Please, I need help to remove awsomehelp

Hi.
I have on the starting page of Explorer the page of Awsome help. I’ve read that it is a virus. I’ve also cheked the Internet settings, complement administration as weel, and it seem not to be anywhere. I cleaned the laptop twicw with AVAST (the complete procedure) and it is still there.

Can anybody help me , please?

Thanks a lot

Sotavento609

Oh, it is somewhere and we will find it and remove it :wink:
http://forum.avast.com/index.php?topic=53253.0

Thanks a lot! Please, let me know what should I do.

Please attach your logs. (MBAM, OTL and aswMBR…!!)

oops, I’m afraid I’m too dumb for what you are asking. Can you please tell me how do i get them?

Sorry!!!

Just follow the instructions in the link I gave you.

I’ve searched the fórum and I’ve found the AVAST LOG FILE. Please, let me know if it is correct. Thanks

Follow the link Eddy gave you… download Malwarebytes and OTL
Then run the programs as instructed there and attach the logs…
When done a malware expert will help you

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Finally!!

Here are the LOGS. Sorry about the one before.

Here is another one

Hmm lots of adware there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX
IE:64bit: - HKLM\..\SearchScopes\{06BBC3A0-2F23-0AE0-4B06-2EEA985E383B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtC0C0AzztC0AyBtCyCtCtN0D0Tzu0CtAyBtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1669694124
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp.com/web/?type=ds&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{0A36FB49-6DE9-0DB0-F761-659FCBF70215}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtC0C0AzztC0AyBtCyCtCtN0D0Tzu0CtAyBtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1669694124
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp.com/web/?type=ds&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtC0C0AzztC0AyBtCyCtCtN0D0Tzu0CtByDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1008600343
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm019YYes&ptnrS=XPxdm019YYes&si=CPjd1rDtkrICFUfKtAodvnUAxw&ptb=87A22B8C-FF4F-4229-A480-0BB4C2E10326&psa=&ind=2012083117&st=sb&n=77edf3ad&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchsunmy.info/?l=1&q={searchTerms}&pid=1691&r=2014/01/06&hid=16964516554510067912&lg=EN&cc=ES&unqvl=45
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.searchsunmy.info/?pid=1691&r=2014/01/06&hid=16964516554510067912&lg=EN&cc=ES&unqvl=45&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - HKLM\Software\MozillaPlugins\@Allin1Convert_8h.com/Plugin: C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\NP8hStub.dll File not found
[2014/01/23 01:56:40 | 000,680,183 | ---- | M] () (No name found) -- C:\Users\Mercedes\AppData\Roaming\mozilla\firefox\profiles\gtoovjxs.default\extensions\lightningnewtab@gmail.com.xpi
[2013/07/24 12:31:41 | 000,006,507 | ---- | M] () -- C:\Users\Mercedes\AppData\Roaming\mozilla\firefox\profiles\gtoovjxs.default\searchplugins\babylon.xml
[2013/07/24 12:32:20 | 000,001,294 | ---- | M] () -- C:\Users\Mercedes\AppData\Roaming\mozilla\firefox\profiles\gtoovjxs.default\searchplugins\delta.xml
[2014/01/06 23:54:22 | 000,000,648 | ---- | M] () -- C:\Users\Mercedes\AppData\Roaming\mozilla\firefox\profiles\gtoovjxs.default\searchplugins\WebSearch.xml
[2014/01/25 17:12:07 | 000,000,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\awesomehp.xml
O2:64bit: - BHO: (GrEatsAver) - {269EDE23-D1CF-C5C5-A213-2FCF6C402683} - C:\Program Files (x86)\GrEatsAver\yYP.x64.dll File not found
O2:64bit: - BHO: (SNT) - {364E47BB-E02B-0D9B-C2A3-CD7F9290FC55} - C:\Program Files (x86)\SNT\6cNGa9T.x64.dll ()
O2:64bit: - BHO: (greatsAVeR) - {446A5D79-08A4-E261-96F2-26D6D01B5AB0} - C:\Program Files (x86)\greatsAVeR\CWmiWlh44Y.x64.dll File not found
O2:64bit: - BHO: (greeatsaver) - {4811C38D-75B0-40B3-B06A-88D5D89B1CA8} - C:\Program Files (x86)\greeatsaver\BCfDnr.x64.dll File not found
O2:64bit: - BHO: (YooUTuAdBBloocckeer) - {8939F92D-AAB7-7187-D5FF-C338CC88FB85} - C:\ProgramData\YooUTuAdBBloocckeer\3rS9dJK.x64.dll ()
O2:64bit: - BHO: (YoutubeAdblocker) - {8D69488F-D917-0EF6-21BE-25F32EE22300} - C:\Program Files (x86)\YoutubeAdblocker\yt2CDCG.x64.dll File not found
O2 - BHO: (no name) - {269EDE23-D1CF-C5C5-A213-2FCF6C402683} - No CLSID value found.
O2 - BHO: (YooUTuAdBBloocckeer) - {8939F92D-AAB7-7187-D5FF-C338CC88FB85} - C:\ProgramData\YooUTuAdBBloocckeer\3rS9dJK.dll ()
O2 - BHO: (no name) - {8D69488F-D917-0EF6-21BE-25F32EE22300} - No CLSID value found.
O2 - BHO: (no name) - {B4F1E614-6B02-2D99-DCF8-8CC61E66BDB4} - No CLSID value found.
O2 - BHO: (no name) - {BDE3BC64-7E4F-589B-B04E-CFBFEC2F7459} - No CLSID value found.
O2 - BHO: (no name) - {d9fc24df-b4ab-493a-8f33-52f6fcc536c1} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-3574130437-1841251629-3645682263-1000..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKU\S-1-5-21-3574130437-1841251629-3645682263-1000..\Run: [NextLive] C:\Users\Mercedes\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
[2014/01/30 22:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\YooUTuAdBBloocckeer
[2014/01/30 22:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\kbfbdahgnaflnjffclhoobhjfjbjhdhj
[2014/01/25 18:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\greatsAVeR
[2014/01/25 17:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2014/01/25 17:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
[2014/01/25 17:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014/01/25 16:54:08 | 000,000,000 | ---D | C] -- C:\Users\Mercedes\AppData\Roaming\Media Finder
[2014/01/25 16:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2014/02/06 11:51:13 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job
[2012/07/09 18:02:08 | 000,000,000 | -HSD | M] -- C:\Users\Mercedes\AppData\Roaming\.#
[2013/09/28 18:23:40 | 000,000,000 | ---D | M] -- C:\Users\Mercedes\AppData\Roaming\Babylon
[2014/02/06 11:55:30 | 000,000,000 | ---D | M] -- C:\Users\Mercedes\AppData\Roaming\newnext.me
@Alternate Data Stream - 4 bytes -> C:\Windows\win.ini:s1

:Files
C:\Users\Mercedes\AppData\Local\Temp\lwzmsv.exe
C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfbdahgnaflnjffclhoobhjfjbjhdhj
C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files (x86)\GrEatsAver
C:\Program Files (x86)\SNT
C:\Program Files (x86)\greeatsaver
C:\ProgramData\YooUTuAdBBloocckeer
C:\Program Files (x86)\YoutubeAdblocker
C:\Program Files (x86)\Mobogenie
C:\Program Files (x86)\Media Finder
C:\Users\Mercedes\AppData\Roaming\newnext.me

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Essex just covered what I said

(Deleted by OP)

Just a future Tip:

When you download “Free” Programs. Uncheck the boxes so your PC isn’t full of PUP files. As seen in the MBAM Log file + OTL.

Your Language: Al descargar los programas “libres”. Desactive las casillas para que su PC no está lleno de archivos PUP. Como se ve en el archivo Log + MBAM OTL.

Sorry, but it didn’t work. I’ve done everything that you’ve told me twice and when I open Internet explorer it still shows the initial page of Awsome help.

I don’t know what to do next. :cry:

Run OTL again and attach the new log please.

Hi!

Thank you for your assistance.

Here is the OTL file.

OK you look to have gained a fair bit more adware… Lets run two more programmes and then follow up with a fresh OTL scan

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

THEN

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

Hi. Thanks!!!

Here they are.

Run this OTL fix, after the reboot a log will be generated please post that

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX
IE:64bit: - HKLM\..\SearchScopes\{06BBC3A0-2F23-0AE0-4B06-2EEA985E383B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtC0C0AzztC0AyBtCyCtCtN0D0Tzu0CtAyBtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1669694124
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp.com/web/?type=ds&ts=1390666324&from=mp3&uid=HitachiXHTS545050B9A300_100211PBN40617G8NEZEX&q={searchTerms}
IE - HKLM\..\SearchScopes\{0A36FB49-6DE9-0DB0-F761-659FCBF70215}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtC0C0AzztC0AyBtCyCtCtN0D0Tzu0CtAyBtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1669694124
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtC0C0AzztC0AyBtCyCtCtN0D0Tzu0CtByDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1008600343
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm019YYes&ptnrS=XPxdm019YYes&si=CPjd1rDtkrICFUfKtAodvnUAxw&ptb=87A22B8C-FF4F-4229-A480-0BB4C2E10326&psa=&ind=2012083117&st=sb&n=77edf3ad&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchsunmy.info/?l=1&q={searchTerms}&pid=1691&r=2014/01/06&hid=16964516554510067912&lg=EN&cc=ES&unqvl=45
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.searchsunmy.info/?pid=1691&r=2014/01/06&hid=16964516554510067912&lg=EN&cc=ES&unqvl=45&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bubbledock@nosibay.com: C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\FFSurfMatch
[2014/02/06 21:15:34 | 000,000,000 | ---D | M] (GrEatsAver) -- C:\Users\Mercedes\AppData\Roaming\mozilla\Firefox\Profiles\gtoovjxs.default\extensions\c4ty6@zmoiy.co.uk
[2014/02/06 21:15:34 | 000,000,000 | ---D | M] (greatsAVeR) -- C:\Users\Mercedes\AppData\Roaming\mozilla\Firefox\Profiles\gtoovjxs.default\extensions\kkuaaeaui@sh-dol.com
[2014/02/06 21:15:35 | 000,000,000 | ---D | M] (YooUTuAdBBloocckeer) -- C:\Users\Mercedes\AppData\Roaming\mozilla\Firefox\Profiles\gtoovjxs.default\extensions\wgmb9cyt6hbp@gtdtyiiu.net
[2013/07/24 12:31:41 | 000,006,507 | ---- | M] () -- C:\Users\Mercedes\AppData\Roaming\mozilla\firefox\profiles\gtoovjxs.default\searchplugins\babylon.xml
[2013/07/24 12:32:20 | 000,001,294 | ---- | M] () -- C:\Users\Mercedes\AppData\Roaming\mozilla\firefox\profiles\gtoovjxs.default\searchplugins\delta.xml
[2014/01/06 23:54:22 | 000,000,648 | ---- | M] () -- C:\Users\Mercedes\AppData\Roaming\mozilla\firefox\profiles\gtoovjxs.default\searchplugins\WebSearch.xml
O2:64bit: - BHO: (greatsAVeR) - {446A5D79-08A4-E261-96F2-26D6D01B5AB0} - C:\Program Files (x86)\greatsAVeR\CWmiWlh44Y.x64.dll File not found
O2:64bit: - BHO: (greeatsaver) - {4811C38D-75B0-40B3-B06A-88D5D89B1CA8} - C:\Program Files (x86)\greeatsaver\BCfDnr.x64.dll File not found
O2:64bit: - BHO: (YooUTuAdBBloocckeer) - {8939F92D-AAB7-7187-D5FF-C338CC88FB85} - C:\ProgramData\YooUTuAdBBloocckeer\3rS9dJK.x64.dll File not found
O2:64bit: - BHO: (YoutubeAdblocker) - {8D69488F-D917-0EF6-21BE-25F32EE22300} - C:\Program Files (x86)\YoutubeAdblocker\yt2CDCG.x64.dll File not found
O2 - BHO: (no name) - {269EDE23-D1CF-C5C5-A213-2FCF6C402683} - No CLSID value found.
O2 - BHO: (no name) - {8D69488F-D917-0EF6-21BE-25F32EE22300} - No CLSID value found.
O2 - BHO: (no name) - {B4F1E614-6B02-2D99-DCF8-8CC61E66BDB4} - No CLSID value found.
O2 - BHO: (no name) - {BDE3BC64-7E4F-589B-B04E-CFBFEC2F7459} - No CLSID value found.
O2 - BHO: (no name) - {d9fc24df-b4ab-493a-8f33-52f6fcc536c1} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-3574130437-1841251629-3645682263-1000..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
[2014/01/30 22:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\YooUTuAdBBloocckeer
[2014/01/30 22:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\kbfbdahgnaflnjffclhoobhjfjbjhdhj
[2014/01/25 17:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2014/01/25 17:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014/01/25 17:10:38 | 000,000,000 | ---D | C] -- C:\Users\Mercedes\AppData\Local\Oxy
[2014/01/25 16:54:08 | 000,000,000 | ---D | C] -- C:\Users\Mercedes\AppData\Roaming\Media Finder
[2014/01/25 16:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2014/01/06 23:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/01/06 23:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftWarehouse
[2014/01/06 23:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/01/06 23:51:12 | 000,000,000 | ---D | C] -- C:\Users\Mercedes\AppData\Local\Packages
[2014/01/06 23:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\greeatsaver
[2014/01/06 23:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\8013dadc8b409d61
[2014/01/02 11:23:42 | 000,000,000 | ---D | C] -- C:\Users\Mercedes\AppData\Local\cache
[2014/01/02 11:23:40 | 000,000,000 | ---D | C] -- C:\Users\Mercedes\AppData\Local\genienext
[2014/01/02 11:23:39 | 000,000,000 | ---D | C] -- C:\Users\Mercedes\AppData\Local\Mobogenie
[2014/01/02 11:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/22 22:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013/12/22 22:49:55 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Video Search.lnk
[2013/12/22 22:49:53 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2013/12/06 13:27:55 | 000,004,919 | ---- | C] () -- C:\ProgramData\rznaopga.sea
@Alternate Data Stream - 4 bytes -> C:\Windows\win.ini:s1

:Files
C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfbdahgnaflnjffclhoobhjfjbjhdhj

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

:frowning: aggggg. I hate it!!! I’m getting desperate!!! it’s still there when I open Explorer.

I’m attaching the OTL log as per your indications.

Tahnks a lot