MJnDenver Posted September 5, 2013 ID:725371 Share Posted September 5, 2013 Malwarebytes has found the Trojan.zaccess in my registry and can't get rid of it. I've run it a few times with the same result. After reading your "Hello and welcome" instructions I was unable to download the dds.scr as advised on my machine, so I used a flash drive to download and then installed it that way. This trouble started a few weeks ago when my computer was renamed to helperin or something like that. I disabled remote access (which I had disabled before but it was back on) renamed my computer, ran virus scans with McAfee and Malwarebytes and all seemed OK. Then the computer started running very slowly and my firewall won't stay on. Windows update did nothing, and I am not able to turn windows security on, and my McAffee won't work either. Here is the copy of the dds.txt:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Kayla at 21:46:48 on 2013-09-04Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6044.4220 [GMT -6:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Program Files\Dell\DW WLAN Card\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files\Conexant\SA3\CxUtilSvc.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEc:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Sendori\sndappv2.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Sendori\SendoriSvc.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Sendori\Sendori.Service.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Sendori\SendoriUp.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files\Elantech\ETDCtrl.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell\DW WLAN Card\WLTRAY.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Conexant\SA3\SmartAudio3.exeC:\Program Files (x86)\Dell\Stage Remote\StageRemote.exeC:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exeC:\Users\Kayla\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exeC:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\Program Files\Elantech\ETDGesture.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exeC:\Program Files (x86)\Sendori\SendoriTray.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exeC:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\McAfee\MAT\McPvTray.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exeC:\Program Files (x86)\Nero\SyncUP\SyncUP.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exeC:\Program Files\Common Files\McAfee\Core\mchost.exeC:\Program Files\Common Files\McAfee\Core\mchost.exeC:\Windows\system32\taskeng.exec:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exeC:\Program Files\Common Files\McAfee\Core\mchost.exeC:\Windows\System32\WUDFHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dllmURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dllmWinlogon: Userinit = userinit.exe,BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO: Search-Results Toolbar: {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dllTB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dllTB: Search-Results Toolbar: {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllEB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [skyDrive] "C:\Users\Kayla\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgroundmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCEmRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllLSP: C:\Windows\System32\Sendori.dllTCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9} : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9}\14E64786F6E697370596A7A716 : DHCPNameServer = 192.168.0.1 205.171.3.25TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9}\2456374724579734F6E6E6563647D26427565675966696 : DHCPNameServer = 168.94.0.14 168.94.0.15TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9}\B41697C616 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9}\D444026202D6A6 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{7ABB81E0-B782-4F7F-82EB-886C4FDBAB9C} : DHCPNameServer = 192.168.1.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dllHandler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dllSSODL: WebCheck - <orphaned>LSA: Notification Packages = scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dllx64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: {9D717F81-9148-4f12-8568-69135F087DB0} - <orphaned>x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLLx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /sx64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exex64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quietx64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dllx64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-6 16152]R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2012-11-21 73096]R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771536]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 340216]R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-5-6 109184]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-6 13592]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304]R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-11-21 241456]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-11-21 218760]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-21 182752]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-7-28 1900728]R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-5-6 1695040]R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-6 363800]R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-5-6 21568]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-5-6 176096]R3 ETD;Dell Touchpad;C:\Windows\System32\drivers\ETD.sys [2012-5-6 202024]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-6 331264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-6 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-6 787736]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-21 309840]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-21 515968]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-5-6 313448]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-6 646248]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-5-6 134696]S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-5-6 615976]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-5-6 39976]S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-21 70112]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-21 196440]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-11-21 106552]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-29 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-09-04 19:00:33 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-09-04 19:00:32 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-09-04 19:00:32 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-09-04 19:00:32 243712 ----a-w- C:\Windows\System32\wow64.dll2013-09-04 19:00:32 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-09-04 19:00:32 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-09-04 19:00:31 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-09-04 19:00:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-09-04 19:00:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-09-04 19:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-09-04 19:00:28 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-29 03:01:40 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B47D70B-5056-44F5-B1B1-1E7E925F6D58}\mpengine.dll2013-08-18 21:59:21 -------- d-----w- C:\Program Files (x86)\File Type Helper2013-08-17 20:10:37 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-08-17 20:10:37 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-08-17 20:10:37 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-08-17 20:10:37 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-08-17 20:10:37 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-08-17 20:10:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-08-17 20:10:36 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-08-17 20:10:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-08-17 19:09:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-08-17 19:09:31 2048 ----a-w- C:\Windows\System32\tzres.dll2013-08-17 18:45:17 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-08-17 18:43:56 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-08-17 18:43:56 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-08-17 18:43:50 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys2013-08-17 18:37:45 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-08-17 18:37:45 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL.==================== Find3M ====================.2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-07-18 03:20:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-18 03:20:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-09 22:53:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-09 22:53:09 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-09 22:53:09 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll.============= FINISH: 21:47:22.55 =============== and here is the attach.txt: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 7/24/2012 12:07:20 PMSystem Uptime: 9/4/2013 9:20:14 PM (0 hours ago).Motherboard: Dell Inc. | | 04G65KProcessor: Intel® Core i3-2370M CPU @ 2.40GHz | U3E1 | 2184/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 685 GiB total, 633.626 GiB free.D: is CDROM ()E: is Removable.==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: Dell Wireless 1704 Bluetooth v4.0+HSDevice ID: USB\VID_0A5C&PID_21D7\C01885BA8AA8Manufacturer: BroadcomName: Dell Wireless 1704 Bluetooth v4.0+HSPNP Device ID: USB\VID_0A5C&PID_21D7\C01885BA8AA8Service: BTHUSB.==== System Restore Points ===================.RP118: 8/24/2013 9:45:16 PM - Windows UpdateRP119: 8/28/2013 9:00:59 PM - Windows UpdateRP120: 9/4/2013 10:13:52 AM - Windows UpdateRP121: 9/4/2013 1:00:41 PM - Windows UpdateRP122: 9/4/2013 7:16:27 PM - Windows Update.==== Installed Programs ======================.ABBYY FineReader 6.0 SprintAccidental Damage Services AgreementAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7) MUIAdvanced Audio FX EngineBanctec Service AgreementBe a King: Golden EmpireBejeweled 2 DeluxeBlackhawk Striker 2BlioBounce SymphonyBuild-a-lot 2Cake ManiaCanon Easy-PhotoPrint EXCanon Easy-WebPrint EXCanon IJ Network Scanner Selector EXCanon IJ Network ToolCanon Inkjet Printer/Scanner/Fax Extended Survey ProgramCanon MP Navigator EX 5.1Canon MX430 series MP DriversCanon MX430 series On-screen ManualCanon MX430 series User RegistrationCanon My PrinterCanon Solution Menu EXCanon Speed Dial UtilityCCleanerChuzzle DeluxeCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCleanUp!Complete Care Business Service AgreementConexant SmartAudio HDConsumer In-Home Service AgreementCoziD3DX10Dell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell Edoc ViewerDell Getting Started GuideDell Home Systems Service AgreementDell MusicStageDell PhotoStageDell StageDell Stage RemoteDell TouchpadDell VideoStageDell Webcam CentralDiner Dash 2 Restaurant RescueDora's World AdventureDW WLAN Card UtilityeBayEscape Whisper Valley Farm FrenzyFATEFinal Drive FuryFinal Drive NitroFree YouTube to MP3 Converter version 3.12.8.717Ghost WhispererGoogle Toolbar for Internet ExplorerGoogle Update HelperIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® USB 3.0 eXtensible Host Controller DriverIntel® Trusted Connect Service ClientJava 7 Update 25Java Auto UpdaterJavaFX 2.1.1Jewel QuestJewel Quest Solitaire 2Junk Mail filter updateLuxorMalwarebytes Anti-Malware version 1.75.0.1300McAfee Security Scan PlusMcAfee Total ProtectionMesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office Home and Student 2013 - en-usMicrosoft PowerPoint ViewerMicrosoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)My DellNamco All-Stars PAC-MANNero 10 Movie ThemePack BasicNero Blu-ray PlayerNero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero UpdateOffice 15 Click-to-Run Extensibility ComponentOffice 15 Click-to-Run Licensing ComponentOffice 15 Click-to-Run Localization ComponentPenguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPremium Service AgreementQualxServ Service AgreementQuickset64QuickShareRealtek USB 2.0 Card ReaderRiverpoint WriterSamantha SwiftSearch-Results ToolbarSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)SendoriShared C Run-time for x64Skype™ 5.10Strongvault Online BackupSyncUPUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update Installer for WildTangent Games AppVirtual Villagers 4 - The Tree of LifeWedding Dash - Ready, Aim, Love!WIDCOMM Bluetooth SoftwareWildTangent GamesWildTangent Games App (Dell Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWiseConvert ToolbarWord SlingerZenerchiZinio Reader 4Zuma Deluxe.==== Event Viewer Messages From Past Week ========.9/4/2013 9:23:44 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.9/4/2013 9:21:15 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248919/4/2013 9:21:15 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21470248919/4/2013 9:20:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.9/4/2013 9:20:35 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.9/4/2013 7:31:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2709981).9/4/2013 7:31:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687).9/4/2013 5:02:57 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/4/2013 3:02:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.9/4/2013 10:00:56 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user KAYLA\Kayla SID (S-1-5-21-429525433-3070943714-375184730-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.9/4/2013 10:00:56 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user KAYLA\Kayla SID (S-1-5-21-429525433-3070943714-375184730-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.9/2/2013 1:54:48 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.8/29/2013 1:46:57 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the path specified..==== End Of File =========================== I am not home to work on this before 6pm MDT, but I appreciate anything you guys can do for me!! Thanks a bunch, and let me know next steps, OK? Please? I really need this machine to work for school!! Thank you! Link to post Share on other sites More sharing options...
