Skip to main content

Software says infection is successfully deleted still there on scan

Comments

11 comments

  • Support

    Hi rxwatson,

     

    Sorry, I have a problem with opening the attachment and I have no access to any emails you have sent to Lavasoft support team. Please follow the instructions in the topic Read This Before You Post! and upload the log files one by one.

    0
  • Support

    Thank you for the logs!
    Since at least the email attachment contains private information (your email address can be picked up by spammers), I have hidden the last two posts and deleted most of the logs from the one before those.

    1. Having two antivirus programs with real-time protection can cause conflicts and strange problems, including difficulties removing malware. I recommend that you either uninstall McAfee or uninstall Ad-Aware and, after a restart of the computer, install it again in compatible mode and do not activate its real-time protection. If you already have uninstalled McAfee, its uninstallation failed and you need to use MCPR: https://service.mcafee.com/FAQDocument.aspx?id=TS101331

    2. Please, start Notepad.
    Copy all text that is in the box:


    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [**yycq<*>] => "C:\Windows\system32\mshta.exe" javascript:xa3uPRY3w="LRUvoG";Sb23=new%20ActiveXObject("WScript.Shell");P4VYE="3kcO4dX";IIdd67=Sb23.RegRead("HKLM\\software\\tusf\\qqjz");U8cwmKBJ="1A";eval(IIdd67);xUT (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters)
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**yycq<*>] => "C:\Windows\system32\mshta.exe" javascript:iodk7Zd="pH";N0G=new%20ActiveXObject("WScript.Shell");sll0jk6V="v1pUr8";n92YYW=N0G.RegRead("HKCU\\software\\tusf\\qqjz");RVRiGBL9="cJwOgj4";eval(n92YYW);z2y7 (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**xaovjuup<*>] => "C:\Users\Roxanne\AppData\Local\aca060\9dbc1b.lnk" <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**fatcxwjhf<*>] => "C:\Users\Roxanne\AppData\Local\e352a3\4669a2.lnk" <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\MountPoints2: {90359ed1-09a0-11de-88a1-806e6f6e6963} - E:\setup.exe
    BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
    Toolbar: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> No Name - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
    Toolbar: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=531140&p=
    FF user.js: detected! => C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\user.js [2016-08-06]
    SearchScopes: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> {BAEB43E1-D0AA-40E5-9988-6620B0D1E678} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=531140&p={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll => No File
    CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => No File
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
    CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
    CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => No File
    CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll => No File
    S2 SessionLauncher; no ImagePath
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S2 MCSTRM; no ImagePath
    U3 mfeavfk01; no ImagePath
    Task: {0DEC8C76-95E6-429A-860F-39945A40E236} - \{697033CB-D98F-4F82-BECD-40D174712EEB} -> No File <==== ATTENTION
    Task: {1C32D842-1FEC-4AF2-B53E-93C7BF2C2C36} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files\Amazon Browser Settings\updater.exe [2016-08-06] (Distromatic) <==== ATTENTION
    Task: {21F17504-CD85-4DDC-B682-1E62E98E3EF6} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files\Amazon Browser Settings\updater.exe [2016-08-06] (Distromatic) <==== ATTENTION
    Task: {74C453CB-BDFD-4B36-B567-9BA476DF9245} - \{8324A8E3-A69F-48EE-8F04-27DED3B692F2} -> No File <==== ATTENTION
    Task: {9B8355B4-3096-4276-B998-80FD8D5F5511} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files\Amazon Browser Settings\AmznSearchProtect.exe [2016-08-06] (Distromatic) <==== ATTENTION
    Task: {C884FB2F-7787-4F29-BB71-B265BECC22FD} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files\Amazon Browser Settings\AmznSearchProtect.exe [2016-08-06] (Distromatic) <==== ATTENTION
    Task: {C92983BD-BACC-4AAC-B0D6-6B41657D33B7} - \{6B526980-99E2-4EAC-8EC9-6D7E937B3A59} -> No File <==== ATTENTION
    Task: {F97C2168-DAD0-4E72-BE8E-A993CF54DE2C} - \{B3EAF79A-90C9-4E46-8530-7F1D36C56A95} -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
    AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [109]
    AlternateDataStreams: C:\ProgramData\TEMP:A9662AE0 [528]
    AlternateDataStreams: C:\ProgramData\TEMP:CD060F93 [212]
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [109]
    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\internet -> internet
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\mcafee.com -> hxxp://mcafee.com
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\mcafee.com -> hxxps://mcafee.com
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\secunia.com -> hxxps://secunia.com
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\webcompanion.com -> hxxp://webcompanion.com
    Folder: C:\Users\Roxanne\AppData\Roaming\aignes
    Folder: C:\Users\Roxanne\AppData\Roaming\a49916
    Folder: C:\Users\Roxanne\AppData\Local\aca060
    Reboot:

    and paste in Notepad. Check that no files have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Exit all programs.
    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your reply.

