68 replies to this topic

[OCD]

Hi leader2,
 

Thanks for your help. The log finally opened, but as I thought it was so large that it couldn't be pasted here. I believe that's why it was a cabinet file and not a regular text file like the other logs I've posted. It's 10.6 mb, which makes me think something must have really went wrong in the system with the corruption. The attachments only allow files that are 2mb in size. Do you still want me to try to upload the log via another file host for you?

 
I thought we might run into that problem using the most recent code. The original code would have filtered the specific lines of the log file that would indicate the corrupt files.
 
At this point we have three (3) options to try:

• Re-run the sfc /scannow command followed immediately (do not close the cmd window) by this command findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
• Zip (compress) the file and see if it's small enough to attach to your reply.
• Find a file hosting site that would allow you to upload the entire 10.6 mb file as is.

[leader2]

I appreciate the recommendation to zip the file. That compressed it enough to attach it even though the when I re scanned nothing appeared as a scan log. However I'm very concerned about my computer though. Is this a usual issue to have with this explorer and blue screen problem like this where the files get corrupted like this? The computer is now kind of having the explorer issue even more and beginning to slow down a bit more and freeze a bit. It's only a 14 months old so if you could tell me if you think this is normal or not I would appreciate that as well. 

Attached Files

•  CBS.zip   326.39KB   228 downloads

[OCD]

Hi leader2,
 

However I'm very concerned about my computer though. Is this a usual issue to have with this explorer and blue screen problem like this where the files get corrupted like this? The computer is now kind of having the explorer issue even more and beginning to slow down a bit more and freeze a bit. It's only a 14 months old so if you could tell me if you think this is normal or not I would appreciate that as well.

It's a bit difficult for me to say if this is a normal issue. But files do become corrupt from time to time, so it is certainly possible. If will take some time to sift through the CBS file, so bare with me. I generally work with malware issues and this may turn out to not be the case here, but let's continue on.

Go here, and scroll down to OPTION ONE:


Follow the steps of the tutorial, you will be using this command in the command prompt window. Just copy and paste it into the window.
Dism /Online /Cleanup-Image /RestoreHealth

Reboot after it has completed.

Then re-run the sfc\ scannow step again from the command prompt.
Take a screen shot of the command window when it is finished and post in your next reply.


 

[OCD]

Hi leader2,

Just checking in to see if you still need help?

[leader2]

Hi leader2,

Just checking in to see if you still need help?

 

Yes I still do OCD. I apologize that I haven't replied yet. I haven't been able to get online in a few days. I am going to follow your steps for the fix and post results tomorrow. Sorry for any confusion. 

[OCD]

Thanks for the update.

[leader2]

Hi OCD. Sorry it took me so long to post here and thanks for your patience. Sometimes I'm not able to get online. You have been very helpful. I understand the CBS file was very large and took some time to go thru so I understand your need for me to bear with you. Thanks for bearing with me as well thru this process. 

 

Here is my screenshot from after the sfc scan. I think your Dism fix must have worked because after I ran it and reran the sfc this came up. 

 

[OCD]

Hi leader2,

Re-run OTL, but this time place a check mark in the box that reads Scan All Users.



=========================

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================


ESET Online Scanner

*Note:

• It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
• Please don't go surfing while your resident protection is disabled!
• Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
• Click Scan.
• Wait for the scan to finish.
• When the scan completes, click List of found threats
• click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
• Include the contents of this report in your next reply
  
  Note - when ESET doesn't find any threats, no report will be created.
• Push the back button.
• Push Finish
• Re-enable your Antivirus software.

=========================

In your next post please provide the following:

• OTL.txt
• MBAM log
• ESET's log.txt
• How's the computer running, any symptoms?

[leader2]

In your next post please provide the following:

OTL.txt

MBAM log

ESET's log.txt

How's the computer running, any symptoms?