Psychotic Posted September 5, 2013 ID:725385 Share Posted September 5, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with Malwarebytes Anti-RootkitPlease download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.Double click the mbar.zip file to open it, then 'Extract all files'. Double click the mbar folder to open it, then double click mbar.exe to start the tool.Check for Updates, then Scan your system for malwareIf malware is found, do NOT press the Cleanup button yet. Click EXIT.I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply. Link to post Share on other sites More sharing options...
MJnDenver Posted September 6, 2013 Author ID:725832 Share Posted September 6, 2013 Hello Marius,Thank you for helping me with this. I have downloaded the MBAR and run it as requested. It found 9 malicious objects, but as instructed I did NOT perform the clean up action. Here is the log from the MBAR scan. Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.orgDatabase version: v2013.09.05.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Kayla :: KAYLA [administrator]9/5/2013 6:42:25 PMmbar-log-2013-09-05 (18-42-25).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 236590Time elapsed: 9 minute(s), 59 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\etadpug (Trojan.Zaccess) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 7c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ (Trojan.0Access) -> No action taken.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \... (Trojan.0Access) -> No action taken.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛ (Trojan.0Access) -> No action taken.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa} (Trojan.0Access) -> No action taken.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\l (Trojan.0Access) -> No action taken.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\u (Trojan.0Access) -> No action taken.C:\Program Files (x86)\Google\Desktop\Install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa} (Trojan.0Access) -> No action taken.Files Detected: 1c:\Program Files (x86)\Google\Desktop\Install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\@ (Trojan.0Access) -> No action taken.Physical Sectors Detected: 0(No malicious items detected)(end) Thank you again for your help.Marcia Link to post Share on other sites More sharing options...
Psychotic Posted September 6, 2013 ID:725911 Share Posted September 6, 2013 Fix with Malwarebytes Anti-RootkitRun another scan with mbar.exe and click the CleanUp button. It will require a reboot.When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.Send the mbar-log.txt along with an update on machine behavior. Scan with Farbar´s Service ScannerPlease download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply. Link to post Share on other sites More sharing options...
MJnDenver Posted September 7, 2013 Author ID:726433 Share Posted September 7, 2013 Hello Marius,It looks like we have progress! I ran the MBAR with cleanup - after reboot, here is the log from the first run: Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.orgDatabase version: v2013.09.06.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Kayla :: KAYLA [administrator]9/6/2013 8:37:54 PMmbar-log-2013-09-06 (20-37-54).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 236390Time elapsed: 7 minute(s), 38 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\etadpug (Trojan.Zaccess) -> Delete on reboot.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 7c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ (Trojan.0Access) -> Delete on reboot.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \... (Trojan.0Access) -> Delete on reboot.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛ (Trojan.0Access) -> Delete on reboot.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa} (Trojan.0Access) -> Delete on reboot.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\l (Trojan.0Access) -> Delete on reboot.c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\u (Trojan.0Access) -> Delete on reboot.C:\Program Files (x86)\Google\Desktop\Install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa} (Trojan.0Access) -> Delete on reboot.Files Detected: 1c:\Program Files (x86)\Google\Desktop\Install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\@ (Trojan.0Access) -> Delete on reboot.Physical Sectors Detected: 0(No malicious items detected)(end) then as instructed I ran it again. Here is the log from that: Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.orgDatabase version: v2013.09.07.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Kayla :: KAYLA [administrator]9/6/2013 9:02:49 PMmbar-log-2013-09-06 (21-02-49).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 236147Time elapsed: 13 minute(s), 21 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) Nothing in the second scan. Then I ran the FSS tool, here is the log from that: Farbar Service Scanner Version: 05-09-2013Ran by Kayla (administrator) on 06-09-2013 at 21:20:26Running from "E:\"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============Other Services:==============Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** for good measure, after all of this, I ran MBAM and it said no malicious objects. I have a question though - I allowed MBAR to create a system restore point. Should I go in and delete all the previous restore points to fully remove the infection? Please let me know next steps before I tell my daughter that her machine is all better! Thanks so much! Link to post Share on other sites More sharing options...
