HELP - Windows Defender cannot remove Trojan: JS/Redirector.JA

Page 1 of 2 12 LastLast

  1. Posts : 754
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
       #1

    HELP - Windows Defender cannot remove Trojan: JS/Redirector.JA


    I run Windows-7 with Microsoft Security Essentials(MSE), both are current on Updates.

    MSE indicated that I had not run a Scan in some time and the Icon turned Orange.

    I ran Quick Scan and the Icon remained Orange after the Quick Scan completed.

    I then ran a Full Scan and the Icon turned Green when the Scan Completed.

    I was suspicious and ran a Full Malwarebytes Scan which found nothing.

    I was about to call it a day but decided to run Windows Defender Offline overnight.

    Defender found Trojan: JS/Redirector.JA. Severe

    I selected the Remove Option and Defender started to do something.

    After about seven or eight minutes Defender reported:

    Remove - Error Encountered 0x800700de

    The File Type being saved or retrived has been blocked.

    Windows Defender could not apply the action you selected.

    I am at a loss as how to proceed. MSE and the Windows Defender take +-Five Hours to complete on my System. I would like to Remove this Trojan but have no idea where to begin. Can the Forum make any suggestions?
      My Computer


  2. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #2

    First, is there any chance you can do a system restore? If so, roll they system back 2 or preferably 3 points past the point of infection. (Some viruses embed themselves in the 1st restore point).

    You can also try running Malwarebytes in Safe Mode.

    Did you make the WDO disk on the infected computer? If so, WDO's integrity may have compromised. Try making the disk on a clean PC & then run it on your system. And make sure your net connect is shut off when you run it.

    Second, if that doesn't work, you could try one of the following tools:

    Norton Power Eraser

    Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.
    SuperAntiSpyware.

    If these fail, it might be a good idea to delete Java from your system & then run another scan to see if this can ferret out the infection.

    Trojan:JS/Redirector.JA’s evil purpose is to compromise your security programs and steal your confidential data then send it to the internet hackers. Remove Trojan:JS/Redirector.JA as soon as possible once detected to ensure the safety of your system. Once installed, Trojan:JS/Redirector.JA will be configured to start automatically when you start Windows.
    Trojan:JS/Redirector.JA is a trojan, written in highly obfuscated JavaScript, that redirects users to websites that promote a male enhancement product.
      My Computer


  3. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #3

    Download Combofix from any of the links below, and save it to your desktop.<--Important
    Link 1
    Link 2
    Link 3

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
    Please be patient while the scan runs, at times it may appear to stall.
    When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
    Post this log in your next reply
    After rebooting ensure your Security applications have been re-enabled.

    In your next reply post:
    ComboFix.txt
    ***A guide and tutorial on "How to use Combofix" can be found here:
    ComboFix: A guide and tutorial on using ComboFix

    IF CF won't run:
    During the download (before saving or running it), rename Combofix.exe to sVchost.exe
      My Computer


