whonew Posted April 3, 2014 ID:812898 Share Posted April 3, 2014 Hello, seems I have a icon on my desktop that I am not sure of . That is called desktop.ini . It just appeared about four days ago. Also when I type the cursor jumps back in to the middle of a sentence and messes up what I want to say. It seems to go to the center of the line of type, very annoying . Thank you for all your help in the pastI have Malwarebyte's pro updated definintions Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2014 ID:812987 Share Posted April 3, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download and save DDS to your Desktop from either of the following links: http://download.bleepingcomputer.com/sUBs/dds.scr'>http://download.bleepingcomputer.com/sUBs/dds.scrhttp://compendiate.net/sUBs/dds/dds.scr'>http://compendiate.net/sUBs/dds/dds.scr Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.Double-click the dds.scr file to run the program.It will automatically run in silent mode and then you will see the following note:"Two logs shall be created on your Desktop"The logs will be named dds.txt and attach.txt".Wait until the logs appear and then copy and paste their contents in your post. Thanks, Kevin Link to post Share on other sites More sharing options...
whonew Posted April 3, 2014 Author ID:813097 Share Posted April 3, 2014 . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/8/2013 5:32:58 PM System Uptime: 4/1/2014 7:23:40 PM (45 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD E-350 Processor | Socket FT1 | 800/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 244.939 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP132: 3/6/2014 12:42:25 PM - Scheduled Checkpoint RP133: 3/11/2014 2:34:41 PM - Windows Update RP134: 3/12/2014 4:15:38 PM - Windows Update RP135: 3/18/2014 4:03:10 PM - Windows Update RP136: 3/24/2014 1:02:14 PM - Windows Backup RP137: 3/25/2014 10:29:42 AM - Windows Update RP138: 3/28/2014 1:33:18 PM - Windows Update RP139: 4/1/2014 11:36:37 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Amazon Cloud Player Amazon Music Importer Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver ATI Catalyst Install Manager Best Buy pc app Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Computer Security 12.83.104.0 (release) Conexant HD Audio D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition ETDWare PS/2-X64 8.0.8.0_R01 F-Secure CCF Reputation F-Secure CCF Scanning 1.23.124.8831 (release) F-Secure Network CCF 1.02.128 Frontier Secure Java 7 Update 51 Java Auto Updater Junk Mail filter update Label@Once 1.0 Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Online Safety 2.83.1329.952 PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Realtek USB 2.0 Card Reader Realtek WLAN Driver Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition SUPERAntiSpyware swMSM TOSHIBA Application Installer TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package ToshibaRegistration Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition Waterfox 27.0.2 (x64 en-US) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WMV9/VC-1 Video Playback . ==== Event Viewer Messages From Past Week ======== . 4/1/2014 9:06:54 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/1/2014 9:06:54 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 4/1/2014 12:01:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 4/1/2014 12:00:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/1/2014 12:00:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/1/2014 12:00:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/1/2014 12:00:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 4/1/2014 12:00:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/1/2014 12:00:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/1/2014 12:00:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/1/2014 12:00:27 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File =========================== Link to post Share on other sites More sharing options...
whonew Posted April 3, 2014 Author ID:813098 Share Posted April 3, 2014 Thank you for responding so quick and what is a bit turrent? Link to post Share on other sites More sharing options...