Psychotic Posted September 9, 2013 ID:727409 Share Posted September 9, 2013 Run fixdamage.exeNavigate to the directory where you extracted mbar to.Open the plugins folder and run fixdamge.exe by doubleclick.Reboot and post up a new fss log. Link to post Share on other sites More sharing options...
MJnDenver Posted September 10, 2013 Author ID:727718 Share Posted September 10, 2013 Hello Marius,The first piece of good news is that the windows firewall is working again - when I first turned on the machine it blocked something - I'm sorry I can't remember what it said and my screen shot didn't work. I did NOT allow access though because it was a weird name. After I ran the fix damage thing, and rebooted, I ran FSS again, with all options checked. Here is the log from that:Farbar Service Scanner Version: 05-09-2013Ran by Kayla (administrator) on 09-09-2013 at 18:18:56Running from "E:\"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============Other Services:==============Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\ipnathlp.dll => MD5 is legitC:\Windows\System32\iphlpsvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Psychotic Posted September 10, 2013 ID:727801 Share Posted September 10, 2013 Download the attached fix.zip and extract it to your desktop.Run PolicyAgent.reg by double click and confirm the messages to merge the information into your registry. When finished, do the same with RemoteAccess.reg. Reboot and post up a new FSS log again.fix.zip Link to post Share on other sites More sharing options...
MJnDenver Posted September 11, 2013 Author ID:728097 Share Posted September 11, 2013 Hello Marius,I am not able to run either of these programs from the zip provided. I tried to extract the files on my flash drive and got the error"Windows could not complete the extraction: The destination file could not be created" I should mention that this happened on the UNinfected machine first (that's where I download the files that you send), and then on the infected machine also. Is there another place I can get these programs? Link to post Share on other sites More sharing options...
Psychotic Posted September 11, 2013 ID:728218 Share Posted September 11, 2013 I repacked the zip, please retry.fix.zip Link to post Share on other sites More sharing options...
MJnDenver Posted September 12, 2013 Author ID:728700 Share Posted September 12, 2013 Hello Marius,The repackaged programs worked well - thank you. I ran them both - in the order you specified, then ran FSS again.Here is the log: Farbar Service Scanner Version: 05-09-2013Ran by Kayla (administrator) on 11-09-2013 at 19:23:44Running from "C:\Users\Kayla\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============Other Services:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Psychotic Posted September 12, 2013 ID:728747 Share Posted September 12, 2013 Yeah, that looks great! Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
MJnDenver Posted September 13, 2013 Author ID:729172 Share Posted September 13, 2013 Hello Marius,This scan was not as promising. Threats were found. Here is the log: C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll Win32/Toolbar.MyWebSearch applicationC:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll Win32/Toolbar.MyWebSearch.Q applicationC:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll Win32/Toolbar.MyWebSearch applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (1).exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (2).exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (3).exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (4).exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\www.mizzhitzthaproducerbeats.com_-_Lost_My_Way_FREE.mp3 (1).exe Win32/InstallMate applicationC:\Users\Kayla\Downloads\www.mizzhitzthaproducerbeats.com_-_Lost_My_Way_FREE.mp3.exe Win32/InstallMate applicationC:\Windows\Installer\cac4cc.msi a variant of Win32/Toolbar.Linkury.A application Link to post Share on other sites More sharing options...