 

OTL.txt

 

When I tried to post the forum thread said my post was too long so I attached my OTL.txt

 

MBAM log

 

I also attached my MBAM log

 

 

ESET's log.txt

 

C:\Program Files (x86)\NCH Software\Debut\debut.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\Program Files (x86)\NCH Software\Debut\debutsetup_v1.82.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\Program Files (x86)\NCH Software\GoldenVideos\goldenvideos.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\Program Files (x86)\NCH Software\GoldenVideos\goldenvideossetup_v3.01.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.43.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\Program Files (x86)\NCH Swift Sound\Slice\slice.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

C:\Program Files (x86)\NCH Swift Sound\Slice\slicesetup_v2.00.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

C:\Program Files (x86)\NCH Swift Sound\Slice\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

C:\Users\A Lamar\AppData\Local\Torch\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application

C:\Users\White\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi potentially unwanted application

C:\Users\White\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

K:\1\EXMINISTRIES\EX MINISTRIES VIDEOS\cbsidlm-tr1_14-Free_SWF_to_AVI_Converter-SEO-75687385.exe Win32/DownloadAdmin.G potentially unwanted application

K:\1\TV SHOWS\FAMILY MATTERS\SEASON 7\deluge+bittorrent+client_1.0.exe a variant of Win32/DownloadGuide.A potentially unwanted application

K:\1\UNDERSTANDINGTV.COM\SPIRITUAL DEVELOPMENT\Possessing Power to Have Victory Over Your Thoughts\Download\gvsetup.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application

K:\D\D&S\AdmIN\Desktop\SOFTWARE\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller potentially unwanted application

K:\My Kindle Content\D\D&S\AdmIN\Desktop\SOFTWARE\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\AUDIO\audiograbbersetup183se.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\AUDIO\DVD KNIFE .exe Win32/Adware.RK.AP application

K:\SOFTWARE\AUDIO & VIDEO\AUDIO\slicesetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\AUDIO\switch setup (SWITCH AUDIO CONVERTER).exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\DVD AUTHORING\dvd styler.exe Win32/Somoto.E potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\cbsidlm-tr1_14-Webcam_Screen_Video_Capture_Free-ORG-75940100.exe Win32/DownloadAdmin.G potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\debut 1.60.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\Debut Video Capture Software.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\debutsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\KOYOTESOFT SCREEN RECORDER Free Screen to Video.exe Win32/Toolbar.SearchSuite potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\VIDEO CONVERTERS\FORMAT FACTORY Setup3.1.1.0.exe a variant of Win32/Hao123.A potentially unwanted application

K:\SOFTWARE\AUDIO & VIDEO\VIDEO CONVERTERS\KOYOTESOFT ISO OPEN.exe Win32/Toolbar.SearchSuite potentially unwanted application

K:\SOFTWARE\COMP\IObit Unlocker 1.1 (DELETE FILES YOU CAN'T BECAUSE OF ADMIN).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

K:\SOFTWARE\COMP\MAINTENANCE\aulogics disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application

K:\SOFTWARE\COMP\MISC\cbsidlm-tr1_13-JetClean-ORG-75627788.exe Win32/DownloadAdmin.G potentially unwanted application

K:\SOFTWARE\COMP\MISC\PDFCreator-1_7_2_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application

K:\SOFTWARE\OFFICE AND NEWS\PDFCreator 1.7.2.exe Win32/InstallMonetizer.AQ potentially unwanted application

K:\SOFTWARE\SECURITY\FIREWALLS\ZoneAlarm Free 12.0.121.000.exe Win32/Toolbar.Conduit potentially unwanted application

K:\SOFTWARE\SYSTEM TUNING\Cleaning and Tweaking\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application

K:\SOFTWARE\SYSTEM TUNING\Defragmentation\Auslogics Disk Defrag 4.4.2.0.exe Win32/InstallMonetizer.AQ potentially unwanted application

O:\1\EXMINISTRIES\EX MINISTRIES VIDEOS\cbsidlm-tr1_14-Free_SWF_to_AVI_Converter-SEO-75687385.exe Win32/DownloadAdmin.G potentially unwanted application

