11 posts in this topic

This keeps showing up on my mom's computer when I run a scan, and Malwarebytes says that it's been removed, but it never wants to restart the computer and the same files show up when I run a scan again. What can I do?

Malwarebytes Anti-Malware

Database version: v2013.05.14.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mary Ann :: MARYANN-PC [administrator]

5/14/2013 10:34:24 AM

mbam-log-2013-05-14 (10-34-24).txt

Scan type: Full scan (C:\|D:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 313195

Time elapsed: 36 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 7

HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.

HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken.

HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken.

HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken.

HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Mary Ann\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken.

C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.


Share this post

Link to post
Share on other sites

Welcome to the forum, please start at the link below:


Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.



Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)



Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to

Removing malware can be unpredictable
...things can go very wrong!
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post

Link to post
Share on other sites

Thank you so much for replying back to me! Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476

Run by Mary Ann at 12:03:26 on 2013-05-15


============== Running Processes ================


C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\24x7Help\App24x7Svc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Users\Mary Ann\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Sendori\SendoriTray.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Sendori\sndappv2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\24x7Help\App24x7Help.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\24x7Help\App24x7Hook.exe

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Program Files (x86)\Sendori\Sendori.Service.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE


C:\Program Files (x86)\Sendori\SendoriUp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe


============== Pseudo HJT Report ===============


uStart Page = hxxp://

uDefault_Page_URL = hxxp://

mStart Page = hxxp://

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe,

BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Mary Ann\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [AVUS] C:\Program Files (x86)\AVUS\AVUS.exe

uRun: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\windows\System32\Sendori.dll

TCP: NameServer =

TCP: Interfaces\{3FC41A5A-7FD9-4FE9-BA65-126A6F9EA4C5} : NameServer =,

TCP: Interfaces\{3FC41A5A-7FD9-4FE9-BA65-126A6F9EA4C5} : DHCPNameServer =

TCP: Interfaces\{EBA16D88-71BF-4BD7-9296-537E40FA6BD7} : NameServer =,,

TCP: Interfaces\{EBA16D88-71BF-4BD7-9296-537E40FA6BD7} : DHCPNameServer =

TCP: Interfaces\{EBA16D88-71BF-4BD7-9296-537E40FA6BD7}\14363656E647 : DHCPNameServer =

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>


============= SERVICES / DRIVERS ===============


R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader

R? RTL8167;Realtek 8167 NT Driver

R? TsUsbFlt;TsUsbFlt

R? TsUsbGD;Remote Desktop Generic USB Device

R? USBAAPL64;Apple Mobile USB Driver

R? WajamUpdater;WajamUpdater

R? WatAdminSvc;Windows Activation Technologies Service

R? wlcrasvc;Windows Live Mesh remote connections service

R? wsvd;wsvd

S? 24x7HelpSvc;24x7HelpService

S? ACPIVPC;Lenovo Virtual Power Controller Driver

S? Application Sendori;Application Sendori

S? aswFsBlk;aswFsBlk

S? aswMonFlt;aswMonFlt

S? aswRvrt;aswRvrt

S? aswSnx;aswSnx

S? aswSP;aswSP

S? aswVmm;aswVmm

S? avast! Antivirus;avast! Antivirus

S? BPntDrv;BPntDrv

S? clwvd;CyberLink WebCam Virtual Driver

S? cvhsvc;Client Virtualization Handler

S? DefaultTabUpdate;DefaultTabUpdate

S? fbfmon;fbfmon

S? IAStorDataMgrSvc;Intel® Rapid Storage Technology

S? IBUpdaterService;IBUpdaterService

S? IntcDAud;Intel® Display Audio

S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller

S? LHDmgr;LHDmgr

S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service

S? MpFilter;Microsoft Malware Protection Driver

S? NisDrv;Microsoft Network Inspection System

S? NisSrv;Microsoft Network Inspection

S? Service Sendori;Service Sendori

S? Sftfs;Sftfs

S? sftlist;Application Virtualization Client

S? Sftplay;Sftplay

S? Sftredir;Sftredir

S? Sftvol;Sftvol

S? sftvsa;Application Virtualization Service Agent

S? sndappv2;sndappv2

S? UNS;Intel® Management and Security Application User Notification Service

S? vm2uvcflt;Vimicro USB Camera Filter 2

S? vm332avs;Lenovo Camera2


=============== Created Last 30 ================


2013-05-15 18:54:58 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97969047-7990-477E-992B-19A51B8F7DE1}\mpengine.dll

