Solved Malwarebytes scare

[circusboy01]

I ran Malwarebytes last night, and it found 950 things. the majority were pup.options.ac..s.., and came from Smartbar.
Smartbar ended up on my computer after I downloaded VLC. I always download custom, instead of express, and I uncheck, or click decline on everything I don't want. I remember on Smartbar I clicked decline.. But I got it anyway. I never even used it. I clicked on the icon it put onmy desktop, to see what it was. Immediately deleted it, and uninstalled it using programs and features. But, it still put 950 pups. on my computer. Whih really pisses me off
I fixed all 950 problems, ran Malwarebytes again, and it came out clean.
Just how serious a problem are pups. and smartbar?

 

[Broni]

I'd call them annoyances but if you wish we can run some extra scans.
Since you've been to this forum before you know what to do.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[circusboy01]

I don't think I need a scan. Malwaerebytes seems to have gotten rid of all the pups.
But you can do me a favor, if you will. I noticed, today, that a couple of other things sneaked onto my computer along with Smartbar. Snapdo and searchnu. I got rid of Snapdo using Programs and features, but I can't get rid of Searchnu. It's not in Programs and Features, Revo, Program files or Program files 86. I looked up Searchnu uninstalls. There was a bunch of them.Each one more complicated than the other..
I was hoping you might have an easier way to get rid of it, or maybe you could tell what uninstall program to use.
Oh yeah. Almost forgot. It's Google that Searchnu showed up on Thanks.

 

[Broni]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[circusboy01]

# AdwCleaner v3.012 - Report created 12/11/2013 at 01:39:17
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Raymond - COMPZILLA
# Running from : C:\Users\Raymond\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Raymond\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Raymond\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\pz41uprn.default\GamingWonderland
File Deleted : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\pz41uprn.default\searchplugins\ask-web-search.xml
File Deleted : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\pz41uprn.default\user.js
File Deleted : C:\windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\windows\Tasks\UpdaterEX.job
File Deleted : C:\windows\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_desktop-calendar-reminder_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_desktop-calendar-reminder_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_desktop-calendar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_desktop-calendar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rainlendar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rainlendar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\V9
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\pz41uprn.default\prefs.js ]

Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=05F86F4E-9BB2-474B-AD6B-7EC22D990941&n=77fda2e9&ind=2013111017&p2=^Z7^xdm298^YYA^us&si=solitaireshark-2-1&searchfor=")[...]

*************************

AdwCleaner[R0].txt - [4419 octets] - [12/11/2013 01:27:41]
AdwCleaner[R1].txt - [4482 octets] - [12/11/2013 01:38:38]
AdwCleaner[S0].txt - [4447 octets] - [12/11/2013 01:39:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4507 octets] ##########

 

[circusboy01]

As far as JRT goes. I don't know how to shut down any of my protection except Avast..

 

[Broni]

Avast is the only thing you need to shut down.

 

[circusboy01]

I don't know how to read the adwCleaner log, but nothing terrible stood out to me. So I'm guessing it came out okay. Right?
I don't remember the name of the search engine, toolbar, or what ever it was that took over my GC, but I know it's gone. Thanks Broni
Should I run adwCleaner and JRT every so often as a preventative measurement?

 

[circusboy01]

Hey Broni; Me again. That thing that I couldn't remember the name of, isn't gone after all. It's Searchnu. I am just going to uninstall GC. Hopefully that will be the end of Searchnu.. I really don't need GC anyway. I can do a Google search from FF if I want. Also Yahoo,Bing and 2 or 3 others..
Thanks again for help given.

 

[Broni]

You're very welcome