O:\1\TV SHOWS\FAMILY MATTERS\SEASON 7\deluge+bittorrent+client_1.0.exe a variant of Win32/DownloadGuide.A potentially unwanted application

O:\1\UNDERSTANDINGTV.COM\SPIRITUAL DEVELOPMENT\Possessing Power to Have Victory Over Your Thoughts\Download\gvsetup.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application

O:\D\D&S\AdmIN\Desktop\SOFTWARE\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller potentially unwanted application

O:\My Kindle Content\D\D&S\AdmIN\Desktop\SOFTWARE\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\AUDIO\audiograbbersetup183se.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\AUDIO\DVD KNIFE .exe Win32/Adware.RK.AP application

O:\SOFTWARE\AUDIO & VIDEO\AUDIO\slicesetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\AUDIO\switch setup (SWITCH AUDIO CONVERTER).exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\DVD AUTHORING\dvd styler.exe Win32/Somoto.E potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\cbsidlm-tr1_14-Webcam_Screen_Video_Capture_Free-ORG-75940100.exe Win32/DownloadAdmin.G potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\debut 1.60.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\Debut Video Capture Software.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\debutsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\KOYOTESOFT SCREEN RECORDER Free Screen to Video.exe Win32/Toolbar.SearchSuite potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\VIDEO CONVERTERS\FORMAT FACTORY Setup3.1.1.0.exe a variant of Win32/Hao123.A potentially unwanted application

O:\SOFTWARE\AUDIO & VIDEO\VIDEO CONVERTERS\KOYOTESOFT ISO OPEN.exe Win32/Toolbar.SearchSuite potentially unwanted application

O:\SOFTWARE\COMP\IObit Unlocker 1.1 (DELETE FILES YOU CAN'T BECAUSE OF ADMIN).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

O:\SOFTWARE\COMP\MAINTENANCE\aulogics disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application

O:\SOFTWARE\COMP\MISC\cbsidlm-tr1_13-JetClean-ORG-75627788.exe Win32/DownloadAdmin.G potentially unwanted application

O:\SOFTWARE\COMP\MISC\PDFCreator-1_7_2_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application

O:\SOFTWARE\OFFICE AND NEWS\PDFCreator 1.7.2.exe Win32/InstallMonetizer.AQ potentially unwanted application

O:\SOFTWARE\SECURITY\FIREWALLS\ZoneAlarm Free 12.0.121.000.exe Win32/Toolbar.Conduit potentially unwanted application

O:\SOFTWARE\SYSTEM TUNING\Cleaning and Tweaking\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application

O:\SOFTWARE\SYSTEM TUNING\Defragmentation\Auslogics Disk Defrag 4.4.2.0.exe Win32/InstallMonetizer.AQ potentially unwanted application

 

 

How's the computer running, any symptoms?

 

The explorer isn't crashing as much, which is good, but when I rebooted the computer it did show the explorer error I told you about. It is running to me a bit slower than I think it should be considering my specs which while I'm not an expert, I would think would provide a much better experience than I'm currently having (I have 8gb ram, an I5 processor 3ghz with a 2 tb drive on a 64 bit machine). My sync manager has been crashing a lot lately (as other programs starting up I think a bit slower than they should) and before it never did this. 

 

 

Attached Files

•  OTL.Txt   226.89KB   295 downloads
•  Malwarebytes Anti-Malware.txt   138.39KB   392 downloads

[OCD]

Hi leader2,

Your primary hard drive (C:) is being stretched a bit thin. As you can see by the line below from your OTL you have minimal amount of free space on your primary hard drive.
Drive C: | 1850.39 Gb Total Space | 192.85 Gb Free Space | 10.42% Space Free | Partition Type: NTFS

Since the C drive is where your operating system resides it is vital to not over tax that drive. To ensure a smooth running system it is recommended that you have at minimum 20% free space. You appear to have ample other storage options available. You should try and remove/move some programs from the C drive and get the free space down to at least 20%, more if possible. This will help in the performance issues you are experiencing.

=========================

P2P - (Peer to Peer)

I see you have/had P2P software Vuze installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

• Vuze
• Azureus

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

Please download AdwCleaner by Xplode and save to your Desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that log file in your next reply.
• A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

What option did you choose after the Malwarebytes' scan? Clean?

=========================

In your next post please provide the following:

• AdwCleaner[R0].txt

[leader2]

Hi OCD

 

That information about my C drive showed before I cleaned it or while I was doing so. It's now got 850 GB free of the 1.80 tb total. 

 

Vuze has been removed.

 

I think AdwCleaner mentioned Torch or Torch handler and I would like to keep this please. Here is the log.

 

# AdwCleaner v3.022 - Report created 31/03/2014 at 13:33:13

# Updated 13/03/2014 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : A Lamar - HP

# Running from : C:\Users\A Lamar\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : torchcrashhandler

 

***** [ Files / Folders ] *****

 

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

Folder Found : C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\Extensions\{77E8143B-6759-416E-B521-82CFED75150B}

Folder Found : C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\Extensions\{77e8143b-6759-416e-b521-82cfed75150b}

Folder Found C:\Program Files (x86)\orbitdownloader

Folder Found C:\ProgramData\torchcrashhandler

Folder Found C:\Users\A Lamar\AppData\Local\torch

Folder Found C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch

Folder Found C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\CT3288691

Folder Found C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\FCTB

Folder Found C:\Users\White\AppData\Local\PackageAware

Folder Found C:\Users\White\AppData\Roaming\Search Protection

Folder Found C:\WINDOWS\SysWOW64\AI_RecycleBin

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch

Key Found : HKCU\Software\Orbit

Key Found : HKCU\Software\torch

Key Found : [x64] HKCU\Software\Orbit

Key Found : [x64] HKCU\Software\torch

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1

Key Found : HKLM\Software\Orbit

Key Found : HKLM\Software\torch

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16518

 

 

-\\ Mozilla Firefox v29.0 (en-US)

 

[ File : C:\Users\White\AppData\Roaming\Mozilla\Firefox\Profiles\pk216cnh.default\prefs.js ]

 

 

[ File : C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\prefs.js ]

 

Line Found : user_pref("CT3288691.CONDUIT_UPDATE_lastTimeUpdateChecked.enc", -169189736);

Line Found : user_pref("CT3288691.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT3288691.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT3288691.FF19Solved", "true");

Line Found : user_pref("CT3288691.FirstTime", "true");

Line Found : user_pref("CT3288691.FirstTimeFF3", "true");

Line Found : user_pref("CT3288691.UserID", "UN64921707619691172");

Line Found : user_pref("CT3288691.addressBarTakeOverEnabledInHidden", "true");

Line Found : user_pref("CT3288691.addressUrlXPETakeover", "true");

Line Found : user_pref("CT3288691.autoDisableScopes", -1);

Line Found : user_pref("CT3288691.countryCode", "US");

Line Found : user_pref("CT3288691.defaultSearch", "false");

Line Found : user_pref("CT3288691.enableAlerts", "true");

Line Found : user_pref("CT3288691.enableFix404ByUser", "TRUE");

Line Found : user_pref("CT3288691.enableSearchFromAddressBar", "true");

Line Found : user_pref("CT3288691.firstTimeDialogOpened", "true");

Line Found : user_pref("CT3288691.fixPageNotFoundError", "true");

Line Found : user_pref("CT3288691.fixPageNotFoundErrorByUser", "true");

Line Found : user_pref("CT3288691.fixPageNotFoundErrorInHidden", "true");

Line Found : user_pref("CT3288691.fixUrls", true);

Line Found : user_pref("CT3288691.fullUserID", "UN64921707619691172.IN.20130711034329");

Line Found : user_pref("CT3288691.installDate", "11/07/2013 03:43:29");

Line Found : user_pref("CT3288691.installId", "stub.exe");

Line Found : user_pref("CT3288691.installSessionId", "{F36FD439-914E-4E45-988F-12039F5E31A7}");

Line Found : user_pref("CT3288691.installSp", "true");