whonew Posted April 3, 2014 Author ID:813099 Share Posted April 3, 2014 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16843 BrowserJavaVersion: 10.51.2Run by Judith at 16:32:31 on 2014-04-03Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1116 [GMT -7:00].AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k GPSvcGroupC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Frontier\fshoster32.exeC:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXEC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\SearchIndexer.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSGK32.EXEC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exeC:\windows\system32\taskhost.exeC:\windows\system32\taskeng.exeC:\windows\system32\Dwm.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\windows\Explorer.EXEC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files (x86)\Frontier\fshoster32.exeC:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXEC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files\Waterfox\waterfox.exeC:\Program Files\Waterfox\plugin-container.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: AutorunsDisabled - <orphaned>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exemRun: [F-Secure Hoster (53784)] "C:\Program Files (x86)\Frontier\fshoster32.exe" -app -hosterid:1mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE" /splashmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.254.254TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A} : DHCPNameServer = 192.168.254.254TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\6427F6E64796562733731353 : DHCPNameServer = 192.168.254.254TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\6716E602E475 : DHCPNameServer = 192.168.254.254TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\D61636B6D27457563747 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{1C9F5782-6E1E-4B87-B6CE-A95F954BF38A}\E43434 : DHCPNameServer = 68.87.69.146 68.87.85.98TCP: Interfaces\{EE8955E8-D2B7-40F6-B417-F67FC1CC5384} : DHCPNameServer = 192.168.254.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\cqjugvhh.default-1395345917665\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dllFF - plugin: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dllFF - plugin: C:\windows\System32\Macromed\Flash\NPSWF64_12_0_0_77.dllFF - plugin: C:\windows\System32\npDeployJava1.dllFF - plugin: C:\windows\System32\npmproxy.dllFF - plugin: C:\windows\System32\Wat\npWatWeb.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2013-2-8 75904]R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2013-2-8 38016]R0 fsbts;fsbts;C:\windows\System32\drivers\fsbts.sys [2013-10-16 56016]R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2014-4-3 69480]R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2013-10-16 13248]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Frontier\fshoster32.exe [2013-5-15 191424]R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [2012-8-6 60352]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-7 418376]R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-10-16 203304]R3 fsni;fsni;C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [2013-4-25 80832]R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2013-2-8 9216]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-7 25928]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-2-8 1109096]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-7 701512]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-8 19456]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-2-8 243712]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-8 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-8 30208]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-2-8 203776].=============== Created Last 30 ================.2014-04-03 12:54:39 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{081747B5-9510-499F-8873-DFBC1CFB77CE}\offreg.dll2014-04-01 18:37:14 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{081747B5-9510-499F-8873-DFBC1CFB77CE}\mpengine.dll2014-03-25 21:34:36 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-25 21:34:36 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2014-03-19 05:24:26 -------- d-----w- C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com2014-03-19 05:24:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com2014-03-19 05:24:13 -------- d-----w- C:\Program Files\SUPERAntiSpyware2014-03-12 23:12:16 624128 ----a-w- C:\windows\System32\qedit.dll2014-03-12 23:12:16 509440 ----a-w- C:\windows\SysWow64\qedit.dll2014-03-12 23:12:14 228864 ----a-w- C:\windows\System32\wwansvc.dll2014-03-12 23:12:10 3156480 ----a-w- C:\windows\System32\win32k.sys2014-03-12 23:12:06 484864 ----a-w- C:\windows\System32\wer.dll2014-03-12 23:12:06 381440 ----a-w- C:\windows\SysWow64\wer.dll2014-03-12 23:11:10 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll2014-03-12 23:11:09 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll2014-03-07 23:48:03 -------- d-----w- C:\Program Files\Waterfox.==================== Find3M ====================.2014-02-23 08:13:41 2241536 ----a-w- C:\windows\System32\wininet.dll2014-02-23 08:11:59 3960320 ----a-w- C:\windows\System32\jscript9.dll2014-02-23 08:11:52 67072 ----a-w- C:\windows\System32\iesetup.dll2014-02-23 08:11:52 136704 ----a-w- C:\windows\System32\iesysprep.dll2014-02-23 06:54:46 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2014-02-23 06:53:22 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll2014-02-23 06:53:18 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2014-02-23 06:53:18 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2014-02-23 06:35:36 2706432 ----a-w- C:\windows\System32\mshtml.tlb2014-02-23 06:31:25 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2014-02-23 05:39:39 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2014-02-23 05:35:24 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2014-02-20 06:09:34 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2014-01-16 00:42:40 608032 ----a-w- C:\SecurityScanner.dll.============= FINISH: 16:34:13.56 =============== Link to post Share on other sites More sharing options...
kevinf80 Posted April 4, 2014 ID:813193 Share Posted April 4, 2014 Thanks for the logs, run the following please......... Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller. If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.Once the tool has completed scanning make sure to re-enable your other security applications. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin.. Link to post Share on other sites More sharing options...
whonew Posted April 4, 2014 Author ID:813384 Share Posted April 4, 2014 I hope I did this right Link to post Share on other sites More sharing options...
