Hello Corrine! I hope you are still there! You've been such a great help in the past!
I'm on my laptop, because my desktop is out of commission :(
I was looking at multiple travel websites (Expedia, Cheap Tickets, etc) trying to find an airline ticket, and suddenly I had a couple of messages. The first one said something about MSE finding some problems and listed the following:
Trojan-PSW.Win32.launch
Hack Tool: Win32/welevate.A
Adware.Win32.Fraud
Then I got a message that said "MSE detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash." There was a button that said Clean Computer, but by then everything was frozen. I finally powered it down, and when I powered it back up nothing was active and the cursor, when it got down to the bottom bar, just spun. Otherwise, it looked normal, but nothing was active. Can you help me? Thank you!! Rita Crawford
Hi, Rita.
It sounds as though you got hit by a drive-by at one of the sites you visited.
First, let's see if you can work on your desktop in safe mode with networking. If you are unable to follow these instructions, please let me know.
1. Please restart your computer in
Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.)
2. Let's make sure the proxy settings haven't been changed.
- Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
- Click on the Connections tab.
- Click on the LAN Settings button.
- Under the Proxy Server section, please uncheck the checkbox labeled "Use a proxy server for your LAN".
- Press the OK button to close this screen followed by the OK button to close the Internet Options screen.
3. Without restarting the computer, please download
Rkill by Grinler and save it to your desktop. When you click the following ink, a new tab will open and after a few seconds you will be provided a download option for iexplore.exe. Save that file to your desktop: http://www.bleepingcomputer.com/download/rkill/dl/11/
- Double-click on the Rkill desktop icon to run the tool. Note: For Windows Vista or Windows 7, please right-click and select "Run As Administrator".
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- If the tool does not run from any of the links provided, please let me know.
Note: Do not restart the computer, or you will need to run the application again.
4. Please download
Malwarebytes' Anti-Malware to your desktop from here (http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/dl/7/).
- Double-click mbam-setup.exe and follow the prompts to install the program.
- In the last Setup window, UNcheck "Enable free trial of Malwarebytes Anti-Malware PRO" but be sure a checkmark is placed next to
-- Update Malwarebytes' Anti-Malware and
-- Launch Malwarebytes' Anti-Malware - Click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, check the following settings:
-- On the Scanner tab, check Perform quick scan.
-- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
-- Also on the Settings tab, under "Action for potentially unwanted programs (PUP)", change the option to Show in results list and check for removal. - When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FMBAM_SR_zps573fd52e.jpg&hash=d26a00ef8e57bbd0a0825762e2e3a8ff32d92179) - Click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Please post contents of that file in your next reply.
** Note **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click
OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
4. After that has been completed, please provide a copy of the logs in the Log Posting Instructions (http://www.landzdown.com/analysis-and-malware-removal/log-posting-instructions/) topic.
Note: Due to the forum character restrictions, it may be necessary to create two replies in order to get the requested logs to post.
Hello Corrine,
I was called out of town shortly after I posted my problem, but I'm back now and was delighted to see that you replied, as always :) I just followed your instructions, and I think I'm OK now!!!!! I will copy the log under my comments. Am I also supposed to copy it in the log section? I just wanted to tell you how important this experience has been for me. My Dad introduced me to you several years ago. He was the computer guru for our entire family. I had always worried about what I would do after he was gone when I had computer problems. We lost him a year ago. When this happened, I did what he had taught me - contacted you. You are so reliable and so amazing! My Dad took care of me by teaching me to turn to you. Thank you so much for coming through!!
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.16.06
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16476
Rita :: RITA-PC [administrator]
2/16/2014 2:03:59 PM
mbam-log-2014-02-16 (14-03-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292911
Time elapsed: 10 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCU\Software\AppDataLow\Software\Savings Sidekick (PUP.Optional.SavingsSidekick.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PrSft (Rogue.FakeAV) -> Data: C:\Users\Rita\AppData\Roaming\svc-hyor.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Rita\AppData\Local\Savings Sidekick (PUP.Optional.SavingsSidekick.A) -> Quarantined and deleted successfully.
C:\Users\Rita\AppData\Local\Savings Sidekick\Chrome (PUP.Optional.SavingsSidekick.A) -> Quarantined and deleted successfully.
Files Detected: 3
C:\Users\Rita\AppData\Roaming\svc-hyor.exe (Rogue.FakeAV) -> Quarantined and deleted successfully.