     

     

    3. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Log file button.
    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[s1].txt.

     

    4. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
    To shorten the scanning time disable your antivirus program while scanning.

    Select Enable detection of potentially unwanted applications.
    Click Advanced Settings.

    Deselect Remove found threats (important since false positives occur).

    Select:
    Scan Archives
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    Click Start.

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

    0
  • Customer

    I have too many logs to send in one reply. Here are the initial attachments, a copy of the emails and what logs I could fit in. Ill have to send additional logs in another reply

    Addition.txt

    FRST.txt

    0
  • Customer

    I removed McAfee Security Center as it never found anything on any of its scans. Now I only have Ad-Aware installed. I did another full scan to see if the viruses would delete. I still have two Trojan.Poweliks.Gen.1 that will not delete on reboot and now have C\windows\system32\regsvr32.exe infected with Trojan.Poweliks.Gen.2 which would not disinfect. I can attach logs from that scan if you need them but the service log is again too big to upload.

     

    Below is the contents of fixlog.txt and I have attached a copy of the file

     

     

    Fix result of Farbar Recovery Scan Tool (x86) Version: 27-08-2016
    Ran by Roxanne (27-08-2016 20:03:34) Run:2
    Running from C:\Users\Roxanne\Desktop
    Loaded Profiles: IUSR_NMPR & Roxanne (Available Profiles: IUSR_NMPR & Roxanne)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [**yycq<*>] => "C:\Windows\system32\mshta.exe" javascript:xa3uPRY3w="LRUvoG";Sb23=new%20ActiveXObject("WScript.Shell");P4VYE="3kcO4dX";IIdd67=Sb23.RegRead("HKLM\\software\\tusf\\qqjz");U8cwmKBJ="1A";eval(IIdd67);xUT (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters)
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**yycq<*>] => "C:\Windows\system32\mshta.exe" javascript:iodk7Zd="pH";N0G=new%20ActiveXObject("WScript.Shell");sll0jk6V="v1pUr8";n92YYW=N0G.RegRead("HKCU\\software\\tusf\\qqjz");RVRiGBL9="cJwOgj4";eval(n92YYW);z2y7 (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**xaovjuup<*>] => "C:\Users\Roxanne\AppData\Local\aca060\9dbc1b.lnk" <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Run: [**fatcxwjhf<*>] => "C:\Users\Roxanne\AppData\Local\e352a3\4669a2.lnk" <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\MountPoints2: {90359ed1-09a0-11de-88a1-806e6f6e6963} - E:\setup.exe
    BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
    Toolbar: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> No Name - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
    Toolbar: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=531140&p=
    FF user.js: detected! => C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\user.js [2016-08-06]
    SearchScopes: HKU\S-1-5-21-1191959822-635995572-3245679226-1004 -> {BAEB43E1-D0AA-40E5-9988-6620B0D1E678} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=531140&p={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll => No File
    CHR Plugin: (RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => No File
    CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
    CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
    CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => No File
    CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll => No File
    S2 SessionLauncher; no ImagePath
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S2 MCSTRM; no ImagePath
    U3 mfeavfk01; no ImagePath
    Task: {0DEC8C76-95E6-429A-860F-39945A40E236} - \{697033CB-D98F-4F82-BECD-40D174712EEB} -> No File <==== ATTENTION
    Task: {1C32D842-1FEC-4AF2-B53E-93C7BF2C2C36} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files\Amazon Browser Settings\updater.exe [2016-08-06] (Distromatic) <==== ATTENTION
    Task: {21F17504-CD85-4DDC-B682-1E62E98E3EF6} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files\Amazon Browser Settings\updater.exe [2016-08-06] (Distromatic) <==== ATTENTION
    Task: {74C453CB-BDFD-4B36-B567-9BA476DF9245} - \{8324A8E3-A69F-48EE-8F04-27DED3B692F2} -> No File <==== ATTENTION
    Task: {9B8355B4-3096-4276-B998-80FD8D5F5511} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files\Amazon Browser Settings\AmznSearchProtect.exe [2016-08-06] (Distromatic) <==== ATTENTION
    Task: {C884FB2F-7787-4F29-BB71-B265BECC22FD} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files\Amazon Browser Settings\AmznSearchProtect.exe [2016-08-06] (Distromatic) <==== ATTENTION
    Task: {C92983BD-BACC-4AAC-B0D6-6B41657D33B7} - \{6B526980-99E2-4EAC-8EC9-6D7E937B3A59} -> No File <==== ATTENTION
    Task: {F97C2168-DAD0-4E72-BE8E-A993CF54DE2C} - \{B3EAF79A-90C9-4E46-8530-7F1D36C56A95} -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
    AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [109]
    AlternateDataStreams: C:\ProgramData\TEMP:A9662AE0 [528]
    AlternateDataStreams: C:\ProgramData\TEMP:CD060F93 [212]
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [109]
    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\internet -> internet
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\mcafee.com -> hxxp://mcafee.com