whonew Posted April 4, 2014 Author ID:813394 Share Posted April 4, 2014 Farbar is giving me several options to pick , Internet Services, Windows Firewall, System Restore , Security Center, /Action Center, Windows Update, Windows Defender, Other Services . Should I just leave them alone?There is no addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted April 4, 2014 ID:813481 Share Posted April 4, 2014 FRST does not give the options that you mention, that maybe is a another tool by Farbar called FSS. This link again.. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Also this log from TDSSKiller "TDSSKiller.3.0.0.28_04.04.2014_10.00.01_log.txt" is not complete Kevin... Link to post Share on other sites More sharing options...
whonew Posted April 4, 2014 Author ID:813486 Share Posted April 4, 2014 ok , thank you, my machine will not allow me to copy and paste, and I did run it and there was no additional txt file that is why I asked about the other options, Link to post Share on other sites More sharing options...
kevinf80 Posted April 4, 2014 ID:813517 Share Posted April 4, 2014 mmmm, you have run Farbar Sevice Scanner, FSS for short, can you please go back to the last set of instructions and download and run Farbar Recovery Scan Tool, FRST for short, Link to post Share on other sites More sharing options...
whonew Posted April 4, 2014 Author ID:813543 Share Posted April 4, 2014 I down loaded Farbar Recovery Scan Tool and got File extractor ? Did I do right Link to post Share on other sites More sharing options...
kevinf80 Posted April 4, 2014 ID:813554 Share Posted April 4, 2014 What do you mean, a file extractor? just follow the instructions I posted, they are really easy to follow... Link to post Share on other sites More sharing options...
whonew Posted April 4, 2014 Author ID:813573 Share Posted April 4, 2014 I did follow those and down loaded the one you said, sense I did the wrong one the first time , this one was correct but gave me file extractor not FRST and malwarbyte says it a PUP Link to post Share on other sites More sharing options...
whonew Posted April 5, 2014 Author ID:813615 Share Posted April 5, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Judith (administrator) on KIRK-PC on 04-04-2014 17:01:54Running from C:\Users\Judith\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exe(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXE(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [] - [X]HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)HKLM-x32\...\Run: [F-Secure Hoster (53784)] - C:\Program Files (x86)\Frontier\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKU\S-1-5-21-1596010243-3757955604-700281957-1000\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://frontier.yahoo.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJSearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm011^YY^us&si=maps4pc&ptb=E6FAE485-FBCB-41CB-8BD8-F3F15DFE0857&ind=2013060819&n=77fcded3&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJSearchScopes: HKCU - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm011^YY^us&si=maps4pc&ptb=E6FAE485-FBCB-41CB-8BD8-F3F15DFE0857&ind=2013060819&n=77fcded3&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {3B2C9801-5FC7-4884-A127-E552570857AD} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJSearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm011^YY^us&si=maps4pc&ptb=E6FAE485-FBCB-41CB-8BD8-F3F15DFE0857&ind=2013060819&n=77fcded3&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM-x32 - No Name - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cabHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No FileHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No FileHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No FileHandler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No FileHandler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No FileHandler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.254.254FireFox:========FF ProfilePath: C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\cqjugvhh.default-1395345917665FF DefaultSearchEngine: GoogleFF SelectedSearchEngine: GoogleFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No FileFF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextensionFF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextensionFF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextensionFF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\==================== Services (Whitelisted) =================R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)R2 fshoster; C:\Program Files (x86)\Frontier\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)R3 FSMA; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)R2 FSORSPClient; C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [60352 2013-10-16] (F-Secure Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)==================== Drivers (Whitelisted) ====================R3 F-Secure Gatekeeper; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-03-03] (F-Secure Corporation)R1 F-Secure HIPS; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69480 2014-03-03] (F-Secure Corporation)R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-16] ()R3 fsni; C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)R1 fsvista; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-04-04 17:01 - 2014-04-04 17:02 - 00012902 _____ () C:\Users\Judith\Desktop\FRST.txt2014-04-04 17:01 - 2014-04-04 17:01 - 02157056 _____ (Farbar) C:\Users\Judith\Desktop\FRST64.exe2014-04-04 17:01 - 2014-04-04 17:01 - 00000000 ____D () C:\FRST2014-04-04 10:36 - 2014-04-04 10:36 - 00409600 _____ (Farbar) C:\Users\Judith\Desktop\FSS.exe2014-04-04 09:27 - 2014-04-04 09:28 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Judith\Desktop\tdsskiller.exe2014-04-03 16:34 - 2014-04-03 16:34 - 00013983 _____ () C:\Users\Judith\Desktop\dds.txt2014-04-03 16:34 - 2014-04-03 16:34 - 00012276 _____ () C:\Users\Judith\Desktop\attach.txt2014-04-03 16:28 - 2014-04-03 16:28 - 00688992 ____R (Swearware) C:\Users\Judith\Desktop\dds.scr2014-03-25 14:34 - 2014-04-04 16:24 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-03-25 14:34 - 2014-03-25 14:54 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-03-25 14:34 - 2014-03-25 14:54 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-25 14:34 - 2014-03-25 14:54 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-03-20 13:05 - 2014-03-20 13:05 - 00000000 ____D () C:\Users\Judith\Desktop\Old Firefox Data2014-03-19 12:58 - 2014-03-19 12:58 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Oracle2014-03-18 22:24 - 2014-03-18 22:24 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-03-18 22:07 - 2014-03-18 22:23 - 29393568 _____ (SUPERAntiSpyware) C:\Users\Judith\Desktop\SUPERAntiSpyware.exe2014-03-12 16:24 - 2014-02-23 01:13 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-03-12 16:24 - 2014-02-23 01:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-03-12 16:24 - 2014-02-23 01:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-03-12 16:24 - 2014-02-23 01:12 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-03-12 16:24 - 2014-02-23 01:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-03-12 16:24 - 2014-02-23 01:12 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-03-12 16:24 - 2014-02-23 01:11 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-03-12 16:24 - 2014-02-23 01:11 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-03-12 16:24 - 2014-02-23 01:11 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-03-12 16:24 - 2014-02-23 01:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2014-03-12 16:24 - 2014-02-23 01:11 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-03-12 16:24 - 2014-02-23 01:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2014-03-12 16:24 - 2014-02-23 01:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-03-12 16:24 - 2014-02-23 01:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-03-12 16:24 - 2014-02-23 01:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-03-12 16:24 - 2014-02-22 23:54 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-03-12 16:24 - 2014-02-22 23:54 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-03-12 16:24 - 2014-02-22 23:53 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-03-12 16:24 - 2014-02-22 23:53 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-03-12 16:24 - 2014-02-22 23:53 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-03-12 16:24 - 2014-02-22 23:53 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-03-12 16:24 - 2014-02-22 23:53 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2014-03-12 16:24 - 2014-02-22 23:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-03-12 16:24 - 2014-02-22 23:53 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-03-12 16:24 - 2014-02-22 23:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-03-12 16:24 - 2014-02-22 23:53 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2014-03-12 16:24 - 2014-02-22 23:53 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-03-12 16:24 - 2014-02-22 23:53 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-03-12 16:24 - 2014-02-22 23:53 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-03-12 16:24 - 2014-02-22 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-03-12 16:24 - 2014-02-22 23:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-03-12 16:24 - 2014-02-22 22:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe2014-03-12 16:24 - 2014-02-22 22:35 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe2014-03-12 16:12 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-03-12 16:12 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll2014-03-12 16:12 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll2014-03-12 16:12 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll2014-03-12 16:12 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll2014-03-12 