Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Bloatware removal help

This is a discussion on Bloatware removal help within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, recently reinstalled my OEM Windows 7 back to factory settings and it has bloatware in the form of shortcuts


 
 
Thread Tools Search this Thread
Old 10-08-2016, 03:06 PM   #1
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Hi, recently reinstalled my OEM Windows 7 back to factory settings and it has bloatware in the form of shortcuts and startup items. On startup it has two items named offers and dockbar which i have disabled. Also, there are plenty of shortcuts advertising various things. I've deleted a few that were on the desktop to begin with but there seem to be a few more.

I've run adwcleaner and it picked up a few registry entries that i have cleaned, they are currently in quarantine, is it safe to empty the quarantine? Please find log attached.

I have also run farbar, please find both FRST and Addition logs attached.

Thank you.

# AdwCleaner v6.021 - Logfile created 08/10/2016 at 22:33:17
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-07.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Steve - STEVE-PC
# Running from : C:\Users\Steve\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****

[-] Service deleted: Partner Service


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Partner
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Partner


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\kt_bho.KettleBho
[-] Key deleted: HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\kt_bho.KettleBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll


***** [ Web browsers ] *****

[-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2838 Bytes] - [08/10/2016 22:33:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [2886 Bytes] - [08/10/2016 15:19:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [2959 Bytes] - [08/10/2016 22:32:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3057 Bytes] #########
Attached Files
File Type: txt AdwCleaner[C0].txt (3.1 KB, 20 views)
File Type: txt Addition.txt (23.6 KB, 25 views)
File Type: txt FRST.txt (130.9 KB, 19 views)
jamestt is offline  
Sponsored Links
Advertisement
 
Old 10-08-2016, 03:33 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, James.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\GET THE KNOWHOW™.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBKHW"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\LiveDrive.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBLIVEDRIVE"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Currys.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBCRY"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Dixons.co.uk.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBDIX"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\PC World.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBPCW"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Pixmania.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBPIX"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Internet\Power up your PC with the UK’s fastest broadband.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBVIRGIN"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\eMusic.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBEMU"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\The Times & Sunday Times digital subscription.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBTIMESONLINE"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WE KNOWHOW™ TO BRING YOU GREAT MOVIES AND TV!.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBKHM"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WHSmith eBooks.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBWHS"
    ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\YouTube.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBYT"
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
    C:\Applications\Tools\DockBar
    C:\Program Files (x86)\TTG\Offers
    SearchScopes: HKU\S-1-5-21-338353727-153379769-689170393-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKU\S-1-5-21-338353727-153379769-689170393-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll => No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\gcswf32.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
    CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\gears.dll => No File
    CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
    C:\Program Files (x86)\Foxconn
    C:\ProgramData\HitmanPro
    C:\ProgramData\KNOWHOW
    C:\Program Files (x86)\KNOWHOW
    [-HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foxconn\FOX LiveUpdate]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FoxAwdWINFLASH64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FXDrv32]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\FoxAwdWINFLASH64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\FXDrv32]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FoxAwdWINFLASH64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FXDrv32]
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DockBar" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Offers" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-08-2016, 03:50 PM   #3
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Hi Chemist, fix completed and all bloatware looks to be gone, thank you. Please find fix log below. Also, regarding the quarantined adwcleaner files, is it safe to delete them from quarantine?

Thank you again for the help.