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\mcafee.com -> hxxps://mcafee.com
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\secunia.com -> hxxps://secunia.com
    IE trusted site: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\...\webcompanion.com -> hxxp://webcompanion.com
    Folder: C:\Users\Roxanne\AppData\Roaming\aignes
    Folder: C:\Users\Roxanne\AppData\Roaming\a49916
    Folder: C:\Users\Roxanne\AppData\Local\aca060
    Reboot:
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\**yycq<*> => value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Run\\**yycq<*> => value removed successfully.
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Run\\**xaovjuup<*> => value removed successfully.
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Run\\**fatcxwjhf<*> => value not found.
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully.
    "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90359ed1-09a0-11de-88a1-806e6f6e6963}" => key removed successfully.
    HKCR\CLSID\{90359ed1-09a0-11de-88a1-806e6f6e6963} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully.
    HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} => value removed successfully.
    HKCR\CLSID\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} => key not found.
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value removed successfully.
    HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found.
    Firefox "Keyword.URL" removed successfully.
    C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\user.js => moved successfully
    "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BAEB43E1-D0AA-40E5-9988-6620B0D1E678}" => key removed successfully.
    HKCR\CLSID\{BAEB43E1-D0AA-40E5-9988-6620B0D1E678} => key not found.
    C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found.
    C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll => not found.
    C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
    c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll => not found.
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => not found.
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => not found.
    C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => not found.
    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll => not found.
    SessionLauncher => service removed successfully.
    Lbd => service removed successfully.
    MCSTRM => service removed successfully.
    mfeavfk01 => service not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DEC8C76-95E6-429A-860F-39945A40E236}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DEC8C76-95E6-429A-860F-39945A40E236}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{697033CB-D98F-4F82-BECD-40D174712EEB}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C32D842-1FEC-4AF2-B53E-93C7BF2C2C36}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C32D842-1FEC-4AF2-B53E-93C7BF2C2C36}" => key removed successfully.
    C:\Windows\System32\Tasks\DistromaticUpdater-periodic => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21F17504-CD85-4DDC-B682-1E62E98E3EF6}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21F17504-CD85-4DDC-B682-1E62E98E3EF6}" => key removed successfully.
    C:\Windows\System32\Tasks\DistromaticUpdater-logon => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74C453CB-BDFD-4B36-B567-9BA476DF9245}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74C453CB-BDFD-4B36-B567-9BA476DF9245}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8324A8E3-A69F-48EE-8F04-27DED3B692F2}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B8355B4-3096-4276-B998-80FD8D5F5511}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B8355B4-3096-4276-B998-80FD8D5F5511}" => key removed successfully.
    C:\Windows\System32\Tasks\DistromaticSearchProtect-logon => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C884FB2F-7787-4F29-BB71-B265BECC22FD} => key not found.
    C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C92983BD-BACC-4AAC-B0D6-6B41657D33B7}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C92983BD-BACC-4AAC-B0D6-6B41657D33B7}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B526980-99E2-4EAC-8EC9-6D7E937B3A59}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F97C2168-DAD0-4E72-BE8E-A993CF54DE2C}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F97C2168-DAD0-4E72-BE8E-A993CF54DE2C}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3EAF79A-90C9-4E46-8530-7F1D36C56A95}" => key removed successfully.
    C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully..
    C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully..
    C:\ProgramData\TEMP => ":A9662AE0" ADS removed successfully..
    C:\ProgramData\TEMP => ":CD060F93" ADS removed successfully..
    C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully..
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully.
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully.
    "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet" => key removed successfully.
    "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully.
    "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com" => key removed successfully.
    HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com => key not found.
    "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\secunia.com" => key removed successfully.
    "HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully.