16:12 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll2014-03-12 16:11 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll2014-03-12 16:11 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll2014-03-07 16:48 - 2014-03-07 16:48 - 00000893 _____ () C:\Users\Public\Desktop\Waterfox.lnk2014-03-07 16:48 - 2014-03-07 16:48 - 00000000 ____D () C:\Program Files\Waterfox2014-03-07 16:06 - 2014-03-07 16:08 - 29496405 _____ (Mozilla) C:\Users\Judith\Downloads\Waterfox 27.0.2 Setup.exe2014-03-07 16:00 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Mozilla2014-03-05 18:14 - 2014-03-05 18:15 - 01070496 _____ (Unity Technologies ApS) C:\Users\Judith\Downloads\UnityWebPlayer.exe==================== One Month Modified Files and Folders =======2014-04-04 17:02 - 2014-04-04 17:01 - 00012902 _____ () C:\Users\Judith\Desktop\FRST.txt2014-04-04 17:01 - 2014-04-04 17:01 - 02157056 _____ (Farbar) C:\Users\Judith\Desktop\FRST64.exe2014-04-04 17:01 - 2014-04-04 17:01 - 00000000 ____D () C:\FRST2014-04-04 16:24 - 2014-03-25 14:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-04-04 15:34 - 2013-03-31 23:57 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D4940CF2-687B-4072-9529-E1ACB9C40F93}2014-04-04 10:36 - 2014-04-04 10:36 - 00409600 _____ (Farbar) C:\Users\Judith\Desktop\FSS.exe2014-04-04 10:06 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-04 10:06 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-04 10:04 - 2009-07-13 22:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI2014-04-04 10:02 - 2014-01-25 10:24 - 01722364 _____ () C:\windows\WindowsUpdate.log2014-04-04 09:59 - 2014-02-20 04:11 - 00002106 _____ () C:\windows\setupact.log2014-04-04 09:59 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-04-04 09:28 - 2014-04-04 09:27 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Judith\Desktop\tdsskiller.exe2014-04-03 16:34 - 2014-04-03 16:34 - 00013983 _____ () C:\Users\Judith\Desktop\dds.txt2014-04-03 16:34 - 2014-04-03 16:34 - 00012276 _____ () C:\Users\Judith\Desktop\attach.txt2014-04-03 16:28 - 2014-04-03 16:28 - 00688992 ____R (Swearware) C:\Users\Judith\Desktop\dds.scr2014-03-25 14:54 - 2014-03-25 14:34 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-03-25 14:54 - 2014-03-25 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-25 14:54 - 2014-03-25 14:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-03-25 14:54 - 2013-04-12 19:50 - 00000000 ____D () C:\Users\Judith\AppData\Local\Adobe2014-03-25 14:35 - 2013-02-08 18:39 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Adobe2014-03-25 14:35 - 2013-02-08 18:33 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Macromedia2014-03-25 14:34 - 2013-07-09 16:05 - 00000000 ____D () C:\windows\system32\Macromed2014-03-25 14:22 - 2014-02-20 04:11 - 00120954 _____ () C:\windows\PFRO.log2014-03-25 14:21 - 2013-09-07 22:54 - 00000000 ____D () C:\Users\Judith\AppData\Local\Macromedia2014-03-21 02:49 - 2013-02-27 10:41 - 00000000 ____D () C:\Users\Judith\AppData\Local\CrashDumps2014-03-20 13:05 - 2014-03-20 13:05 - 00000000 ____D () C:\Users\Judith\Desktop\Old Firefox Data2014-03-19 12:58 - 2014-03-19 12:58 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Oracle2014-03-18 22:24 - 2014-03-18 22:24 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-03-18 22:24 - 2014-03-18 22:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-03-18 22:23 - 2014-03-18 22:07 - 29393568 _____ (SUPERAntiSpyware) C:\Users\Judith\Desktop\SUPERAntiSpyware.exe2014-03-13 16:17 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF2014-03-12 16:37 - 2011-03-29 20:11 - 00000000 ____D () C:\windows\Panther2014-03-12 16:37 - 2009-07-13 21:45 - 00417416 _____ () C:\windows\system32\FNTCACHE.DAT2014-03-12 16:36 - 2013-10-15 19:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-12 16:36 - 2013-10-15 19:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-12 16:32 - 2013-02-23 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-03-12 16:29 - 2013-07-12 21:30 - 00000000 ____D () C:\windows\system32\MRT2014-03-12 16:26 - 2013-02-08 19:40 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-03-07 16:48 - 2014-03-07 16:48 - 00000893 _____ () C:\Users\Public\Desktop\Waterfox.lnk2014-03-07 16:48 - 2014-03-07 16:48 - 00000000 ____D () C:\Program Files\Waterfox2014-03-07 16:46 - 2014-03-03 13:45 - 00000000 ____D () C:\Users\Judith\AppData\Local\Unity2014-03-07 16:08 - 2014-03-07 16:06 - 29496405 _____ (Mozilla) C:\Users\Judith\Downloads\Waterfox 27.0.2 Setup.exe2014-03-07 16:00 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Mozilla2014-03-05 18:15 - 2014-03-05 18:14 - 01070496 _____ (Unity Technologies ApS) C:\Users\Judith\Downloads\UnityWebPlayer.exeSome content of TEMP:====================C:\Users\Judith\AppData\Local\Temp\{5B415D9C-AA9F-4970-98DF-F4634C7CE71D}.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-03-30 01:07==================== End Of Log ============================ Link to post Share on other sites More sharing options...
whonew Posted April 5, 2014 Author ID:813617 Share Posted April 5, 2014 Thank you Link to post Share on other sites More sharing options...
kevinf80 Posted April 5, 2014 ID:813779 Share Posted April 5, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a FULL scanMake sure that everything is checked, and click Remove Selected on any found items. Post the produced log. Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Post those logs, let me know if any remaining issues or concerns.. Kevin fixlist.txt Link to post Share on other sites More sharing options...
whonew Posted April 5, 2014 Author ID:813920 Share Posted April 5, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by Judith at 2014-04-05 08:38:40 Run:1Running from C:\Users\Judith\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************StartSearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}SearchScopes: HKCU - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...or={searchTerms}Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No FileHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No FileHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No FileHandler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No FileHandler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No FileHandler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No FileC:\Users\Judith\AppData\Local\Temp\{5B415D9C-AA9F-4970-98DF-F4634C7CE71D}.exeEnd*****************HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.HKCR\PROTOCOLS\Handler\tmbp => Key deleted successfully.HKCR\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => Key not found.HKCR\PROTOCOLS\Handler\tmpx => Key deleted successfully.HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.HKCR\PROTOCOLS\Handler\tmtbim => Key deleted successfully.HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => Key not found.HKCR\Wow6432Node\PROTOCOLS\Handler\tmbp => Key not found.HKCR\Wow6432Node\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => Key not found.HKCR\Wow6432Node\PROTOCOLS\Handler\tmpx => Key not found.HKCR\Wow6432Node\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.HKCR\Wow6432Node\PROTOCOLS\Handler\tmtbim => Key not found.HKCR\Wow6432Node\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => Key not found."C:\Users\Judith\AppData\Local\Temp\{5B415D9C-AA9F-4970-98DF-F4634C7CE71D}.exe" => File/Directory not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
kevinf80 Posted April 5, 2014 ID:813951 Share Posted April 5, 2014 Thanks for the fixlog, have you completed the other steps.... Link to post Share on other sites More sharing options...
whonew Posted April 5, 2014 Author ID:813967 Share Posted April 5, 2014 Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.04.04.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16844Judith :: KIRK-PC [administrator]Protection: Disabled4/4/2014 5:37:04 PMmbam-log-2014-04-04 (17-37-04).txtScan type: Custom scan (C:\Users\Judith\Desktop\Continue File Extractor Installation.lnk|)Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Memory | Startup | Registry | Heuristics/ExtraObjects scanned: 0Time elapsed: 4 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
kevinf80 Posted April 5, 2014 ID:813986 Share Posted April 5, 2014 Thanks for latest log Link to post Share on other sites More sharing options...
whonew Posted April 5, 2014 Author ID:814012 Share Posted April 5, 2014 Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.04.05.03Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16844Judith :: KIRK-PC [administrator]Protection: Enabled4/5/2014 10:18:44 AMmbam-log-2014-04-05 (10-18-44).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 348774Time elapsed: 1 hour(s), 9 minute(s), 13 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
kevinf80 Posted April 5, 2014 ID:814019 Share Posted April 5, 2014 Just need AdwCleaner and JRT logs, also let me know if any remaining issues or cocncerns Link to post Share on other sites More sharing options...
whonew Posted April 5, 2014 Author ID:814029 Share Posted April 5, 2014 Thank you, please give me instructions on how to remove the downloads we just did and my type is still moving to the center of the line of type. I will continue by typing that again so you can see what I am talking about.Example:o youom the downloads , please give me instruction's on how to remove the downloads we just did and type is still jumping to the center of the line of type . Link to post Share on other sites More sharing options...
whonew Posted April 5, 2014 Author ID:814032 Share Posted April 5, 2014 At times when I try to leave a message here I get a pop up BBC offering twitter and I cancel that# AdwCleaner v3.023 - Report created 05/04/2014 at 11:36:27# Updated 01/04/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Judith - KIRK-PC# Running from : C:\Users\Judith\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16843-\\ Mozilla Firefox v27.0.1 (en-US)[ File : C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\cqjugvhh.default-1395345917665\prefs.js ]*************************AdwCleaner[R0].txt - [789 octets] - [05/04/2014 11:30:16]AdwCleaner[s0].txt - [711 octets] - [05/04/2014 11:36:27]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [770 octets] ########## Link to post Share on other sites More sharing options...
Recommended Posts