Line Found : user_pref("CT3288691.installType", "conduitnsisintegration");

Line Found : user_pref("CT3288691.installUsage", "2013-07-11T21:05:56.1898269+03:00");

Line Found : user_pref("CT3288691.installUsageEarly", "2013-07-11T21:05:54.7546177+03:00");

Line Found : user_pref("CT3288691.installerVersion", "1.5.4.4");

Line Found : user_pref("CT3288691.isCheckedStartAsHidden", true);

Line Found : user_pref("CT3288691.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT3288691.isFirstTimeToolbarLoading", "false");

Line Found : user_pref("CT3288691.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Found : user_pref("CT3288691.keyword", "true");

Line Found : user_pref("CT3288691.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=15&CUI=UN64921707619691172&SSPV=&Lay=1&UM=2\"}");

Line Found : user_pref("CT3288691.lastVersion", "10.16.4.519");

Line Found : user_pref("CT3288691.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");

Line Found : user_pref("CT3288691.migrateAppsAndComponents", true);

Line Found : user_pref("CT3288691.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DivXBrowserBar.OurToolbar.com/\",\"EB_[...]

Line Found : user_pref("CT3288691.openThankYouPage", "false");

Line Found : user_pref("CT3288691.openUninstallPage", "true");

Line Found : user_pref("CT3288691.originalSearchAddressUrl", "");

Line Found : user_pref("CT3288691.revertSettingsEnabled", "false");

Line Found : user_pref("CT3288691.search.searchAppId", "10000002");

Line Found : user_pref("CT3288691.search.searchCount", "0");

Line Found : user_pref("CT3288691.searchInNewTabEnabledByUser", "false");

Line Found : user_pref("CT3288691.searchInNewTabEnabledInHidden", "true");

Line Found : user_pref("CT3288691.searchRevert", "false");

Line Found : user_pref("CT3288691.searchSuggestEnabledByUser", "true");

Line Found : user_pref("CT3288691.searchUserMode", "2");

Line Found : user_pref("CT3288691.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT3288691.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Found : user_pref("CT3288691.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

Line Found : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3288691\"}");

Line Found : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DivXBrowserBar.OurToolbar.com//xpi\"}");

Line Found : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DivX Browser Bar\"}");

Line Found : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT3288691.serviceLayer_services_Configuration_lastUpdate", "1374220455785");

Line Found : user_pref("CT3288691.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373565958844");

Line Found : user_pref("CT3288691.serviceLayer_services_appsMetadata_lastUpdate", "1374221571586");

Line Found : user_pref("CT3288691.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373565958605");

Line Found : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1373565957324");

Line Found : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1373565959232");

Line Found : user_pref("CT3288691.serviceLayer_services_login_10.16.4.19_lastUpdate", "1373777903092");

Line Found : user_pref("CT3288691.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374220455924");

Line Found : user_pref("CT3288691.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373565958658");

Line Found : user_pref("CT3288691.serviceLayer_services_searchAPI_lastUpdate", "1374220455821");

Line Found : user_pref("CT3288691.serviceLayer_services_serviceMap_lastUpdate", "1374220455590");

Line Found : user_pref("CT3288691.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373565958555");

Line Found : user_pref("CT3288691.serviceLayer_services_toolbarSettings_lastUpdate", "1374221571516");

Line Found : user_pref("CT3288691.settingsINI", true);

Line Found : user_pref("CT3288691.shouldFirstTimeDialog", "false");

Line Found : user_pref("CT3288691.showToolbarPermission", "false");

Line Found : user_pref("CT3288691.smartbar.CTID", "CT3288691");

Line Found : user_pref("CT3288691.smartbar.Uninstall", "0");

Line Found : user_pref("CT3288691.smartbar.toolbarName", "DivX Browser Bar ");

Line Found : user_pref("CT3288691.startPage", "false");

Line Found : user_pref("CT3288691.toolbarBornServerTime", "11-7-2013");

Line Found : user_pref("CT3288691.toolbarCurrentServerTime", "19-7-2013");

Line Found : user_pref("CT3288691.toolbarLoginClientTime", "Thu Jul 11 2013 14:05:58 GMT-0400 (Eastern Standard Time)");

Line Found : user_pref("CT3288691.versionFromInstaller", "10.16.4.19");

Line Found : user_pref("CT3288691.xpeMode", "3");

Line Found : user_pref("CT3288691_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374221561358,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

Line Found : user_pref("extensions.51de60d93af7d.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/15[...]

