Jump to content

Recommended Posts

Hello, seems I have a icon on my desktop that I am not sure of . That is called desktop.ini . It just appeared about four days ago. Also when I type the cursor jumps back in to the middle of a sentence and messes up  what I want to say. It seems to go to the center of the line of type, very annoying . Thank you for all your help in the pastI have Malwarebyte's pro updated definintions

Share this post


Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download and save DDS to your Desktop from either of the following links:

 

http://download.bleepingcomputer.com/sUBs/dds.scr'>http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr'>http://compendiate.net/sUBs/dds/dds.scr

 

Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created on your Desktop"

The logs will be named dds.txt and attach.txt".

Wait until the logs appear and then copy and paste their contents in your post.

 

Thanks,

 

Kevin

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/8/2013 5:32:58 PM

System Uptime: 4/1/2014 7:23:40 PM (45 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD E-350 Processor | Socket FT1 | 800/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 285 GiB total, 244.939 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP132: 3/6/2014 12:42:25 PM - Scheduled Checkpoint

RP133: 3/11/2014 2:34:41 PM - Windows Update

RP134: 3/12/2014 4:15:38 PM - Windows Update

RP135: 3/18/2014 4:03:10 PM - Windows Update

RP136: 3/24/2014 1:02:14 PM - Windows Backup

RP137: 3/25/2014 10:29:42 AM - Windows Update

RP138: 3/28/2014 1:33:18 PM - Windows Update

RP139: 4/1/2014 11:36:37 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.06)

Amazon Cloud Player

Amazon Music Importer

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

ATI Catalyst Install Manager

Best Buy pc app

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Computer Security 12.83.104.0 (release)

Conexant HD Audio

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

ETDWare PS/2-X64 8.0.8.0_R01

F-Secure CCF Reputation

F-Secure CCF Scanning 1.23.124.8831 (release)

F-Secure Network CCF 1.02.128

Frontier Secure

Java 7 Update 51

Java Auto Updater

Junk Mail filter update

Label@Once 1.0

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Mouse and Keyboard Center

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Mozilla Firefox 27.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Online Safety 2.83.1329.952

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

SUPERAntiSpyware

swMSM

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

ToshibaRegistration

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition

Waterfox 27.0.2 (x64 en-US)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WMV9/VC-1 Video Playback

.

==== Event Viewer Messages From Past Week ========

.

4/1/2014 9:06:54 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/1/2014 9:06:54 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

4/1/2014 12:01:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/1/2014 12:00:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/1/2014 12:00:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/1/2014 12:00:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/1/2014 12:00:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/1/2014 12:00:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/1/2014 12:00:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/1/2014 12:00:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Thank you for responding so quick and what is a bit turrent?

Share this post


Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 10.51.2
Run by Judith at 16:32:31 on 2014-04-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1116 [GMT -7:00]
.
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Frontier\fshoster32.exe
C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files (x86)\Frontier\fshoster32.exe
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Waterfox\waterfox.exe
C:\Program Files\Waterfox\plugin-container.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [F-Secure Hoster (53784)] "C:\Program Files (x86)\Frontier\fshoster32.exe" -app -hosterid:1
mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE" /splash
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll


TCP: NameServer = 192.168.254.254
TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\6427F6E64796562733731353 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\6716E602E475 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\D61636B6D27457563747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\E43434 : DHCPNameServer = 68.87.69.146 68.87.85.98
TCP: Interfaces\{EE8955E8-D2B7-40F6-B417-F67FC1CC5384} : DHCPNameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\cqjugvhh.default-1395345917665\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\windows\System32\Macromed\Flash\NPSWF64_12_0_0_77.dll
FF - plugin: C:\windows\System32\npDeployJava1.dll
FF - plugin: C:\windows\System32\npmproxy.dll
FF - plugin: C:\windows\System32\Wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2013-2-8 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2013-2-8 38016]
R0 fsbts;fsbts;C:\windows\System32\drivers\fsbts.sys [2013-10-16 56016]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2014-4-3 69480]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2013-10-16 13248]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Frontier\fshoster32.exe [2013-5-15 191424]
R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [2012-8-6 60352]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-7 418376]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-10-16 203304]
R3 fsni;fsni;C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [2013-4-25 80832]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2013-2-8 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-7 25928]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-2-8 1109096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-7 701512]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-8 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-2-8 243712]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-8 30208]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-2-8 203776]
.
=============== Created Last 30 ================
.
2014-04-03 12:54:39 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{081747B5-9510-499F-8873-DFBC1CFB77CE}\offreg.dll
2014-04-01 18:37:14 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{081747B5-9510-499F-8873-DFBC1CFB77CE}\mpengine.dll
2014-03-25 21:34:36 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-25 21:34:36 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-19 05:24:26 -------- d-----w- C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com
2014-03-19 05:24:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-03-19 05:24:13 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-03-12 23:12:16 624128 ----a-w- C:\windows\System32\qedit.dll
2014-03-12 23:12:16 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-03-12 23:12:14 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-03-12 23:12:10 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-03-12 23:12:06 484864 ----a-w- C:\windows\System32\wer.dll
2014-03-12 23:12:06 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-03-12 23:11:10 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-03-12 23:11:09 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-03-07 23:48:03 -------- d-----w- C:\Program Files\Waterfox
.
==================== Find3M  ====================
.
2014-02-23 08:13:41 2241536 ----a-w- C:\windows\System32\wininet.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-23 06:31:25 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-23 05:39:39 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2014-02-23 05:35:24 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-20 06:09:34 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-16 00:42:40 608032 ----a-w- C:\SecurityScanner.dll
.
============= FINISH: 16:34:13.56 ===============
 