    ========================= Folder: C:\Users\Roxanne\AppData\Roaming\aignes ========================

    2016-08-06 20:18 - 2016-08-06 20:18 - 0000000 ____D () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink
    2016-08-06 20:18 - 2016-08-16 17:57 - 0000797 _____ () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink\deadlink.ini
    2016-08-06 20:18 - 2016-08-16 17:56 - 0000000 ____D () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink\data
    2016-08-06 20:18 - 2016-08-16 17:57 - 0064854 _____ () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink\data\Internet Explorer.dat
    2016-08-16 17:56 - 2016-08-16 17:56 - 0000000 _____ () C:\Users\Roxanne\AppData\Roaming\aignes\AM-DeadLink\data\Mozilla.dat

    ====== End of Folder: ======


    ========================= Folder: C:\Users\Roxanne\AppData\Roaming\a49916 ========================


    ====== End of Folder: ======


    ========================= Folder: C:\Users\Roxanne\AppData\Local\aca060 ========================


    ====== End of Folder: ======



    The system needed a reboot.

    ==== End of Fixlog 20:04:07 ====

     

     

    Below is a copy of the AdwCleaner Logfile and I have attached a copy of the file

     

     

     

    # AdwCleaner v6.010 - Logfile created 27/08/2016 at 20:22:16
    # Updated on 12/08/2016 by ToolsLib
    # Database : 2016-08-27.1 [server]
    # Operating System : Windows Vista Home Premium Service Pack 2 (X86)
    # Username : Roxanne - HOME-PC
    # Running from : C:\Users\Roxanne\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****

    Service Found: YahooAUService
    Service Found: swdumon


    ***** [ Folders ] *****

    Folder Found: C:\Users\Roxanne\AppData\Local\Amazon Browser Settings
    Folder Found: C:\Users\Roxanne\AppData\Local\slimware utilities inc
    Folder Found: C:\Users\Roxanne\AppData\Roaming\Speedbit
    Folder Found: C:\Users\Roxanne\Favorites\Coupons
    Folder Found: C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\StumbleUpon
    Folder Found: C:\ProgramData\Speedbit
    Folder Found: C:\ProgramData\tencent
    Folder Found: C:\ProgramData\Viewpoint
    Folder Found: C:\ProgramData\lavasoft\web companion
    Folder Found: C:\ProgramData\Tencent
    Folder Found: C:\ProgramData\Application Data\Speedbit
    Folder Found: C:\ProgramData\Application Data\tencent
    Folder Found: C:\ProgramData\Application Data\Viewpoint
    Folder Found: C:\ProgramData\Application Data\lavasoft\web companion
    Folder Found: C:\ProgramData\Application Data\Tencent
    Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
    Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedOptimizer
    Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
    Folder Found: C:\Users\Public\Documents\Downloaded Installers
    Folder Found: C:\Program Files\Amazon Browser Settings
    Folder Found: C:\Program Files\DAP
    Folder Found: C:\Program Files\FLV Player
    Folder Found: C:\Program Files\SpeedOptimizer
    Folder Found: C:\Program Files\tencent
    Folder Found: C:\Program Files\Viewpoint
    Folder Found: C:\Program Files\Tencent
    Folder Found: C:\Program Files\Common Files\Software Update Utility
    Folder Found: C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}


    ***** [ Files ] *****

    File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\JB0A0IX4\internetspeedtracker.dl.myway[1].xml
    File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\4UQ34PHN\allin1convert.dl.myway[1].xml
    File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\4UQ34PHN\fromdoctopdf.dl.myway[1].xml
    File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\4UQ34PHN\www.citysearch[1].xml
    File Found: C:\Users\Roxanne\AppData\Local\Microsoft\Internet Explorer\DOMStore\4UQ34PHN\www.zwinky[1].xml
    File Found: C:\Windows\system32\lavasofttcpservice.dll
    File Found: C:\Windows\system32\LavasoftTcpServiceOff.ini
    File Found: C:\Windows\system32\drivers\swdumon.sys
    File Found: C:\Windows\system32\drivers\SWDUMon.sys
    File Found: C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\extensions\abb@amazon.com.xpi
    File Found: C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\9u6nzhkj.default\searchplugins\bing-lavasoft.xml