  4. Posts : 754
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #4

    ComboFix.txt


    ComboFix 12-12-07.01 - Mike 12/08/2012 0:12.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3061.1306 [GMT -5:00]
    Running from: c:\users\Mike\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1354896677.bdinstall.bin
    c:\programdata\1354909018.bdinstall.bin
    c:\users\Camille\WINDOWS
    c:\users\Charmaine\WINDOWS
    c:\users\Chloe\WINDOWS
    c:\users\Heather\WINDOWS
    c:\users\Jennifer\WINDOWS
    c:\users\Michelle\WINDOWS
    c:\users\Mike\WINDOWS
    c:\users\Simone\WINDOWS
    c:\users\Terry\WINDOWS
    c:\users\Tim\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-08 00:37 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADFFC7BA-22C5-42CB-9871-55FEC4F62F99}\mpengine.dll
    2012-12-07 16:17 . 2012-12-07 16:17 -------- d-----w- c:\programdata\BitDefender
    2012-12-07 16:16 . 2012-12-07 16:16 -------- d-----w- c:\programdata\BDLogging
    2012-12-07 16:12 . 2012-12-07 16:12 -------- d-----w- c:\users\Mike\AppData\Roaming\QuickScan
    2012-12-07 16:11 . 2012-12-07 19:43 -------- d-----w- c:\program files\Auslogics Software
    2012-12-07 16:10 . 2012-12-07 19:41 -------- d-----w- c:\program files\Common Files\Auslogics Software
    2012-12-07 16:09 . 2012-12-07 16:09 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
    2012-12-07 02:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-28 23:29 . 2012-11-28 23:29 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC1AE5D1-B926-4597-85BE-EC7CD64EC9CA}\gapaengine.dll
    2012-11-28 14:18 . 2012-11-28 14:18 -------- d-----w- c:\programdata\Citrix
    2012-11-28 14:18 . 2012-11-28 14:18 -------- d-----w- c:\program files (x86)\Common Files\Citrix
    2012-11-22 06:14 . 2012-11-22 13:09 -------- d-----w- c:\users\Michelle\AppData\Local\Microsoft Games
    2012-11-21 13:31 . 2012-12-02 05:59 -------- d-----w- c:\users\Bianca
    2012-11-13 19:32 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-13 19:32 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-13 19:32 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-13 19:32 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-13 19:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-13 19:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-13 19:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-13 19:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-13 19:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-13 19:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-13 19:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-13 19:17 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-11-13 19:17 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-11-13 19:17 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-11-13 19:17 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-11-11 14:57 . 2012-11-11 14:57 -------- d-----w- c:\program files\Easy Duplicate Finder 4
    2012-11-11 14:57 . 2012-11-11 14:57 -------- d-----w- c:\programdata\Ask
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-13 19:24 . 2011-02-11 23:03 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-11-09 17:48 . 2012-04-03 21:24 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-09 17:48 . 2011-05-17 22:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-10-16 08:38 . 2012-11-27 22:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-27 22:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-27 22:33 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-09-29 02:32 . 2012-09-29 02:32 2177688 ----a-w- c:\windows\system32\coin92.dll
    2012-09-27 21:31 . 2011-03-26 01:27 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-25 03:16 . 2012-11-01 14:33 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-21 00:11 . 2012-08-31 00:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-09-21 00:00 . 2012-08-31 00:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-09-20 12:30 . 2012-09-20 12:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-09-20 12:24 . 2011-12-24 01:48 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-09-20 12:12 . 2011-12-24 01:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-09-20 12:12 . 2012-09-20 12:12 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-09-19 13:11 . 2012-09-19 13:23 2605400 ----a-w- c:\windows\system32\WavesGUILib.dll
    2012-09-19 13:11 . 2012-09-19 13:23 1361336 ----a-w- c:\windows\system32\tosade.dll
    2012-09-19 13:11 . 2012-09-19 13:23 65944 ----a-w- c:\windows\system32\tepeqapo64.dll
    2012-09-19 13:11 . 2012-09-19 13:23 836544 ----a-w- c:\windows\system32\tadefxapo264.dll
    2012-09-19 13:11 . 2012-09-19 13:23 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
    2012-09-19 13:11 . 2012-09-19 13:23 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
    2012-09-19 13:11 . 2012-09-19 13:23 198896 ----a-w- c:\windows\system32\SRSHP64.dll
    2012-09-19 13:11 . 2012-09-19 13:23 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
    2012-09-19 13:11 . 2012-09-19 13:23 148416 ----a-w- c:\windows\system32\tadefxapo.dll
    2012-09-19 13:11 . 2012-09-19 13:22 220776 ----a-w- c:\windows\system32\SFSS_APO.dll
    2012-09-19 13:11 . 2012-09-19 13:22 81248 ----a-w- c:\windows\system32\SFCOM64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 78688 ----a-w- c:\windows\system32\SFAPO64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
    2012-09-19 13:11 . 2012-09-19 13:22 221024 ----a-w- c:\windows\system32\SFNHK64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 2674320 ----a-w- c:\windows\system32\RtPgEx64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2012-09-19 13:11 . 2012-09-19 13:22 4065296 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2012-09-19 13:11 . 2012-09-19 13:22 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 3615888 ----a-w- c:\windows\system32\RtkAPO64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 869520 ----a-w- c:\windows\system32\RtkApi64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 204120 ----a-w- c:\windows\system32\RTEED64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 5096448 ----a-w- c:\windows\system32\RCoRes64.dat
    2012-09-19 13:11 . 2012-09-19 13:22 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 1262696 ----a-w- c:\windows\system32\RTCOM64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 105616 ----a-w- c:\windows\system32\RCoInstII64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 7163744 ----a-w- c:\windows\system32\R4EEP64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 74592 ----a-w- c:\windows\system32\R4EEG64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 433504 ----a-w- c:\windows\system32\R4EED64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 141152 ----a-w- c:\windows\system32\R4EEL64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 123744 ----a-w- c:\windows\system32\R4EEA64A.dll
    2012-09-19 13:11 . 2012-09-19 13:22 396632 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
    2012-09-19 13:11 . 2012-09-19 13:22 1345368 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
    2012-09-19 13:11 . 2012-09-19 13:22 8363864 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2012-09-19 13:11 . 2012-09-19 13:22 2131288 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
    2012-09-19 13:11 . 2012-09-19 13:22 341336 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
    2012-09-19 13:11 . 2012-09-19 13:22 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
    2012-09-19 13:11 . 2012-09-19 13:22 1015640 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 2533952 ----a-w- c:\windows\system32\FMAPO64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 537456 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 524656 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 449392 ----a-w- c:\windows\system32\DTSU2PREC64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 202336 ----a-w- c:\windows\system32\AERTAC64.dll
    2012-09-19 13:11 . 2012-09-19 13:22 108640 ----a-w- c:\windows\system32\AERTAR64.dll
    2012-09-19 13:10 . 2011-02-15 13:35 1706640 ----a-w- c:\windows\RtlExUpd.dll
    2012-09-19 13:06 . 2012-03-29 20:59 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
    2012-09-14 19:19 . 2012-10-09 17:07 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-09 17:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
    R3 DisplayLinkUsbPort;DisplayLink USB Device; [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-04-25 93272]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2007-05-11 70424]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-01-19 20:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-09-19 12503184]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
    Trusted Zone: microsoft.com\oas.support
    Trusted Zone: microsoft.com\support
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
    SafeBoot-14263120.sys
    Toolbar-10 - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{D7E97865-918F-41E4-9CD0-25AB1C574CE8}"=hex:51,66,7a,6c,4c,1d,38,12,0b,7b,fa,
    d3,bd,df,8a,04,e3,c6,66,eb,19,09,08,fc
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}"=hex:51,66,7a,6c,4c,1d,38,12,b4,b5,6d,
    27,d8,71,bc,08,f5,77,ea,41,b0,9a,cd,c3
    "{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}"=hex:51,66,7a,6c,4c,1d,38,12,5a,50,79,
    6b,db,36,f5,08,fe,94,c8,01,ef,d2,7d,fb
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{CCB69577-088B-4004-9ED8-FF5BCC83A039}"=hex:51,66,7a,6c,4c,1d,38,12,19,96,a5,
    c8,b9,46,6a,05,e1,ce,bc,1b,c9,dd,e4,2d
    "{D3D233D5-9F6D-436C-B6C7-E63F77503B30}"=hex:51,66,7a,6c,4c,1d,38,12,bb,30,c1,
    d7,5f,d1,02,06,c9,d1,a5,7f,72,0e,7f,24
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:d0,68,83,83,d1,56,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,6c,67,a3,4f,76,aa,4e,88,74,44,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,6c,67,a3,4f,76,aa,4e,88,74,44,\
    .
    [HKEY_USERS\S-1-5-21-934717694-3192348872-3920661462-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-934717694-3192348872-3920661462-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-934717694-3192348872-3920661462-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe ,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe ,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\05\07\12\18\0e?"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-08 00:25:40
    ComboFix-quarantined-files.txt 2012-12-08 05:25
    .
    Pre-Run: 1,141,041,008,640 bytes free
    Post-Run: 1,142,415,417,344 bytes free
    .
    - - End Of File - - DC4E422AC4A648D39895D9785F52C960
      My Computer