Share this post


Link to post
Share on other sites

Thanks for the logs, run the following please.........

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

 

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

 

 

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin..

Share this post


Link to post
Share on other sites

I hope I did this right

 

Share this post


Link to post
Share on other sites

Farbar is giving me several options to pick , Internet Services, Windows Firewall, System Restore , Security Center, /Action Center, Windows Update, Windows Defender, Other Services . Should I just leave them alone?

There is no addition.txt

Share this post


Link to post
Share on other sites

FRST does not give the options that you mention, that maybe is a another tool by Farbar called FSS. This link again..

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Also this log from TDSSKiller "TDSSKiller.3.0.0.28_04.04.2014_10.00.01_log.txt" is not complete

 

Kevin...

Share this post


Link to post
Share on other sites

ok , thank you,  my machine will not allow me to copy and paste, and I did run it and there was no additional txt file that is why I asked about the other options,

Share this post


Link to post
Share on other sites

mmmm, you have run Farbar Sevice Scanner, FSS for short, can you please go back to the last set of instructions and download and run Farbar Recovery Scan Tool, FRST for short,

Share this post


Link to post
Share on other sites

I down loaded Farbar Recovery Scan Tool and got File extractor ? Did I do right

Share this post


Link to post
Share on other sites

What do you mean, a file extractor? just follow the instructions I posted, they are really easy to follow...

Share this post


Link to post
Share on other sites

I did follow those and down loaded the one you said, sense I did the wrong one the first time , this one was correct but gave me file extractor not FRST  and malwarbyte says it a PUP