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by Steve (08-10-2016 23:37:04) Run:1
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Steve)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\GET THE KNOWHOW™.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBKHW"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\LiveDrive.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBLIVEDRIVE"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Currys.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBCRY"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Dixons.co.uk.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBDIX"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\PC World.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBPCW"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Pixmania.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBPIX"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Internet\Power up your PC with the UK’s fastest broadband.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBVIRGIN"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\eMusic.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBEMU"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\The Times & Sunday Times digital subscription.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBTIMESONLINE"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WE KNOWHOW™ TO BRING YOU GREAT MOVIES AND TV!.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBKHM"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WHSmith eBooks.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBWHS"
ShortcutWithArgument: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\YouTube.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q411ADVDBYT"
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
C:\Applications\Tools\DockBar
C:\Program Files (x86)\TTG\Offers
SearchScopes: HKU\S-1-5-21-338353727-153379769-689170393-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-338353727-153379769-689170393-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\gears.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
C:\Program Files (x86)\Foxconn
C:\ProgramData\HitmanPro
C:\ProgramData\KNOWHOW
C:\Program Files (x86)\KNOWHOW
[-HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foxconn\FOX LiveUpdate]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FoxAwdWINFLASH64]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FXDrv32]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\FoxAwdWINFLASH64]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\FXDrv32]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FoxAwdWINFLASH64]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FXDrv32]
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DockBar" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Offers" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\GET THE KNOWHOW™.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\LiveDrive.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Currys.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Dixons.co.uk.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\PC World.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Pixmania.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Internet\Power up your PC with the UK’s fastest broadband.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\eMusic.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\The Times & Sunday Times digital subscription.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WE KNOWHOW™ TO BRING YOU GREAT MOVIES AND TV!.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WHSmith eBooks.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\YouTube.lnk => Shortcut argument removed successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar => moved successfully
C:\Applications\Tools\DockBar => moved successfully
C:\Program Files (x86)\TTG\Offers => moved successfully
HKU\S-1-5-21-338353727-153379769-689170393-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-338353727-153379769-689170393-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}" => key removed successfully
"HKCR\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\gcswf32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\gears.dll => not found.
C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => not found.
"C:\Program Files (x86)\Foxconn" => not found.
"C:\ProgramData\HitmanPro" => not found.
C:\ProgramData\KNOWHOW => moved successfully
C:\Program Files (x86)\KNOWHOW => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foxconn\FOX LiveUpdate => key not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FoxAwdWINFLASH64 => key not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FXDrv32 => key not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\FoxAwdWINFLASH64 => key not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\FXDrv32 => key not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FoxAwdWINFLASH64 => key not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FXDrv32 => key not found.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DockBar" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Offers" /f =========

The operation completed successfully.



========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9365963 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 618801272 B
Edge => 0 B
Chrome => 75530512 B
Firefox => 378565283 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 70454 B
LocalService => 16674 B
NetworkService => 404532 B
Steve => 92283489 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:40:50 ====
jamestt is offline  
Sponsored Links
Advertisement
 
Old 10-08-2016, 06:24 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, James. You're welcome. Yes, you can delete those quarantined items, but they will get deleted when we uninstall AdwCleaner.

If there are no other problems...

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-US/w...up-and-restore

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-09-2016, 05:04 AM   #5
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Thanks Chemist, you've been brilliant as always

All the best,
James.
jamestt is offline  
Old 10-09-2016, 07:10 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, James! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trustworthy inksdata.com virus removal software?
I have found plenty of manual removal instructions but do not trust my own PC skills !!! I have also found various types of software which claims to successfully remove this virus. However feedback is mixed in terms of effectiveness and also some having a negative impact ie attaching Trojans...
borischelski Resolved HJT Threads 1 06-03-2013 11:12 AM
A Challenge?
Any help with this would be really appreciated! So, -I kept getting directed to the wrong (avast tells me malicious) websites when I clicked a link with Bing or Google, has been happening for a couple weeks, with increased frequency -10 days or so ago, found out it might be this "misdirect...
needhelp1234222 Resolved HJT Threads 22 06-26-2012 09:55 PM
MS removal tool - cant start in recovery console
Hi, I got this particular virus close to a week ago and have had no success whatsoever in remedying the situation. I was simply browsing the internet (at a motel 6 on an unsecured network) when I received a "Tamper Alert" from my anti virus software (Symantec). I was receiving close to 100...
gregluck Resolved HJT Threads 20 05-26-2011 01:35 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:24 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts