Can't remove files found with Adwcleaner

No, everything seemed to be working fine…both before and after i came here. I was concerned because i couldn’t understand why Adwcleaner couldn’t remove those two files.

You never did post that adware cleaner log…

That’s because nothing showed up in the quarantine and the only part of the 2 files i could see, which it wouldn’t remove are what i posted in my first post here.

That is a sort of a canned speech that I post to most people I help. Your machine did not have many startups, but it did have an excess of scheduled task which could have been reduced. It is just not good to have a bunch of programs running with your machine. The idea is just to get people to reduce that without me having to specify for each person that I help.

Can you post a screen shot of the issue, can you re-run Adware cleaner now?

Also, may as well run another well known adware cleaner while I have you here, after this tool run adware cleaner again and see what happens.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

1. Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

Yep, i hear ya. That’s why as a rule i do try to check using that CCleaner via the start up button to make sure everything’s disabled. (obviously not the cleaner, now that you suggested it be set to start up). Not sure if there’s any other way of seeing what is running in the background, because everything is set to ‘NO’ (apart from cleaner) in that start up list.

Just to be on safe side, do you have a link to the ADWcleaner, so i know that the one i had wasn’t from a site that’s not legit, please? Edited to add: I got mine from Toolslib.

You should be good on startups, but you have a few scheduled task…

Task: {0C800385-CD05-4F3C-91F8-F8714D902856} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {0CB46949-A6C9-44DC-9B86-B5E9C812F9B3} - System32\Tasks\Opera scheduled Autoupdate 1446941295 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
Task: {29787115-9B98-4A04-A2A1-98DC83AA6D6E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {332FE905-8211-4EDA-A518-84D5654FDB5F} - System32\Tasks{4275DC9F-8821-4EA2-B491-E34DA2322090} => pcalua.exe -a E:\autorun.exe -d E:\ -c /S
Task: {3B6389CD-BC34-4796-AB16-04F57B736A31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {4058C680-5C08-486A-B739-708F26D80A97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {51AEDA00-C97F-41E1-A611-A75CB4BF93AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {556C3738-CA3D-4A2E-A261-4567F8AFFA7A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {58EBE241-1100-4420-AD98-B5EC2AF15895} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {5E066C49-C81F-43BF-887E-562B05FCCAE2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-31] (Dropbox, Inc.)
Task: {626189F3-B4D1-4FC6-A4FE-C287EAB280C4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4037697432-19161552-2693402626-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {76D9810C-2919-4010-95B8-EBCC5E8AD787} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {7CF154E4-E9A2-4D1B-8919-61444F00AE97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [2014-03-21] (Hewlett-Packard)
Task: {94B187FD-EBB9-4895-A7AF-147E0780158A} - System32\Tasks\RealDownloaderRealUpgradeScheduledT askS-1-5-21-4037697432-19161552-2693402626-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BB786937-6027-4A95-A50B-0DEA113190D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-31] (Dropbox, Inc.)
Task: {C5B4884D-5083-4BC6-84EC-F078DE4C76A4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {CBF681EF-D882-40F2-8086-39EA152C0562} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {D3ACFF49-9F3D-4D57-A765-0450B0C52526} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D912CC0F-0251-4D89-9DD5-3FC7F18FBC59} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {F9D8DE98-2B77-4A88-B9C8-1998A62B170C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FCFAB25D-AE3E-43DF-A9C1-9402BD19DC81} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_ 0_0_207_pepper.exe [2016-11-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_ 0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4037697432-19161552-2693402626-1001Core1d143f2e5c093c2.job => C:\Users\ONY\AppData\Local\Dropbox\Update\DropboxU pdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Toolslib Link.

Many thanks. I will run that and then try to post a log if i get the option, if not i will screenshot the results.

Yep, after ZHP Cleaner…

Well the Adwcleaner just came up with no infected items which is great. Shall i still use the ZHP Cleaner just to make sure?

Yep, go ahead and run that along with Security Check program so we can check your machine for outdated software as well.

Will do that now, thank you.

ZHP Cleaner log results and attaching screenshot. Will now do the other Security check one:

~ ZHPCleaner v2016.11.27.205 by Nicolas Coolman (2016/11/27)
~ Run by ONY (Administrator) (28/11/2016 16:07:58)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\ONY\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\ONY\AppData\Roaming\ZHP\ZHPCleaner_Quaran tine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit (Build 9600)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (1)
REPLACED Google Chrome Preferences: " https://api.ciuvo.com/ " =>PUP.Optional.PriceSparrow

—\ Hosts file (1)
~ The hosts file is legitimate (21)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (38)
MOVED file: C:\Users\ONY\AppData\Roaming\Mozilla\Firefox\Profi les\a08wt622.default-1472855301786\Extensions\clipconverter@clipconverter.cc.xpi =>.Superfluous.MindSpark
MOVED file: C:\Windows\Installer\wix{89AFB053-A343-46EF-97E4-D593AD7184E6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{C4123106-B685-48E6-B9BD-E4F911841EB4}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\System32\config\systemprofile\AppData\L ocal\CrashRpt =>.Superfluous.CrashReports
MOVED folder: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\L ocal\CrashRpt =>.Superfluous.CrashReports
MOVED folder: C:\WINDOWS\Installer\MSI113D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI195C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI1EB4.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI1FDE.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI216B.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI2303.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI2C33.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI3869.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI45E7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4A92.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4C31.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4E4C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI526C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI57A3.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5C60.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5F6E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI64F3.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI6765.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI68B6.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI69FF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI6CCF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI6FCE.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI727E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7483.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI77DF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI787.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7B3D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI959D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI9AAF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI9BD9.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIA5BF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIA93A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIB1A7.tmp- =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (5)
DELETED key*: HKEY_USERS\S-1-5-21-4037697432-19161552-2693402626-1001\SOFTWARE\bitlord.com =>PUP.Optional.WhenUSave
DELETED key*: HKEY_USERS\S-1-5-21-4037697432-19161552-2693402626-1001\SOFTWARE\Classes\Magnet [BitLord magnet URI] =>PUP.Optional.WhenUSave
DELETED key: HKCU\Software\bitlord.com =>PUP.Optional.WhenUSave
DELETED key*: [X64] HKLM\SOFTWARE\Classes\BitLord [BitLord] =>PUP.Optional.WhenUSave
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect

—\ Summary of the elements found (6)
https://www.nicolascoolman.com/fr/pup-pricesparrow/ =>PUP.Optional.PriceSparrow
Redirecting... =>.Superfluous.MindSpark
Blog - Nicolas Coolman =>.Superfluous.Empty
Blog - Nicolas Coolman =>.Superfluous.CrashReports
https://www.nicolascoolman.com/fr/adware-whenusave/ =>PUP.Optional.WhenUSave
Redirecting... =>Heuristic.Suspect

—\ Other deletions. (11)
~ Registry Keys Tracing deleted (11)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)

—\ Statistics
~ Items scanned : 3278
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 44

~ End of clean in 00h00mn09s
~====================
ZHPCleaner-[R]-28112016-16_08_07.txt
ZHPCleaner--28112016-16_07_30.txt
[MEDIA=imgur]a/Mmnln[/MEDIA]