C:\Users\Rita\AppData\Local\Temp\file.exe (Rogue.FakeAV) -> Quarantined and deleted successfully.
C:\Users\Rita\Local Settings\Temporary Internet Files\Content.IE5\UFKXM3VW\5d9429d23be3e8d3963cb2a7b19ff74d[1].exe (Rogue.FakeAV) -> Quarantined and deleted successfully.
(end)
Hi, Rita.
I am sorry to hear about your Dad. It means a lot that he trusted me to help you. Also, please don't be concerned about the delay in your reply. Real life always comes first.
I'd like to see the standard logs next. Please provide a copy of the logs in the Log Posting Instructions (http://www.landzdown.com/analysis-and-malware-removal/log-posting-instructions/) topic as a reply here.
Here is the first one:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.25.2
Run by Rita at 16:59:36 on 2014-02-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1533 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\F5InstallerService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Rita\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\YTNavAssist.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - c:\program files\specialsavings\SpecialSavingsSinged.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ALconnect] c:\users\rita\appdata\roaming\directlife\alconnect\ALconnect.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
uRun: [WinCalendarV3] "c:\program files\sapro systems wincalendarv3\WinCalendarV3_SysTray.exe /q /c"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [WinCalendarV3] "c:\program files\sapro systems wincalendarv3\WinCalendarV3_SysTray.exe" /q /c
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [WinCalendarV3] "c:\program files\sapro systems wincalendarv3\WinCalendarV3_SysTray.exe" /q /c
StartupFolder: c:\users\rita\appdata\roaming\micros~1\windows\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\specialsavings\SpecialSavingsSinged.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: weightwatchers.com
Trusted Zone: weightwatchers.com
DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - file://C:/Program Files/F5 VPN/F5_TMP/f5certchk.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - file://C:/Program Files/F5 VPN/F5_TMP/cachecleaner.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - file://C:/Program Files/F5 VPN/F5_TMP/urxvpn.cab
DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} - hxxps://my.sabre.com/jars/TMinReqX.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - file://C:/Program Files/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - file://C:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} - hxxp://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB
DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - file://C:/Program Files/F5 VPN/F5_TMP/urxhost.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://portal.field.weightwatchers.com/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2010,1005,1351
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ECD34062-D513-43E4-B42E-6FF9EE437801} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.34 ofep34.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.23 ofep23.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.36 fos.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.8 ofep08.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.21 ofep21.sabre.com # Nortel SSL-VPN
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rita\appdata\roaming\mozilla\firefox\profiles\om87y09e.default-1391373284856\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rita\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\rita\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\rita\appdata\roaming\mozilla\firefox\profiles\om87y09e.default-1391373284856\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2009-8-5 21728]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 F5 Networks Component Installer;F5 Networks Component Installer;c:\windows\system32\F5InstallerService.exe [2010-8-19 246400]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-19 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-2 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104768]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-11-19 1153368]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-1-21 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-1-21 17920]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-6-21 114672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-19 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2010-1-25 34944]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca1b5d2d110ea5;Google Update Service (gupdate1ca1b5d2d110ea5);c:\program files\google\update\GoogleUpdate.exe [2009-8-12 133104]
S2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2009-8-5 180224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2013-8-16 18944]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2010-9-21 13952]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-9 30192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-19 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\regedit.exe="c:\windows\regedit.exe" "%1" [UserChoice]
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2014-02-16 23:00:30 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{84e695d9-61df-40f1-a7e9-81a66509b61f}\offreg.dll
2014-02-16 22:39:30 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{84e695d9-61df-40f1-a7e9-81a66509b61f}\mpengine.dll
2014-02-06 03:46:15 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-02-06 03:46:14 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-02-06 03:46:14 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-02-06 03:46:14 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-02-06 03:46:13 302192 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2014-02-06 03:46:13 275568 ----a-w- c:\program files\mozilla firefox\firefox.exe
2014-02-06 03:46:13 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2014-02-06 03:46:12 647280 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2014-02-06 03:46:12 53360 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2014-02-06 03:46:12 3449456 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2014-02-06 03:46:12 119408 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2014-02-05 20:56:00 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-24 14:37:14 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b00d713-95c5-4246-ac23-08d8da45783d}\gapaengine.dll
.
==================== Find3M ====================
.