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Judith (administrator) on KIRK-PC on 04-04-2014 17:01:54
Running from C:\Users\Judith\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (53784)] - C:\Program Files (x86)\Frontier\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1596010243-3757955604-700281957-1000\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://frontier.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm011^YY^us&si=maps4pc&ptb=E6FAE485-FBCB-41CB-8BD8-F3F15DFE0857&ind=2013060819&n=77fcded3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm011^YY^us&si=maps4pc&ptb=E6FAE485-FBCB-41CB-8BD8-F3F15DFE0857&ind=2013060819&n=77fcded3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {3B2C9801-5FC7-4884-A127-E552570857AD} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm011^YY^us&si=maps4pc&ptb=E6FAE485-FBCB-41CB-8BD8-F3F15DFE0857&ind=2013060819&n=77fcded3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\cqjugvhh.default-1395345917665
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 fshoster; C:\Program Files (x86)\Frontier\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [60352 2013-10-16] (F-Secure Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R3 F-Secure Gatekeeper; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-03-03] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69480 2014-03-03] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-16] ()
R3 fsni; C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-04 17:01 - 2014-04-04 17:02 - 00012902 _____ () C:\Users\Judith\Desktop\FRST.txt
2014-04-04 17:01 - 2014-04-04 17:01 - 02157056 _____ (Farbar) C:\Users\Judith\Desktop\FRST64.exe
2014-04-04 17:01 - 2014-04-04 17:01 - 00000000 ____D () C:\FRST
2014-04-04 10:36 - 2014-04-04 10:36 - 00409600 _____ (Farbar) C:\Users\Judith\Desktop\FSS.exe
2014-04-04 09:27 - 2014-04-04 09:28 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Judith\Desktop\tdsskiller.exe
2014-04-03 16:34 - 2014-04-03 16:34 - 00013983 _____ () C:\Users\Judith\Desktop\dds.txt
2014-04-03 16:34 - 2014-04-03 16:34 - 00012276 _____ () C:\Users\Judith\Desktop\attach.txt
2014-04-03 16:28 - 2014-04-03 16:28 - 00688992 ____R (Swearware) C:\Users\Judith\Desktop\dds.scr
2014-03-25 14:34 - 2014-04-04 16:24 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 14:34 - 2014-03-25 14:54 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-25 14:34 - 2014-03-25 14:54 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-25 14:34 - 2014-03-25 14:54 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-20 13:05 - 2014-03-20 13:05 - 00000000 ____D () C:\Users\Judith\Desktop\Old Firefox Data
2014-03-19 12:58 - 2014-03-19 12:58 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Oracle
2014-03-18 22:24 - 2014-03-18 22:24 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com
2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-18 22:07 - 2014-03-18 22:23 - 29393568 _____ (SUPERAntiSpyware) C:\Users\Judith\Desktop\SUPERAntiSpyware.exe
2014-03-12 16:24 - 2014-02-23 01:13 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 16:24 - 2014-02-23 01:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 16:24 - 2014-02-23 01:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 16:24 - 2014-02-23 01:12 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 16:24 - 2014-02-23 01:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 16:24 - 2014-02-23 01:12 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 16:24 - 2014-02-23 01:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 16:24 - 2014-02-22 23:54 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 16:24 - 2014-02-22 23:54 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-12 16:24 - 2014-02-22 23:53 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-12 16:24 - 2014-02-22 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 16:24 - 2014-02-22 23:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-12 16:24 - 2014-02-22 22:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-03-12 16:24 - 2014-02-22 22:35 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-12 16:12 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 16:12 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 16:12 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 16:12 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 16:12 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-12 16:12 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-12 16:11 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 16:11 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-07 16:48 - 2014-03-07 16:48 - 00000893 _____ () C:\Users\Public\Desktop\Waterfox.lnk
2014-03-07 16:48 - 2014-03-07 16:48 - 00000000 ____D () C:\Program Files\Waterfox
2014-03-07 16:06 - 2014-03-07 16:08 - 29496405 _____ (Mozilla) C:\Users\Judith\Downloads\Waterfox 27.0.2 Setup.exe
2014-03-07 16:00 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Mozilla
2014-03-05 18:14 - 2014-03-05 18:15 - 01070496 _____ (Unity Technologies ApS) C:\Users\Judith\Downloads\UnityWebPlayer.exe

==================== One Month Modified Files and Folders =======

2014-04-04 17:02 - 2014-04-04 17:01 - 00012902 _____ () C:\Users\Judith\Desktop\FRST.txt
2014-04-04 17:01 - 2014-04-04 17:01 - 02157056 _____ (Farbar) C:\Users\Judith\Desktop\FRST64.exe
2014-04-04 17:01 - 2014-04-04 17:01 - 00000000 ____D () C:\FRST
2014-04-04 16:24 - 2014-03-25 14:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 15:34 - 2013-03-31 23:57 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D4940CF2-687B-4072-9529-E1ACB9C40F93}
2014-04-04 10:36 - 2014-04-04 10:36 - 00409600 _____ (Farbar) C:\Users\Judith\Desktop\FSS.exe
2014-04-04 10:06 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 10:06 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 10:04 - 2009-07-13 22:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-04 10:02 - 2014-01-25 10:24 - 01722364 _____ () C:\windows\WindowsUpdate.log
2014-04-04 09:59 - 2014-02-20 04:11 - 00002106 _____ () C:\windows\setupact.log
2014-04-04 09:59 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-04 09:28 - 2014-04-04 09:27 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Judith\Desktop\tdsskiller.exe
2014-04-03 16:34 - 2014-04-03 16:34 - 00013983 _____ () C:\Users\Judith\Desktop\dds.txt
2014-04-03 16:34 - 2014-04-03 16:34 - 00012276 _____ () C:\Users\Judith\Desktop\attach.txt
2014-04-03 16:28 - 2014-04-03 16:28 - 00688992 ____R (Swearware) C:\Users\Judith\Desktop\dds.scr
2014-03-25 14:54 - 2014-03-25 14:34 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-25 14:54 - 2014-03-25 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-25 14:54 - 2014-03-25 14:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-25 14:54 - 2013-04-12 19:50 - 00000000 ____D () C:\Users\Judith\AppData\Local\Adobe
2014-03-25 14:35 - 2013-02-08 18:39 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Adobe
2014-03-25 14:35 - 2013-02-08 18:33 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Macromedia
2014-03-25 14:34 - 2013-07-09 16:05 - 00000000 ____D () C:\windows\system32\Macromed
2014-03-25 14:22 - 2014-02-20 04:11 - 00120954 _____ () C:\windows\PFRO.log
2014-03-25 14:21 - 2013-09-07 22:54 - 00000000 ____D () C:\Users\Judith\AppData\Local\Macromedia
2014-03-21 02:49 - 2013-02-27 10:41 - 00000000 ____D () C:\Users\Judith\AppData\Local\CrashDumps
2014-03-20 13:05 - 2014-03-20 13:05 - 00000000 ____D () C:\Users\Judith\Desktop\Old Firefox Data
2014-03-19 12:58 - 2014-03-19 12:58 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Oracle
2014-03-18 22:24 - 2014-03-18 22:24 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com
2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-18 22:23 - 2014-03-18 22:07 - 29393568 _____ (SUPERAntiSpyware) C:\Users\Judith\Desktop\SUPERAntiSpyware.exe
2014-03-13 16:17 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-12 16:37 - 2011-03-29 20:11 - 00000000 ____D () C:\windows\Panther
2014-03-12 16:37 - 2009-07-13 21:45 - 00417416 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-12 16:36 - 2013-10-15 19:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 16:36 - 2013-10-15 19:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 16:32 - 2013-02-23 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 16:29 - 2013-07-12 21:30 - 00000000 ____D () C:\windows\system32\MRT
2014-03-12 16:26 - 2013-02-08 19:40 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-07 16:48 - 2014-03-07 16:48 - 00000893 _____ () C:\Users\Public\Desktop\Waterfox.lnk
2014-03-07 16:48 - 2014-03-07 16:48 - 00000000 ____D () C:\Program Files\Waterfox
2014-03-07 16:46 - 2014-03-03 13:45 - 00000000 ____D () C:\Users\Judith\AppData\Local\Unity
2014-03-07 16:08 - 2014-03-07 16:06 - 29496405 _____ (Mozilla) C:\Users\Judith\Downloads\Waterfox 27.0.2 Setup.exe
2014-03-07 16:00 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Mozilla
2014-03-05 18:15 - 2014-03-05 18:14 - 01070496 _____ (Unity Technologies ApS) C:\Users\Judith\Downloads\UnityWebPlayer.exe