Psychotic Posted September 13, 2013 ID:729250 Share Posted September 13, 2013 No malware here! C:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (1).exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (2).exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (3).exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (4).exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy applicationC:\Users\Kayla\Downloads\www.mizzhitzthaproducerbeats.com_-_Lost_My_Way_FREE.mp3 (1).exe Win32/InstallMate applicationC:\Users\Kayla\Downloads\www.mizzhitzthaproducerbeats.com_-_Lost_My_Way_FREE.mp3.exe Win32/InstallMate applicationC:\Windows\Installer\cac4cc.msi a variant of Win32/Toolbar.Linkury.A application These files aren´t malware but contain security risks. I would delete them immediately - your choice. C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A applicationThese files are legit. The rest will be taken out soon. Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe. Hit delete. When the run is finished, it will open up a text file. Please post its contents within your next reply. You´ll find the log file at C:\AdwCleaner[s1].txt also.SecurityCheckPlease download SecurityCheck: LINK1 LINK2 Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
MJnDenver Posted September 14, 2013 Author ID:729680 Share Posted September 14, 2013 Hello Marius,Here is the log from adwcleaner (I deleted the files you said were security risks first).... # AdwCleaner v3.003 - Report created 13/09/2013 at 18:03:25# Updated 07/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Kayla - KAYLA# Running from : C:\Users\Kayla\Desktop\mbar\adwcleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : C:\ENDFolder Found C:\Program Files (x86)\ConduitFolder Found C:\Program Files (x86)\File Type HelperFolder Found C:\Program Files (x86)\IlividFolder Found C:\Program Files (x86)\TotalRecipeSearch_14EIFolder Found C:\Program Files (x86)\WiseConvertFolder Found C:\ProgramData\PremiumFolder Found C:\Users\Kayla\AppData\Local\ConduitFolder Found C:\Users\Kayla\AppData\Local\Ilivid PlayerFolder Found C:\Users\Kayla\AppData\Local\PackageAwareFolder Found C:\Users\Kayla\AppData\LocalLow\ConduitFolder Found C:\Users\Kayla\AppData\LocalLow\Fast Free ConverterFolder Found C:\Users\Kayla\AppData\LocalLow\PriceGongFolder Found C:\Users\Kayla\AppData\LocalLow\SearchqutoolbarFolder Found C:\Users\Kayla\AppData\LocalLow\searchresultstbFolder Found C:\Users\Kayla\AppData\LocalLow\SmartbarFolder Found C:\Users\Kayla\AppData\LocalLow\WiseConvert***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\APN DTXKey Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\WiseConvertKey Found : HKCU\Software\AppDataLow\ToolbarKey Found : HKCU\Software\ilividKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKCU\Software\SmartBarKey Found : HKCU\Software\SmartbarBackupKey Found : HKCU\Software\SmartbarLogKey Found : [x64] HKCU\Software\APN DTXKey Found : [x64] HKCU\Software\ilividKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : [x64] HKCU\Software\SmartBarKey Found : [x64] HKCU\Software\SmartbarBackupKey Found : [x64] HKCU\Software\SmartbarLogKey Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dllKey Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dllKey Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exeKey Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}Key Found : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttributeKey Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanelKey Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarKey Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObjectKey Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayStateKey Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuFormKey Found : HKLM\SOFTWARE\Classes\ilividKey Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}Key Found : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.StartKey Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\Fast Free ConverterKey Found : HKLM\Software\ilividKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54BE6CD7-0BCA-42FD-9A3E-B1E06318A3DB}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0592BF5-C3EE-4A82-8A3B-EA0598F192BA}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81BFDC6A-7574-424C-AA2E-0A19FE2B1A3F}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results ToolbarKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert ToolbarKey Found : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/PluginKey Found : HKLM\Software\SearchquMediabarTbKey Found : HKLM\Software\TotalRecipeSearch_14EIKey Found : HKLM\Software\WiseConvertKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}Key Found : [x64] HKLM\SOFTWARE\DataMngrKey Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16660*************************AdwCleaner[R0].txt - [9186 octets] - [13/09/2013 18:03:25]########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9246 octets] ########## Link to post Share on other sites More sharing options...