2014-02-05 10:04:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 10:04:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 01:14:25 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13:46 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13:44 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13:41 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13:36 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11:29 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:10:21 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
.
Here's the other one!
Thank you!
Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
WinPatrol
Spybot - Search & Destroy
SUPERAntiSpyware
Secunia PSI
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 12.0.0.44
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (26.0)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]
Almost there, Rita. I would also like to see the "Attach.txt" log. It should have opened in Notepad when you ran DDS.
I'll take a look at both logs tomorrow. In the meantime, when you have a chance, you need to update both Java, Adobe Reader and Adobe AIR:
Java Download Link: Java Version 7 Update 51 (http://java.com/en/download/manual.jsp).
Adobe Reader XI (11.0.06) for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
Adobe AIR is available here: http://get.adobe.com/air/
Note: Be alert when updating both Java and Adobe products and UNcheck any pre-checked additional options presented with the updates. They are not part of the software update and are completely optional.
Thank you, Corrine!
Is this the one you still need??
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/2/2010 12:36:08 PM
System Uptime: 2/16/2014 2:32:14 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0WG855
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 79.735 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1155: 12/8/2013 7:00:37 PM - Windows Backup
RP1156: 12/10/2013 3:00:12 AM - Windows Update
RP1157: 12/11/2013 3:00:45 AM - Windows Update
RP1158: 12/14/2013 8:30:41 AM - Windows Update
RP1159: 12/15/2013 7:00:26 PM - Windows Backup
RP1160: 12/17/2013 6:22:44 PM - Windows Update
RP1161: 12/21/2013 8:35:47 AM - Windows Update
RP1162: 12/22/2013 7:00:26 PM - Windows Backup
RP1163: 12/24/2013 4:14:27 PM - Windows Update
RP1164: 12/29/2013 1:44:53 AM - Windows Update
RP1165: 12/29/2013 7:00:26 PM - Windows Backup
RP1166: 1/1/2014 1:32:16 PM - Windows Update
RP1167: 1/4/2014 3:32:17 PM - Windows Update
RP1168: 1/5/2014 7:00:26 PM - Windows Backup
RP1169: 1/8/2014 9:00:24 AM - Windows Update
RP1170: 1/12/2014 12:06:30 PM - Windows Update
RP1171: 1/12/2014 7:00:27 PM - Windows Backup
RP1172: 1/15/2014 3:00:26 AM - Windows Update
RP1173: 1/19/2014 2:08:27 AM - Windows Update
RP1174: 1/19/2014 7:00:27 PM - Windows Backup
RP1175: 1/22/2014 1:07:48 PM - Windows Update
RP1176: 1/25/2014 2:45:47 PM - Windows Update
RP1177: 1/26/2014 7:00:27 PM - Windows Backup
RP1178: 1/29/2014 2:46:09 PM - Windows Update
RP1179: 2/1/2014 4:46:40 PM - Windows Update
RP1180: 2/2/2014 7:00:36 PM - Windows Backup
RP1181: 2/5/2014 12:54:49 PM - Windows Update
RP1182: 2/16/2014 2:44:54 PM - Windows Backup
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.34 ofep34.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.23 ofep23.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.36 fos.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.8 ofep08.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.21 ofep21.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.32 ofep32.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.44 access.certd.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.36 frt.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.28 ofep28.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.30 ofep30.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.6 ofep06.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.41 access.tstsa.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.26 ofep26.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.4 ofep04.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.35 ofep35.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.24 ofep24.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.37 lb1.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.39 tsts.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.39 access.tsts.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.33 ofep33.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.9 ofep09.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.22 ofep22.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.29 ofep29.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.40 cert.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.31 ofep31.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.7 ofep07.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.40 access.cert.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.20 ofep20.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.43 access.certc.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.42 access.tstsb.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.27 ofep27.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.5 ofep05.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.36 decs.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.25 ofep25.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.38 lb2.sabre.com # Nortel SSL-VPN
Hosts: 127.0.0.3 ofep03.sabre.com # Nortel SSL-VPN
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acrobat.com
ActiveLink Connect
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Adobe Shockwave Player 11.6
Amazon Kindle
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft WebCam Companion 3
Ask Toolbar
Audible Download Manager
Bonjour
Canon iP4300
Canon iP4300 User Registration
Canon My Printer
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
CCleaner
CCScore
Citrix Online Launcher
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
D3DX10
Dell Driver Download Manager
Dell Games
Dell Support Center (Support Software)
Dell System Customization Wizard
DellConnect
DellSupport
Digital Line Detect
DING!