Some content of TEMP:
====================
C:\Users\Judith\AppData\Local\Temp\{5B415D9C-AA9F-4970-98DF-F4634C7CE71D}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 01:07

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Thank you

Share this post


Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Post those logs, let me know if any remaining issues or concerns..

 

Kevin

 

 

 

fixlist.txt

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Judith at 2014-04-05 08:38:40 Run:1
Running from C:\Users\Judith\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
C:\Users\Judith\AppData\Local\Temp\{5B415D9C-AA9F-4970-98DF-F4634C7CE71D}.exe
End
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.
HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.
HKCR\PROTOCOLS\Handler\tmbp => Key deleted successfully.
HKCR\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => Key not found.
HKCR\PROTOCOLS\Handler\tmpx => Key deleted successfully.
HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.
HKCR\PROTOCOLS\Handler\tmtbim => Key deleted successfully.
HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\tmbp => Key not found.
HKCR\Wow6432Node\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\tmpx => Key not found.
HKCR\Wow6432Node\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\tmtbim => Key not found.
HKCR\Wow6432Node\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => Key not found.
"C:\Users\Judith\AppData\Local\Temp\{5B415D9C-AA9F-4970-98DF-F4634C7CE71D}.exe" => File/Directory not found.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16844
Judith :: KIRK-PC [administrator]

Protection: Disabled

4/4/2014 5:37:04 PM
mbam-log-2014-04-04 (17-37-04).txt

Scan type: Custom scan (C:\Users\Judith\Desktop\Continue File Extractor Installation.lnk|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra
Objects scanned: 0
Time elapsed: 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16844
Judith :: KIRK-PC [administrator]

Protection: Enabled

4/5/2014 10:18:44 AM
mbam-log-2014-04-05 (10-18-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 348774
Time elapsed: 1 hour(s), 9 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Just need AdwCleaner and JRT logs, also let me know if any remaining issues or cocncerns

Share this post


Link to post
Share on other sites

Thank you, please give me instructions on how to remove the downloads we just did and my type is still moving to the center of the line of type. I will continue by typing that again so you can see what I am talking about.

Example:

o youom the downloads  , please give me instruction's on how to remove the downloads we just did and type is still jumping to the center of the line of type .

Share this post


Link to post
Share on other sites

At times when I try to leave a message here I get a pop up BBC offering twitter and I cancel that

# AdwCleaner v3.023 - Report created 05/04/2014 at 11:36:27
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Judith - KIRK-PC
# Running from : C:\Users\Judith\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\cqjugvhh.default-1395345917665\prefs.js ]

*************************

AdwCleaner[R0].txt - [789 octets] - [05/04/2014 11:30:16]
AdwCleaner[s0].txt - [711 octets] - [05/04/2014 11:36:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [770 octets] ##########

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.