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\citysearch.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
    Key Found: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Found: HKLM\SOFTWARE\Classes\dnUpdate
    Key Found: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Found: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Found: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Found: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Found: HKLM\SOFTWARE\Classes\IncrediSpooler.DeltaSync
    Key Found: HKLM\SOFTWARE\Classes\IncrediSpooler.DeltaSync.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    Key Found: HKLM\SOFTWARE\Classes\PPSShapeCollection.PS10ArrowTool
    Key Found: HKLM\SOFTWARE\Classes\PPSShapeCollection.PS10ArrowTool.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: HKLM\SOFTWARE\Classes\PSActivityPanes.PSTextPane
    Key Found: HKLM\SOFTWARE\Classes\PSActivityPanes.PSTextPane.1
    Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
    Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
    Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
    Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
    Key Found: HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Found: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1000\Software\SpeedBit
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\distromatic
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\IM
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\ImInstaller
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\SlimWare Utilities Inc
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\SpeedBit
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Yahoo\Companion
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Yahoo\YFriendsBar
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\YahooPartnerToolbar
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\AppDataLow\Software\adawarebp
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\AppDataLow\Software\Yahoo\Companion
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Assistant
    Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1191959822-635995572-3245679226-1004\Software\SpeedBit
    Key Found: HKCU\Software\distromatic
    Key Found: HKCU\Software\IM
    Key Found: HKCU\Software\ImInstaller
    Key Found: HKCU\Software\SlimWare Utilities Inc
    Key Found: HKCU\Software\SpeedBit
    Key Found: HKCU\Software\Yahoo\Companion
    Key Found: HKCU\Software\Yahoo\YFriendsBar
    Key Found: HKCU\Software\YahooPartnerToolbar
    Key Found: HKCU\Software\AppDataLow\Software\adawarebp
    Key Found: HKCU\Software\AppDataLow\Software\Yahoo\Companion
    Key Found: HKLM\SOFTWARE\ImInstaller
    Key Found: HKLM\SOFTWARE\MetaStream
    Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc
    Key Found: HKLM\SOFTWARE\SpeedBit
    Key Found: HKLM\SOFTWARE\Viewpoint
    Key Found: HKLM\SOFTWARE\Yahoo\Companion
    Key Found: HKLM\SOFTWARE\Lavasoft\Web Companion
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Assistant
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found: HKU\S-1-5-21-1191959822-635995572-3245679226-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
    Key Found: HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Found: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe
    Key Found: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[s0].txt - [14631 Bytes] - [27/08/2016 19:51:40]
    C:\AdwCleaner\AdwCleaner[s1].txt - [13756 Bytes] - [27/08/2016 20:22:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [13830 Bytes] ##########

     

     

    I have had alot of problems with the online ESET scan. I do not use internet explorer as Vista quit updating and my version is long out of date. I use Mozilla Firefox. I disabled Ad-Aware but it still seemed to recognize its presence on the computer. The first time I ran the scan it found 8 threats and hung up before the scan was complete so I could not retrieve a report. I had to end the scan through task manager. The second time I ran the scan it found 11 threats and hung up before the scan was completed so again no report but before I could end the process it started cleaning the threats even though I did not have that box checked. I have no idea what was deleted from my computer from this scan. I tried it a third time and it found one threat and again hung up before the scan was finished. After this I gave up as I don't want anymore files deleted from my computer without my knowledge. Therefore I do not have a txt file to include from the ESET online scan. I hope this will be enough to help without the last scan

     

    Fixlog.txt

    AdwCleaner.txt

    0
  • Support

    To see what Eset's scanner did, please go to the folder C:\users\Roxanne\appdata\local\temp\ and paste the content of the log file log.txt in your reply.

     

     

    Follow the instructions on the page http://www.bleepingcomputer.com/virus-removal/remove-poweliks-trojan but replace Step 11-16 with an Ad-Aware scan. Please, tell me the result of Ad-Aware's scan and if Eset's tool found something and, if yes, paste the content of ESETPoweliksCleaner.exe_<timestamp>.log in your reply.

     

     

    Please, scan the computer with FRST and attach the new log files.