2013-05-15 18:54:37 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-05-15 18:54:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-14 18:24:21 -------- d-----w- C:\Users\Mary Ann\AppData\Local\Adobe

2013-05-14 17:34:36 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-14 01:58:53 -------- d-----w- C:\Program Files\iPod

2013-05-14 01:58:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-14 01:58:51 -------- d-----w- C:\Program Files\iTunes

2013-05-14 01:58:51 -------- d-----w- C:\Program Files (x86)\iTunes

2013-05-14 01:48:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2013-05-14 01:48:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2013-05-14 01:48:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-05-14 01:48:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-05-14 01:48:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-05-14 01:48:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-05-14 01:48:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2013-05-14 01:38:26 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-05-14 01:38:26 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-05-14 01:38:25 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2013-05-14 01:38:25 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2013-05-14 01:38:23 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-05-14 01:37:33 41664 ----a-w- C:\windows\avastSS.scr

2013-05-14 01:36:59 -------- d-----w- C:\Program Files\AVAST Software

2013-05-14 01:36:04 -------- d-----w- C:\ProgramData\AVAST Software

2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-04-25 17:10:40 -------- d-----w- C:\Program Files\CCleaner

2013-04-25 17:02:31 -------- d-----w- C:\Users\Mary Ann\AppData\Roaming\AVSoftware

2013-04-25 03:28:13 -------- d-----w- C:\Users\Mary Ann\AppData\Roaming\Malwarebytes

2013-04-25 03:27:22 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-25 03:26:57 -------- d-----w- C:\Users\Mary Ann\AppData\Local\Programs

2013-04-25 02:49:09 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EAC5DB5-937D-48E6-9A05-F414E2710D84}\gapaengine.dll

2013-04-25 02:48:41 -------- d-----w- C:\Users\Mary Ann\AppData\Roaming\AVG2013

2013-04-25 02:47:57 -------- d--h--w- C:\$AVG

2013-04-25 02:47:57 -------- d-----w- C:\ProgramData\AVG2013

2013-04-25 02:43:57 -------- d-----w- C:\Users\Mary Ann\AppData\Local\Avg2013


==================== Find3M ====================


2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe

2013-04-23 22:13:32 325920 ----a-w- C:\windows\SysWow64\Sendori.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-04-07 08:54:58 1455408 ----a-w- C:\windows\System32\dmwu.exe

2013-04-07 08:53:48 33792 ----a-w- C:\windows\System32\ImHttpComm.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe

2013-03-01 03:36:04 3153408 ----a-w- C:\windows\System32\win32k.sys

2013-02-22 06:27:49 2312704 ----a-w- C:\windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-02-15 06:08:40 44032 ----a-w- C:\windows\System32\tsgqec.dll

2013-02-15 06:06:11 3717632 ----a-w- C:\windows\System32\mstscax.dll

2013-02-15 06:02:26 158720 ----a-w- C:\windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll


============= FINISH: 12:04:02.11 ===============

Here is the Attach log:


==== Installed Programs ======================


24x7 Help

Adobe Reader XI (11.0.03)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Client Installation Program

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

avast! Free Antivirus



Conexant HD Audio



Energy Management

FamilySearch Indexing 3.14.0

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper


IB Updater

IB Updater Service


Incredibar Toolbar on IE

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology


Junk Mail filter update

Lenovo EasyCamera

Lenovo EE Boot Optimizer

Lenovo Games Console

Lenovo OneKey Recovery

Lenovo YouCam

Malwarebytes Anti-Malware version

McAfee SiteAdvisor

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219





Realtek USB 2.0 Reader Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)


Shared C Run-time for x64

Software Version Updater

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)



Visual Studio 2010 x64 Redistributables

Vittalia Installer


Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources


==== End Of File ===========================

And here is the Rogue Killer log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback :

Website :

Blog :

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Mary Ann [Admin rights]

Mode : Scan -- Date : 05/15/2013 12:10:09

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sERVICE] IBUpdaterService -- C:\windows\system32\dmwu.exe [x] -> ERROR [0x41c]

