Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: MBAM cannot remove "culprit" access to

01 Feb 2014   #11

Windows 7 Pro x64 (1), Win7 Pro X64 (2)

Quote   Quote: Originally Posted by Slartybart View Post
How's that AdwCleaner scan coming along?
Well, some new GOOD news, and some "no difference" news.

First, there was what I suspected was malware installed on the Vista machine, a thing named "MyWebSearch". It had its fingers in IE as toolbar, plugins, etc. I could not uninstall it entirely (using Control Panel) though I was able to remove some of it, including its traces in IE. But the final piece couldn't actually be uninstalled because the UNINSTALL process claimed that one of its DLL files could not be found. I suspect this is part of the whole idea, to get it installed and then make it also non-uninstallable.

Anyway, MBAM's scans did NOT find this. However ADWCleaner DID find it! I was very excited to let it go ahead and CLEAN it out. And in fact it DID seem to do the job successfully. Following the re-boot it was no longer shown in Control Panel as a program. Definitely seemed that ADWCleaner "paid for itself" (although it's free!) here.

Nothing else was found. Here is the log which appears following re-boot.

# AdwCleaner v3.018 - Report created 01/02/2014 at 11:14:09
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : susan - PAUL
# Running from : C:\BBS\ADWCleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : MyWebSearchService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Users\susan\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\susan\AppData\LocalLow\MyWebSearch

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions []
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\susan\AppData\Roaming\Mozilla\Firefox\Profiles\z72w00ua.default\prefs.js ]


AdwCleaner[R0].txt - [17415 octets] - [01/02/2014 11:13:11]
AdwCleaner[S0].txt - [17759 octets] - [01/02/2014 11:14:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17820 octets] ##########

My System SpecsSystem Spec
01 Feb 2014   #12

Windows 7 Pro x64 (1), Win7 Pro X64 (2)

(previous post was too long to show the following, so I'm doing it in a second reply)


However, this MyWebSearch definitely does NOT appear tied to my primary issue, which is the continued ongoing access coming from SVCHOST (DcomLaunch) of those IP addresses in Russia (or The Netherlands, whichever you believe... MBAM's blocked IP values or Task Manager's actual accessed IP values).

Here is the opening snippet from MBAM's log right after the re-boot caused by the ADWCleaner scan. You can see that the 5.45 IP addresses continue to be accessed.

2014/02/01 11:15:54 -0500       PAUL    susan   MESSAGE Starting protection
2014/02/01 11:15:54 -0500       PAUL    susan   MESSAGE Protection started successfully
2014/02/01 11:15:54 -0500       PAUL    susan   MESSAGE Starting IP protection
2014/02/01 11:16:01 -0500       PAUL    susan   MESSAGE IP Protection started successfully
2014/02/01 11:16:34 -0500       PAUL    susan   IP-BLOCK (Type: outgoing, Port: 49200, Process: svchost.exe)
2014/02/01 11:18:11 -0500       PAUL    susan   IP-BLOCK (Type: outgoing, Port: 49282, Process: svchost.exe)
2014/02/01 11:18:20 -0500       PAUL    susan   IP-BLOCK (Type: outgoing, Port: 49285, Process: svchost.exe)
2014/02/01 11:18:28 -0500       PAUL    susan   IP-BLOCK (Type: outgoing, Port: 49292, Process: svchost.exe)
2014/02/01 11:20:52 -0500       PAUL    susan   IP-BLOCK (Type: outgoing, Port: 49322, Process: svchost.exe)
2014/02/01 11:25:01 -0500       PAUL    susan   IP-BLOCK (Type: outgoing, Port: 49467, Process: svchost.exe)
2014/02/01 11:25:17 -0500       PAUL    susan   IP-BLOCK (Type: outgoing, Port: 49470, Process: svchost.exe)
My System SpecsSystem Spec
01 Feb 2014   #13

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem

Fair enough, but oen step at a time.

Malware -> AdWcleaner
Browser -> Windows Updates

I'd start with cleaning Malware.

We can go round after round about why or how, once your system is cleaned up.

I'll stick around and help, but I'm not the kind of person who wants to know all the gritty details first. I do try to understand the issue before beginning, and the first thing I saw was what looked like malware.

This can be a long process or it can be short. There are lag times inheirent in trouble shooting on a forum. I try to be as thorough as possible when delaing with malware - that means using more than one utility.

I'll check back and see if there's AdwCleaner output posted or if you decided to run Windows Update (Vista is different - check control panel or IE options)

My System SpecsSystem Spec

01 Feb 2014   #14

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem

I type too slow :)

Ok, AdwCleaner found a browser bug - that's good.
The problem remains - that's bad. As with any malware one means more.