    0
  • Customer

    I have had quite a time. First of all as none of the three scans done on eset online scanner completed the scan to the end there was no log file generated into the directory you indicated. I have no idea what was deleted

     

    I have followed the instructions at Bleeping Computer. The Rkill program stopped a Windows process and two Internet Explorer.exe processes to help in removing the virus. I then ran eset poweliks cleaner which returned with a report that no Trojan Poweliks virus was found. I have attached a copy. I rebooted and found that I no longer am able to run Internet Explorer. The application exe file is no longer in the Internet Explorer directory. While I don't use Internet Explorer for browsing. I have programs which need it to operate. I attempted to download it from Microsoft to reinstall it and it wont reinstall as the version on my computer is more current than the version 9 program from Microsoft. The registry root directory still thinks I have it but it is not listed in software. I can still access the internet options from the program through control panel but can't run the program. There is no way to uninstall internet explorer so I can reinstall thew earlier version. I am without ideas to fix my registry which is now corrupt.

     

    I also attempted to run a full scan through Ad-Aware and couldn't get the full scan to run longer than 15 minutes. I attempted to repair it. I uninstalled and reinstalled it without fixing the problem. I had to do a system restore and then run the repair tool to get it to run a longer full scan. The full scan report came back reflecting no Trojan Poweliks viruses the scan still didn't run as long as the full scan did before. I don't know if I can trust the results. Programs load a little faster and I am not seeing miscellaneous other phenomena but I don't know

     

    Before I started this process I did a full scan and in addition to the two Trojan.poweliks.gen.1 and the Trojan.poweliks.gen.2 at windows/system32/regsver32.exe there was also a Trojan.poweliks.gen.2 at internet explorer. I think that internet explorer is where the viruses were located. I used to get notification that internet explorer had been closed to protect my computer when I had not had the program open

     

    I am not impressed with the eset scanning programs. my computer is not the same. I don't know how to resolve. I have attached new copies of the FRST scan FRST and Addition txt files. I await your reply

    ESETPoweliksCleaner.exe_20160829.161119.8600.log

    FRST.txt

    Addition.txt

    0
  • Customer

    I just requested another full scan on Ad-Aware and it lasted 11 minutes my software isn't working and I've tried repair and reinstalling it. I have no working virus protection now.

    0
  • Support

    I'm sorry that you have such big problems.

     

    Ad-Aware remembers which files that have been scanned and if they haven't changed they will not be scanned again. That means that scans are pretty fast, except for the first scan.

     

    Do you have any files in the quarantine of Ad-Aware?

    If not, you might try to do a system restore to a date when Internet Explorer worked, e.g. before Ad-Aware found Poweliks or before you run Eset's online scanner.

    0
  • Customer

    I did a system restore to the restore point created by FRST.exe which was before the eset online scan. It was a successful restore so although I don't know what was deleted by eset online scan I must assume they have been restored. I can also access internet explorer which pleases me. I redid the fix on FRST with the original fixlist.txt without problem.

     

    Every full scan I've done on Ad-Aware has taken at least three hours and has come up with the viruses. I would assume that the viruses would also be restored but on a much shorter full scan I come up clean with no viruses. The software said I had not done a scan for a long time so I would think it would take the usual three hours. It took one hour and thirty nine minutes. There is one Quarantined item called Gen:Variant.Application at

    c:\users\roxanne\appdata\local\temp\tmp9334685\setup.exe which I have deleted. I have downloaded the Rkill, Iexplore and ESET Poweliks Cleaner programs again from Bleeping Computer and will keep them for a time till I know I am out of the woods.

     

    If you tell me my Ad-Aware program is okay doing much shorter full scans, I will take you at your word and assume I am protected.

     

    In one of the instruction sites you gave me, it recommended that after removal of the viruses I should do a scan with Secunia PSI to see what other programs might be vulnerable to viruses. I have this program. It is one of the programs that needs Internet Explorer. I have listed the https://*.secunia.com site as a trusted site to allow it to scan my software and download updated programs. It attempts to scan and download program vulnerabilities but it goes through the sequence fast and does nothing. It isn't working. I believe Ad-Aware firewall is not letting it work. Is there any way to list a trusted site in Ad-Aware

    0
  • Support

    Good that Internet Explorer is working again.

     

    You can allow the Secunia program in Application Rules: http://www.lavasoft.com/mylavasoft/support/supportcenter/technicalproblems/faqs/how-to-configure-application-rules

    But you can also set the Default action to Allow: http://www.lavasoft.com/mylavasoft/support/supportcenter/technicalproblems/faqs/how-to-configure-network-protection-advanced-settings

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.Everyone else please begin a New Topic.Thank you !

    0

Please sign in to leave a comment.