Documentation & Support Launcher
Drive Manager
Driver Whiz
EarthLink Setup Files
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
F5 Networks VPN Client for Windows
fflink
Games, Music, & Photos Launcher
Google Calendar Sync
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Google Video Uploader
GoToAssist 8.0.0.514
GoToMeeting 5.9.0.1207
HP Button Manager
HP Photo Creations
HP Webcam User's Guide
iCloud
InstallMgr
Intel(R) Matrix Storage Manager
Intel(R) Viiv(TM) Software
Internet Service Offers Launcher
InterVideo DeviceService
IrfanView (remove only)
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 25
Java Auto Updater
join.me
Junk Mail filter update
KeyScrambler
Kodak EasyShare software
LG USB Drivers
LG USB Modem driver
Malwarebytes Anti-Malware version 1.75.0.1300
Memorex exPressit Label Design Studio
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
MobileMe Control Panel
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NETGEAR WG111v2 wireless USB 2.0 adapter
NetWaiting
NetZeroInstallers
NVIDIA Control Panel 307.83
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
OfotoXMI
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
ParetoLogic DriverCure
PED-Basic
PHStat2 version 2.5.1
Picasa 3
Qualxserve Service Agreement
Quicken 2013
Quicken WillMaker Plus 2010
QuickTime
Revo Uninstaller 1.94
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Sabre VPN
Safari
Secunia PSI
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
SFR
SHASTA
ShopAtHome.com Helper
SigmaTel Audio
SimpleOCR 3.1
skin0001
SKINXSDK
Sonic Activation Module
SpecialSavings
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware
swMSM
tooltips
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 woriper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 woriper
TurboTax 2009 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Deluxe 2007
TurboTax Home & Business 2006
TurboTax ItsDeductible 2006
TurboTax Premier 2005
Ulead VideoStudio 11
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
USB Driver for Panasonic DVC
User's Guides
V CAST Music Manager
VideoStudio
VPRINTOL
WeightWatchers Connections 2010 Portal
WeightWatchers Field Portal
WexTech AnswerWorks
Wildflowers of New Mexico Screen Saver
WinCalendarV3
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
WinRAR archiver
WinVistaPatch
WIRELESS
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Music Jukebox
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/16/2014 2:34:55 PM, Error: Service Control Manager [7034] - The SCM_Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2014 2:27:41 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2014 1:36:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2014 1:36:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/16/2014 1:36:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/16/2014 1:35:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/16/2014 1:35:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/16/2014 1:35:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
2/16/2014 1:35:31 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2014 1:35:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.
2/16/2014 1:35:23 PM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Hi, Rita. Yes, that is the log I wanted to check. Thank you.
1. In addition to updating Java and Adobe products noted in my previous reply, I noticed that Firefox is also out of date. Since the update to version 27 included critical security updates, it is advised that you install the update. Select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox." The current version is 27.0.1.
2. Is there a reason you have UAC (User Access Control) disabled? When installing or updating a program, it only takes one click to provide UAC approval. UAC notifies you when changes are going to be made to your computer that require administrator-level permission. Personally, I want to know what changes are being made to my computer and don't mind that extra click. For additional information, see Turn User Account Control on or off - Microsoft Windows Help (http://windows.microsoft.com/en-us/windows/turn-user-account-control-on-off#1TC=windows-7).
3. Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.
Note: A few seconds after landing on the above link, depending on the browser you are using, you will see the following:
- If you're using Firefox, click Save file: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FJRT_FF_zps06b87edb.jpg&hash=581e667093739a0f850300c9ebfcd58ad4695f1e) (http://smg.photobucket.com/user/Corrine3/media/JRT_FF_zps06b87edb.jpg.html)
- If you're using IE, click Save: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FJRT_IE_zpsa2e88403.jpg&hash=7ce5984f5f344de6a9f55c59f23a371ddfad1bbd) (http://smg.photobucket.com/user/Corrine3/media/JRT_IE_zpsa2e88403.jpg.html)
- Disable your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
4. Please download
AdwCleaner (http://[url=http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) by Xplode onto your Desktop.