Let me take another look at the AdwCleaner log and I'll see what's next.
My System SpecsSystem Spec
01 Feb 2014   #15

Microsoft Community Contributor Award Recipient

Win 10 Pro x64

I posted this in your other thread,

Quote   Quote: Originally Posted by derekimo View Post
Quote   Quote: Originally Posted by dsperber
I upgraded the Vista machine from Service Pack 2 to Service Pack 3.
The latest service pack for Windows Vista is Service Pack 2 (SP2).
Service Pack and Update Center - Microsoft Windows

Where did you get service pack 3?
Carry on with what you are doing here.
My System SpecsSystem Spec
01 Feb 2014   #16

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem

I have to be honest, I use all of these utilties on Win7, I'm not sure how they will behave on Vista. My expectation is that there will not be any issues, but you're my eyes. Please read any Vista notes on the utility page (most of these utils have little documenation - so your might only find that Vista is listed or Vista isn't listed.

You might also find that I posted a download link and there's nothing to read. - In that cae, download it and try it.

Ok, let's see what Farbar tells us. This is a bit more involved, you run it and post the log, I'll look at teh log and create a script, then you run farbar with the script again.

That's if farbar finds something, if not I'll suggest teh next tool in my toolbox.

Please download the Farbar Recovery Scan Tool
Select the 64-bit version.
edit: select the bitdepth for your machine 32 or 64

Save it to your Desktop.
  • Double-click the downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • FRST makes a log (FRST.txt) in the same directory (Desktop) from which the tool is run.
Please provide the FRST.txt in your reply. <<---

I'll check back for the attached text
My System SpecsSystem Spec
01 Feb 2014   #17

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem

Guess this is going to be the long process version. I'll check back.
My System SpecsSystem Spec
01 Feb 2014   #18

Windows 7 Pro x64 (1), Win7 Pro X64 (2)

Quote   Quote: Originally Posted by derekimo View Post
I posted this in your other thread,

Quote   Quote: Originally Posted by derekimo View Post
Quote   Quote: Originally Posted by dsperber
I upgraded the Vista machine from Service Pack 2 to Service Pack 3.
The latest service pack for Windows Vista is Service Pack 2 (SP2).
Service Pack and Update Center - Microsoft Windows

Where did you get service pack 3?
Carry on with what you are doing here.
As I humbly apologized for in the other AOL-related thread, my brain screwed up. My eyes noticed "Service Pack 3" a few lines below (dealing with MS Office 7 Service Pack 3) and filed that phrase along with the Vista Service pack a few lines up (which as you've expressed doubt about should have been typed as Service Pack 2 and not Service Pack 3 as I mistakenly did).

So yes, the Vista machine was clearly updated from Service Pack 1 to Service Pack 2 yesterday, not Service Pack 2 to Service Pack 3.

My mistake. Typo. Sorry for the confusion on that fact.

Nevertheless, we persist in trying to root out the "blocked IP address" issue here.
My System SpecsSystem Spec
01 Feb 2014   #19

Microsoft Community Contributor Award Recipient

Win 10 Pro x64

No need to apologize, I was merely posting for clarity. Not trying to derail the ongoing efforts here.
My System SpecsSystem Spec
01 Feb 2014   #20

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM

I'm not a security expert, so take what I say with a BIG grain of salt!

If/when MBAM helps with fixing this, I suggest giving them the link to this SF thread so they know what you have done to try and fix it.
Having multiple people trying to help in different threads can cause confusion and more problems.

You can search for an IP address to try and find info that may help ...
Searching with Bing for it looks like it could be a TDL Variant (Backdoor.Pihar) malware issue.

MBAM cannot remove &quot;culprit&quot; access to

My System SpecsSystem Spec

 MBAM cannot remove "culprit" access to

Thread Tools

Similar help and support threads
Thread Forum
MBAM Team seeks "Bugfixes" and "Features" for new version
>>Disclaimer #1: I do not work for Malwarebytes, so please do not shoot the messenger.<< >>Disclaimer #2: Please submit your feedback directly to the Malwarebytes Team Members in the links provided below, rather than here in this thread (I cannot guarantee that they will see your comments and...
System Security
"access denied" when using "assoc" and "ftype" from cmdline?
I tried to associate the file extension .txt to a new editor program with the well known cmdline programs ASSOC and FTYPE. No, assigning them through WinExplorer menu does not work. But this is another problem which should not discussed here. When I type now one of the following...
General Discussion
Crippling "server is busy" errors on boot, can't find culprit process
Hello ! It's been a while now that my Windows 7 computer gets a crippling "server is busy" error. My problem, in a nutshell : I don't manage to identify WHICH process is responsible for this, I also don't know if recognizable patterns are logged as events, or not :( Description of the...
General Discussion
MBAM Pro settings - how to automatically get "missed updates"?
I've been struggling with this problem (clearly must be a settings issue), but cannot seem to figure out what to do in order to avoid the problem symptom. Either that, or it's a program bug (which I will report on the MBAM forum, but I hate to post there because of "attitude"). I would like...
System Security
Firefox culprit for "reduced leading" in PREFS.JS: FLASH PLUGIN!!!
As I continued to try and chase down my "reduced leading" problem whenever I visited certain forum web sites and then closed/re-opened Firefox, I carefully compared my PREFS.JS from a "perfect, working" copy vs. what PREFS.JS looked like right after closing the very first Firefox session after...
Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:09.
Twitter Facebook Google+