MJnDenver Posted September 14, 2013 Author ID:729697 Share Posted September 14, 2013 OK - Ignore my previous post please- I realized that there wasn't a delete button - but rather a "clean" button...here is the log after letting adwcleaner actually do it's job! # AdwCleaner v3.003 - Report created 13/09/2013 at 18:05:57# Updated 07/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Kayla - KAYLA# Running from : C:\Users\Kayla\Desktop\mbar\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\PremiumFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\File Type HelperFolder Deleted : C:\Program Files (x86)\IlividFolder Deleted : C:\Program Files (x86)\TotalRecipeSearch_14EIFolder Deleted : C:\Program Files (x86)\WiseConvertFolder Deleted : C:\Users\Kayla\AppData\Local\ConduitFolder Deleted : C:\Users\Kayla\AppData\Local\Ilivid PlayerFolder Deleted : C:\Users\Kayla\AppData\Local\PackageAwareFolder Deleted : C:\Users\Kayla\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Kayla\AppData\LocalLow\Fast Free ConverterFolder Deleted : C:\Users\Kayla\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Kayla\AppData\LocalLow\SearchqutoolbarFolder Deleted : C:\Users\Kayla\AppData\LocalLow\searchresultstbFolder Deleted : C:\Users\Kayla\AppData\LocalLow\SmartbarFolder Deleted : C:\Users\Kayla\AppData\LocalLow\WiseConvertFile Deleted : C:\END***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dllKey Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dllKey Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exeKey Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttributeKey Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanelKey Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarKey Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObjectKey Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayStateKey Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuFormKey Deleted : HKLM\SOFTWARE\Classes\ilividKey Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.StartKey Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/PluginKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0592BF5-C3EE-4A82-8A3B-EA0598F192BA}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54BE6CD7-0BCA-42FD-9A3E-B1E06318A3DB}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKCU\Software\APN DTXKey Deleted : HKCU\Software\ilividKey Deleted : HKCU\Software\SmartBarKey Deleted : HKCU\Software\SmartbarBackupKey Deleted : HKCU\Software\SmartbarLogKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\Software\WiseConvertKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Fast Free ConverterKey Deleted : HKLM\Software\ilividKey Deleted : HKLM\Software\SearchquMediabarTbKey Deleted : HKLM\Software\TotalRecipeSearch_14EIKey Deleted : HKLM\Software\WiseConvertKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81BFDC6A-7574-424C-AA2E-0A19FE2B1A3F}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results ToolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert ToolbarKey Deleted : [x64] HKLM\SOFTWARE\DataMngr***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16660*************************AdwCleaner[R0].txt - [9398 octets] - [13/09/2013 18:03:25]AdwCleaner[s0].txt - [9198 octets] - [13/09/2013 18:05:57]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9258 octets] ########## Link to post Share on other sites More sharing options...
MJnDenver Posted September 14, 2013 Author ID:729698 Share Posted September 14, 2013 Here is the log from the security check. Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 25 Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3%````````````````````End of Log`````````````````````` my question with this is that she has McAfee on the machine - won't windows firewall and McAfee fight each other? Thanks for all of your help! Link to post Share on other sites More sharing options...
Psychotic Posted September 15, 2013 ID:730173 Share Posted September 15, 2013 They won´t fight each other because McAfee turns off the windows firewall during installation if its own firewall component is also installed. Then your computer is all clean now! Adobe Reader out of dateYour Adobe Reader is outdated. We will fix this.Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered. Run setup and follow the instructions. Click upon Start-->control panel-->add/remove programs. Search for and remove any older reader versions. Uninstall our tools using delfixPlease follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy. How to protect yourself System UpdatesBeeing up to date is very important. Please be sure to activate automatic updates in your control panel. Windows XP | Windows Vista | Windows 7 | windows 8 ProtectionWhat you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software. Up to date SoftwareStay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check: Secunia Online Software Inspector - Checks if your software has updates available. Filehippo Update Checkere - This tool also scans your computer for outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser. [*] BackupsThere are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] BrainsIt's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want. Link to post Share on other sites More sharing options...
MJnDenver Posted September 15, 2013 Author ID:730327 Share Posted September 15, 2013 Thank you again for all of your help Marius! I will pass the information along to my step-daughter with what she (I think) did wrong to open the door for this Trojan. I tell people about malwarebytes all the time - and your forum and help is a big part of why I bought the program myself - I'm not sure if you guys get any type of thanks from malwarebytes for doing such a good job - but I for one am very thankful. If you ever come to the states you should look me up!! I'd love to take you out to dinner or something to say thanks! Marcia Link to post Share on other sites More sharing options...
Psychotic Posted September 16, 2013 ID:730485 Share Posted September 16, 2013 You´re welcome! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 16, 2013 Root Admin ID:730515 Share Posted September 16, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts