick Only delete Windows temporary files older than 24 hours.
3. Then in Options  tab > Surveillance, untick the both boxes.
4. In the Clean tab, click on "Clean".
5. When the cleaning is done, go in the "Registry" tab, click on "Find errors" and then "Fix".

I'm waiting for the report above to continue.

Once again, sorry for the delay of my answer..

Best regards,

Here's the Fix report:

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015 Fichier d'export Registre : Run by sjb at 12/12/2015 9:05:30 AM High Elevated Privileges : OK Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (03mn AMs) Prefetcher emptied

========== Folders ========== REMOVES: c:\programdata\installmate Deletes temporary Windows (14) REMOVES Flash Cookies (0)

========== Files ========== Deletes temporary Windows (31) (152,067 octets) REMOVES Flash Cookies (0) (0 octets)

========== Summary ========== 3 : Folders 2 : Files

End of clean in 07mn AMs

========== Path to file report ========== C:\Users\sjb\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/2/2015 10:13:06 AM [1327] C:\Users\sjb\AppData\Roaming\ZHP\ZHPFix[R2].txt - 12/5/2015 8:18:03 AM [814] C:\Users\sjb\AppData\Roaming\ZHP\ZHPFix[R3].txt - 12/12/2015 9:05:34 AM [833]

Regards