[RESIDUE] dmwu.exe -- C:\Windows\System32\dmwu.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤

[services][bLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\windows\system32\dmwu.exe) -> FOUND

[services][bLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\windows\system32\dmwu.exe) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{3FC41A5A-7FD9-4FE9-BA65-126A6F9EA4C5} : NameServer (, -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{EBA16D88-71BF-4BD7-9296-537E40FA6BD7} : NameServer (,, -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{3FC41A5A-7FD9-4FE9-BA65-126A6F9EA4C5} : NameServer (, -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{EBA16D88-71BF-4BD7-9296-537E40FA6BD7} : NameServer (,, -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++

--- User ---

[MBR] a94dbbde8403d88c42dc450c48df9cdc

[bSP] b1e4235348017c48cce11b8d9fa78d52 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05152013_02d1210.txt >>


Share this post

Link to post
Share on other sites

Please uninstall all of these from your add/remove programs:

IB Updater

IB Updater Service




Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.


Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


Share this post

Link to post
Share on other sites

Ok here is the ADWCleaner log:

# AdwCleaner v2.300 - Logfile created 05/15/2013 at 13:41:22

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Mary Ann - MARYANN-PC

# Boot Mode : Normal

# Running from : C:\Users\Mary Ann\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : 24x7HelpSvc

***** [Files / Folders] *****

File Found : C:\user.js

File Found : C:\Users\Public\Desktop\24x7 Help.lnk

File Found : C:\windows\Tasks\AmiUpdXp.job

Folder Found : C:\Program Files (x86)\

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Mary Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Folder Found : C:\Users\Mary Ann\AppData\Local\SwvUpdater

Folder Found : C:\Users\Mary Ann\AppData\LocalLow\

Folder Found : C:\Users\Mary Ann\AppData\Roaming\24x7 Help

***** [Registry] *****

Key Found : HKCU\Software\24x7HELP

Key Found : HKCU\Software\Default Tab

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Found : HKLM\Software\24x7HELP

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1

Key Found : HKLM\SOFTWARE\Classes\I

Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr

Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1

Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore

Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\Software\IB Updater

Key Found : HKLM\Software\

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKU\S-1-5-21-2132489693-1957322684-3891374040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Mary Ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[R1].txt - [8987 octets] - [15/05/2013 13:41:22]

########## EOF - C:\AdwCleaner[R1].txt - [9047 octets] ##########

Share this post

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.


Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


Share this post

Link to post
Share on other sites

Ok here is the log:

# AdwCleaner v2.300 - Logfile created 05/16/2013 at 09:37:26

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Mary Ann - MARYANN-PC

# Boot Mode : Normal

# Running from : C:\Users\Mary Ann\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : 24x7HelpSvc

***** [Files / Folders] *****

File Deleted : C:\user.js

File Deleted : C:\Users\Public\Desktop\24x7 Help.lnk

File Deleted : C:\windows\Tasks\AmiUpdXp.job

Folder Deleted : C:\Program Files (x86)\

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\Mary Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Folder Deleted : C:\Users\Mary Ann\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\Mary Ann\AppData\LocalLow\

Folder Deleted : C:\Users\Mary Ann\AppData\Roaming\24x7 Help

***** [Registry] *****

Key Deleted : HKCU\Software\24x7HELP

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\Software\24x7HELP

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\I

Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr

Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\IB Updater

Key Deleted : HKLM\Software\

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Mary Ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[R1].txt - [9082 octets] - [15/05/2013 13:41:22]

AdwCleaner[R2].txt - [9142 octets] - [16/05/2013 09:37:03]

AdwCleaner[s1].txt - [8988 octets] - [16/05/2013 09:37:26]

########## EOF - C:\AdwCleaner[s1].txt - [9048 octets] ##########

And here is the Security Check log:

Results of screen317's Security Check version 0.99.63

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

McAfee SiteAdvisor

Malwarebytes Anti-Malware version

Adobe Reader XI

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 4%

````````````````````End of Log``````````````````````

Share this post

Link to post
Share on other sites

Looks Good....How is it???? MrC

Share this post

Link to post
Share on other sites


A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /


Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)


If you used DeFogger to disable your CD Emulation drivers, please re-enable them.


Please download OTC to your desktop.

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.


Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.