Line Found : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\",\"width\":225,\"height\":65},{\"name[...]

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.21.KeywordHistory", "gpt%7Ccash%2520videos%7Cfirefox%2520add%2520on%7Ccash%2520crate%2520inboxdollars%7Cpaid%2520viewpoint%7Csuper%2520nintendo%7Cc[...]

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.AutoSearchEventData", "auto%20search");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.ClearCacheDate", 17);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.DNSCatch", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.DisplayEULA", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.DnsCatchEventData", "dns%20catch");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.EBOMode", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.EnableDCAData_xx", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.EnableDCA_xx", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.FirstLaunchShown", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.InstallDomain", "inboxdollars.com");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.InstallType", "one_click");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.LoadLayoutDate.62133", 17);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.NewTabSearchEventData", "tab%20search");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.ShowRecommendedOptions", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.StateReportDate", "1376741555826");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.TopRightSearchEventData", "top%20right%20search");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.beforeInstallSaved", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.beforeinstall.search", "Google");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.comp.search.21.engine_img", "aHR0cDovL3MzaW1hZ2VzLmZyZWVjYXVzZS5jb20uczMuYW1hem9uYXdzLmNvbS9jb3R0ZXJ3ZWIvMTZ4MTZiaWxseS5wbmc%3D");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.comp.search.21.engine_url", "aHR0cDovL3d3dy5pbmJveGRvbGxhcnMuY29tL3NlYXJjaC9yZXN1bHRzP3E9");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.comp.search.21.text", "Search%20and%20Earn%20Cash%21");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.comp.search.21.width", "249");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.customNewTab", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.dcaDefaultMode", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.dcaShowInstallerPage", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.dcaShowSurvey", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.helpUsImprove", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.hidden.login", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.hidden.promo", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.hidden.signup", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.hideOthers", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.partnerauth", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.processAddrBar", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.remove_homepage", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.remove_search", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.restoreSearch", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.searchHistory", true);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.session", "F9AAE33F6220838039AAE3D70465DB07DF2D675940A46C7E1CCD59C9695E3F3D6F4BA704C0C75FD00C22EAEAB0A93F2516B3ADD6EC5B5FC6DF141171AA2A6976FCF80CDB[...]

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.showFirstLaunchOptions", false);

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.tb_lang", "en");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.tool_id", "62133");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.user_id", "127253861");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.user_key", "a587ff34ef0f46239a7d064b5c0f0f9128624215");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.user_layouts", "62133");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.user_lnames", "InboxDollars");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");

Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.yahooSearch", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.46.KeywordHistory", "who%2527s%2520who%2520in%2520basketball%2520presents%2520pro%2520basketball%2520preview%7Cwho%2527s%2520who%2520in%2520basketb[...]

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.AutoSearchEventData", "auto%20search");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.ClearCacheDate", 17);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.DNSCatch", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.DisplayEULA", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.DnsCatchEventData", "dns%20catch");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.EBOMode", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.EnableDCAData_xx", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.EnableDCA_xx", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.FirstLaunchShown", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.InstallDomain", "fusioncash.net");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.InstallType", "one_click");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.LoadLayoutDate.100611", 17);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.NewTabSearchEventData", "tab%20search");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.ShowRecommendedOptions", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.StateReportDate", "1376741555831");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.TopRightSearchEventData", "top%20right%20search");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.beforeInstallSaved", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.beforeinstall.search", "Google");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.comp.affiliate.118.disabled", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.customNewTab", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.dcaDefaultMode", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.dcaShowInstallerPage", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.dcaShowSurvey", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.helpUsImprove", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.hideOthers", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.partnerauth", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.processAddrBar", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.restoreSearch", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.runcmd.", "1376542133");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.searchHistory", true);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.session", "0D03C13130C40D2C8164B4456188C2C3460974130F89E8C2BC592ABA8114D434F8736CBBDB0F19664D20C39742E8C4F008F519F63FAA236022E7E1D7DDD95FD842ED0AA8[...]