Note: A few seconds after landing on the above link, depending on the browser you are using, you will see the following:
- If you're using Firefox, click Save File: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FAdwCleaner_FF_zpsa8bc01f1.jpg&hash=8a8d19abdf3c24c899de81d067c497e844a2ecc9) (http://smg.photobucket.com/user/Corrine3/media/AdwCleaner_FF_zpsa8bc01f1.jpg.html)
- If you're using IE, click Save: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FAdwCleaner_IE_zps8d5b4db0.jpg&hash=fdebff1ec5b5d7100edfb92c7784272a882f317e) (http://smg.photobucket.com/user/Corrine3/media/AdwCleaner_IE_zps8d5b4db0.jpg.html)
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
- Click the Scan button and wait for the process to complete.
- Click the Report button and the report will open in Notepad.
IMPORTANT
- If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep,
Close the AdwCleaner windows.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click the Scan button and wait for the process to complete.
- Check off the element(s) you wish to keep.
- Click on the Clean button follow the prompts.
- A log file will automatically open after the scan has finished.
- Please post the content of that log file with your next answer.
- You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
Hello Corrine,
Thank you! I will take care of this -
I do have one question -
The only time I use Firefox is for my employee portal with Weight Watchers. There has been a lot of complaining among employees because the WW portal requires an ancient version of Firefox. That's the reason I only use it to access my WW portal. I just got a new job and will only need access to the portal for about another month. Would it be acceptable to wait until I'm finished with the WW portal to update Firefox? Strange situation, huh?
Hi, Rita. Seeing as how you only use it for the one site, I'm sure you'll be fine.
Thank you for noticing my User Access Control - I have no idea how it became disabled! I've got it all the way up now - is that OK? Now I'm working on the next step - but I'm having trouble disabling my protection software. Can you instruct me please? Thanks!!!!
Since you use MSE, it shouldn't interfere with either AdwCleaner or JRT. The other programs won't interfere either.
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x86
Ran by Rita on Mon 02/17/2014 at 18:38:42.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylontoolbarsrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylontoolbarsrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\savings sidekick_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\savings sidekick_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\specialsavings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033503360}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055505560}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066506660}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077507760}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077507760}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{51DDABB8-15AA-46C3-8326-0786C449DC33}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{84ABD031-A046-4918-8829-A309D6ECDD3F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
~~~ Files
Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\drivercure"
Successfully deleted: [Folder] "C:\Users\Rita\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Rita\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files\specialsavings"
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{00BFACB5-34B3-4EA1-A51A-D567CBB16616}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{040D63CD-0194-4F71-9BA4-69D65F2A7916}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{09BDB272-CC07-4175-996E-6E1664276BE2}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{0B066F3F-08DD-4340-B8E4-158AE33530B2}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{0D76323D-D6B0-481E-8581-803AA2A28ECE}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{0F8A2FEA-F4D9-4D00-86D7-FBAF2DB7A007}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{1DF6855F-DC5C-47E7-BDA5-569316AC75B0}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{23CDEF66-890B-4FCF-BF17-6354D2701B9F}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{25C704B4-FBA3-4AB7-B9C4-0E3E759A7B5A}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{27EFD18F-B62B-4377-8E0A-8182E0BFE4CC}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{28567ED6-CFDD-488D-9051-67BD07D31A27}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{334862A3-BAC6-4FAC-8BAC-573D9FF18D63}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{37D2D426-BCE5-4222-B552-6BE015DBB249}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{3D76146C-7FCB-4A26-B7E9-D9BE3B85A5DA}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{3FAAF9C5-4758-47BB-A457-C9C7D32FB184}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{4498F947-2ED8-496C-BFA2-9B00808913E0}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{45E80A21-F19E-46F5-A278-62439709FE33}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{47D2C5B1-4C17-4897-AA64-046625CE15B5}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{48A9005B-63B0-4622-9901-8481914DCBB7}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{4AE2A559-3944-4F79-B258-E64F868B2F2C}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{57DC5B79-A0EB-4ED7-A961-D1FA01423494}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{584B4927-EA47-4759-9186-030EA95231A5}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{5E2504DC-49FC-4351-A3E9-A925827EECE0}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{5E4A432B-4487-49DD-8EA7-F31D2EC8A911}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{6170EED2-CBD9-4357-BF27-6B958730F2DF}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{619DCF50-BA02-4A20-862C-289297AB7518}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{63FBDEA5-52D5-47A3-9BF0-500B87E004EE}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{687D2C12-5CCF-4A98-87B4-5218C9A657B3}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{68EE682B-13FD-4871-BC2F-E646853081A9}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{6B03C7B8-FB6C-43D6-9F6B-F682A45F715B}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{704C1C1A-ADD3-4F9D-A67F-23A98EEB791C}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{72553182-EB64-45DE-80CE-8AB3DC3C7D74}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{72A8E94C-D0E5-4F1C-9660-71B828D52ED0}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{7928E662-ACE4-42F1-9922-5D7F79D8D320}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{7A44C3AE-B414-4396-A4BA-2F46B5CD4FD6}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{7B9BF895-8064-4A75-ACD1-4EE1241FA1DE}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{8F1CB2FB-4117-4C10-A2CF-4E59789A8374}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{917AACB7-0F22-4A86-B0B4-F8B51AF73ABB}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{91B09644-7377-4671-9ABD-DA8D87A8D4FD}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{91DA9C54-D592-49CA-81BC-77009834EA72}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{972E36CB-184A-4004-8ABB-0C99FC56A65A}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{98C474B0-FCE9-4E75-BAF0-448551FEBB72}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{9EEF2069-2B91-47D9-BA46-DFE6D57A8C31}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{A00C85FD-F368-40DB-AD8B-FD255E8ACE48}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{A1F19939-3A30-487F-ABCE-3EB5AF178DE1}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{A380D7AE-AD34-464D-B7A3-76016E672CBC}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{A772A435-5ADB-41C6-925B-340EBAA02A5D}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{A8F25043-26B7-425E-83B5-C741DA9EF4C3}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{AA3EDAC4-DBD3-42D7-A03A-5CFEDB38CC6B}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{AB5DB120-320E-4FAA-87EA-C618F34E6C21}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{AC36DB0C-2EE2-4EA6-87B7-6C458646AAF4}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{B1A1474F-4076-4F85-8ED3-5B752D1BB3B3}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{B2B7FCD3-31B0-4CE8-8C34-522E325A9DF6}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{B66C455D-64E5-49AE-94E9-A865494625E7}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{B8D05ECD-ADC9-44C7-A2B0-3D949DDC77D9}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{BACDA14D-F045-4F0D-A24D-715369F9ABB1}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{BADA58D1-01CD-4D83-BA5B-B2B18B38EA90}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{BEA74FFD-31A1-48E5-A963-352E48D3E497}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{C0A1F965-27E6-47C1-9A0A-26115C409D1C}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{C9633A74-8B32-4D0C-89F0-6E1830456C58}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{CC028C10-F90C-42C2-9D1A-DA3549356294}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{CF57AA84-9913-4DC4-AEDF-62B850A32A47}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{D64A2935-9C5A-4367-B4AB-9C4652BB1A89}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{DA792482-A535-40CB-8AE2-E0E35CA5BF61}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{DD05B9AA-0A27-4909-A1FF-515D81EB9898}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{DDBB47D9-8CEE-49B9-9AAE-97840EBACB82}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{DFBF1D77-CE7D-497D-B999-E57F18D9C1EB}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{E35DC3E4-9533-4173-BF62-221569B3AFBC}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{E86993BE-CED1-452E-9C11-EDD75B44A106}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{E960CB21-FD7E-4057-8C77-58DBC18786B6}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{E9A27373-E6A9-4AD4-BB07-650EC2EF62F0}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{F6DE8053-688F-4216-A9B6-6060477C56AB}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{F93850CE-429B-497A-ACB7-20FDCB4B616E}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{FC3CE03C-2F20-49D0-8161-8AFDF4AD2C83}
Successfully deleted: [Empty Folder] C:\Users\Rita\appdata\local\{FD3BE073-97BF-4E71-914D-0EFF0350F5B2}
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Rita\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com"
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\specialsavings@superfish.com
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/17/2014 at 18:42:04.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sweet! I don't know how much AdwCleaner will find after that but go ahead and give it a run also.
# AdwCleaner v3.019 - Report created 17/02/2014 at 18:53:44
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Rita - RITA-PC
# Running from : C:\Users\Rita\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\uniblue
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Rita\AppData\Local\PackageAware
Folder Deleted : C:\Users\Rita\AppData\Roaming\uniblue
Folder Deleted : C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Folder Deleted : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\6skr432c.default\Extensions\specialsavings@superfish.com
- Not Deleted : C:\Program Files\Mozilla Firefox\user.js
File Deleted : C:\Windows\System32\Tasks\bProtector
File Deleted : C:\Windows\Tasks\paretologic registration3.job
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
***** [ Shortcuts ] *****
***** [ Registry ] *****
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4AD55D8-77FB-41BD-A78D-58EFB4587DAF}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4AD55D8-77FB-41BD-A78D-58EFB4587DAF}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDB5828-2CAC-4A70-A1C9-14EE9365B78F}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDB5828-2CAC-4A70-A1C9-14EE9365B78F}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF61CEDA-010F-4E23-8DC5-8BCCD13C07C6}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF61CEDA-010F-4E23-8DC5-8BCCD13C07C6}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7146686F-6A51-4915-8A66-D7CCAD7E624C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\7hxc032n.WW Field Portal\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[ File : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\om87y09e.default-1391373284856\prefs.js ]
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
*************************
AdwCleaner[R0].txt - [6059 octets] - [17/02/2014 18:51:40]
AdwCleaner[S0].txt - [6082 octets] - [17/02/2014 18:53:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6142 octets] ##########
# AdwCleaner v3.019 - Report created 17/02/2014 at 18:53:44
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Rita - RITA-PC
# Running from : C:\Users\Rita\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\uniblue
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Rita\AppData\Local\PackageAware
Folder Deleted : C:\Users\Rita\AppData\Roaming\uniblue
Folder Deleted : C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Folder Deleted : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\6skr432c.default\Extensions\specialsavings@superfish.com
- Not Deleted : C:\Program Files\Mozilla Firefox\user.js
File Deleted : C:\Windows\System32\Tasks\bProtector
File Deleted : C:\Windows\Tasks\paretologic registration3.job
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
***** [ Shortcuts ] *****
***** [ Registry ] *****
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4AD55D8-77FB-41BD-A78D-58EFB4587DAF}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4AD55D8-77FB-41BD-A78D-58EFB4587DAF}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDB5828-2CAC-4A70-A1C9-14EE9365B78F}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDB5828-2CAC-4A70-A1C9-14EE9365B78F}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF61CEDA-010F-4E23-8DC5-8BCCD13C07C6}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF61CEDA-010F-4E23-8DC5-8BCCD13C07C6}
- Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7146686F-6A51-4915-8A66-D7CCAD7E624C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\7hxc032n.WW Field Portal\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[ File : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\om87y09e.default-1391373284856\prefs.js ]
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
*************************
AdwCleaner[R0].txt - [6059 octets] - [17/02/2014 18:51:40]
AdwCleaner[S0].txt - [6082 octets] - [17/02/2014 18:53:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6142 octets] ##########
Excellent, Rita. How is your computer now?
Hi Corrine,
I have been working super long days and haven't had a chance to use it. But does everything look good to you? I'm not thinking straight from being tired, but do I need to go back and enable anything? Maybe not, since you said I didn't need to disable the antivirus.
You are fantastic!! I was afraid my computer was dead, and it's back in action! I don't know what I'd do without you!
Thank you :)
Rita
Hi, Rita.
Ah, yes, as usual real life gets in the way of other activities! You don't need to enable anything, just a bit of cleanup of the tools we used.
Go ahead and delete SecurityCheck and the Junkware Removal Tool from your desktop. Then do the following to uninstall AdwCleaner:
Double-click on
AdwCleaner.exe to run the tool again.
- Click on the Uninstall button.
- Click Yes when asked are you sure you want to uninstall.
- Both AdwCleaner.exe, its folder and all logs will be removed.
Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?" (http://securitygarden.blogspot.com/p/blog-page.html).
Should you have any questions, we'll be here!
Quote from: rc on February 07, 2014, 05:25:04 AM
The first one said something about MSE finding some problems and listed the following:
Trojan-PSW.Win32.launch
Hack Tool: Win32/welevate.A
Adware.Win32.Fraud
Then I got a message that said "MSE detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash."
In case it helps (whether now or someone reading this thread later) this is very much not Security Essentials. This was a rogue.
//A
Corrine,
Thank you so very much :) I'm so glad my Dad introduced me to you!! Take care - so many of us appreciate what you do!
Rita