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #5

    Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
    Save any unsaved work. TFC will close ALL open programs including your browser!
    Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

    Next, Download AdWareCleaner AdwCleaner Download to your desktop
    1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
    2.Click on Delete button.
    3.Confirm each time with OK.
    4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
    Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


    More instructions to follow after you've done the above.
      My Computer


  6. Posts : 754
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #6

    AdwCleaner


    # AdwCleaner v2.011 - Logfile created 12/09/2012 at 14:08:11
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Mike - SEVENPRO64
    # Boot Mode : Normal
    # Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
    Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
    ***** [Registry] *****
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16455
    [OK] Registry is clean.
    *************************
    AdwCleaner[S1].txt - [3120 octets] - [09/12/2012 14:08:11]
    ########## EOF - C:\AdwCleaner[S1].txt - [3180 octets] ##########
      My Computer


  7. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #7

    How is your computer running now?
      My Computer


  8. Posts : 754
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #8

    It appears to be running normally, as it did before the infection.

    I would like to rerun the Windows Defender Offline once more.

    Can I rerun it again at this time, without disturbing what you have been able to correct?

    Best regards,

    Mike Lynch
      My Computer


  9. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #9

    Sure!
      My Computer


  10. Posts : 754
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #10

    It ran to completion without any errors / trojans!

    Thank you so much for your help.

    Best regards,

    Mike Lynch
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:16.
Find Us