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.showFirstLaunchOptions", false);

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.tb_lang", "en");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.tool_id", "100611");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.user_id", "127253769");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.user_key", "62eaf4169fbb6951370761550e6402bd3d881aa8");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.user_layouts", "100611");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.user_lnames", "FusionCash%20Toolbar");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");

Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.yahooSearch", false);

Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3288691");

Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN64921707619691172&UM=2&q=");

Line Found : user_pref("smartbar.machineId", "A1Q/HKFJCNBREH50L3SGCEC9JQN+BTA9PMMVRD4XXGUC5J4K0XTQRPW+DRC+YTJTKCS27XJBAFXUOXL3PUD3DA");

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Eurceliakins\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [22366 octets] - [31/03/2014 00:24:33]

AdwCleaner[R1].txt - [22269 octets] - [31/03/2014 13:33:13]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [22330 octets] ##########

 

 

On Malwarebytes... I think I tried to clean the entries and it would only allow me to quarantine them. I apologize that I can't quite remember after the scan completed what exactly happened, but I don't think they were completely cleaned off.

[OCD]

Hi leader2,
 

On Malwarebytes... I think I tried to clean the entries and it would only allow me to quarantine them. I apologize that I can't quite remember after the scan completed what exactly happened, but I don't think they were completely cleaned off.

Quarantine is good, thank you.

=========================
 

I think AdwCleaner mentioned Torch or Torch handler and I would like to keep this please

Re- run AdwCleaner

It should be on your desktop

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• Click each tab and remove the check mark from the items you wish to keep.
• Then click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that log file in your next reply.
• A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

Access System Restore and see what Restore Points are available. Do not restore at this time. I would just like the information that's available.

=========================

In your next post please provide the following:

• AdwCleaner[S0].txt
• FRST.txt
• Additon.txt

[leader2]

Hi OCD

 

Thanks for letting me know the quarantine went ok. I hadn't seen the new Malwarebytes before and was a bit confused since I was used to the old interface.

 

Before we proceed further I had a question.

 

I cleaned with Adwcleaner and unchecked the option about torch handler before I cleaned. This was the only thing that showed up and was checked on the first tab, but I forgot to check the other tabs by mistake. When I rebooted the computer my Torch browser was uninstalled and my settings were gone when I reinstalled. Is there a way I can undo the Adwcleaner to get my torch browser back and then redo the clean properly?

[OCD]

Hi leader2,

Go here and review how to restore from the Quarantine folder. If items are present.
http://general-chang...3-x#quarantaine

• Open AdwCleaner > Tools > Quarantine Manager
• Locate items you wish to have restored and place a check mark in the respective boxes.
• Next click the Restore button.
• A report of the restored items should appear.

Reboot

=========================
 
Check results. If unsuccessful, you may be able to use System Restore and roll back to a previous date or just reinstall Torch. But I doubt a reinstall would restore your settings.

=========================

In your next post please provide the following:

• Results from the above step.
• AdwCleaner[S0].txt from this previous run of AdwCleaner
• FRST.txt
• Addition.txt

[leader2]

In your next post please provide the following:

• Results from the above step.
• AdwCleaner[S0].txt from this previous run of AdwCleaner
• FRST.txt
• Addition.txt

When I tried to post all these logs my browser kept crashing so I attached them for you. I think they were too large to post here.

Attached Files

•  Addition.txt   38.39KB   355 downloads
•  AdwCleanerS0.txt   22.25KB   258 downloads
•  QuarantineRestore_31032014225912.txt   981.54KB   687 downloads
•  FRST.txt   112.25KB   277 downloads