Jump to content

cannot connect to Internet (resolved)


freedom01
 Share

Recommended Posts

I don't want to second guess Juliet, but I wouldn't install anything until I'd run all the suggested scans and got a clean bill of health. Anything extra you are doing could muddy the waters. Just keep the machine off the internet unless absolutely essential and get an AV solution on it once it's clean.

Link to comment
Share on other sites

  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

I don't want to second guess Juliet, but I wouldn't install anything until I'd run all the suggested scans and got a clean bill of health. Anything extra you are doing could muddy the waters. Just keep the machine off the internet unless absolutely essential and get an AV solution on it once it's clean.

Yes I agree, but unable to get AV on the computer. The syste refuses to complete installation. Below is what happened after the scan.

Big waste of time installing this program. It did do a complete scan and found issues, but all it seem to be was an commercial to buy their software.

Link to comment
Share on other sites

Does the infected computer have internet access?

 

There are other tools we can suggest but you'll probably have to transfer by USB drive.

 

Can you try again to run Please download Farbar Recovery Scan Tool

 

(use correct version for your system.....Which system am I using?)

 

~~~~~~~~~~~`

 

Please download Malwarebytes AntiRootkit and save it to your desktop.

 

Full instructions how to use MBAR

Please note: This is a beta version so please be sure to read the disclaimer and note of it.

 

Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

 

Click on Next > then on Update button to download fresh definitions.

mbar_update.JPG

 

When database updates click Next

 

In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"

mbarscan.JPG

 

If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.

Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.

 

The Clean up procedure will be Scheduled for process.

 

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet access

Windows Update

Windows Firewall9.

 

If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

.Verify that your system is now functioning normally.

When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

 

>> Please copy and paste the two following logs from the mbar folder:

 

system-log.txt

and

mbar-log-year-month-day (hour-minute-second).txt.

Link to comment
Share on other sites

One of the main problems we have here is the User (ME...lol). One thing keeps happening every time I try and install MS Security Essentials is that I get the pop up IE has Blocked. I try over and over thinking maybe after a couple tries it will kick in, but nothing. I went to Tools, Internet Options to go back to Default, but I do not think it is holding so I am being blocked when I try to download. Juliet, yes I will give Farber another try. Thank you so much for your patience with me.

Link to comment
Share on other sites

Does the infected computer have internet access?

 

There are other tools we can suggest but you'll probably have to transfer by USB drive.

 

Can you try again to run Please download Farbar Recovery Scan Tool

 

(use correct version for your system.....Which system am I using?)

 

~~~~~~~~~~~`

 

Please download Malwarebytes AntiRootkit and save it to your desktop.

 

Full instructions how to use MBAR

Please note: This is a beta version so please be sure to read the disclaimer and note of it.

 

Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

 

Click on Next > then on Update button to download fresh definitions.

mbar_update.JPG

 

When database updates click Next

 

In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"

mbarscan.JPG

 

If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.

Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.

 

The Clean up procedure will be Scheduled for process.

 

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet access

Windows Update

Windows Firewall9.

 

If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

.Verify that your system is now functioning normally.

When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

 

>> Please copy and paste the two following logs from the mbar folder:

 

system-log.txt

and

mbar-log-year-month-day (hour-minute-second).txt.

Juliet, one thing is I have 64Bit where as the laptop is 32Bit.

Link to comment
Share on other sites

I was able to get Farber into the laptop with having to go into Safe Mode. It was just scanning, but it scanned for about 2 minutes and it stopped and said scan is complete. What I received is a Notepad reading of the system. It shows errors and so forth, but nothing to click for cleaning actually nothing to click at all.

Link to comment
Share on other sites

It will produce a log called FRST.txt in the same directory the tool is run from.

  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  • It wont have a fixit button, I would have to create a script for it to use.

     

    you should find --> mbar folder:

     

    system-log.txt

    and

    mbar-log-year-month-day (hour-minute-second).txt.

    These logs are not highlighted will they still work? Also. where will I paste them?

    In your next reply.

     

    Juliet, one thing is I have 64Bit where as the laptop is 32Bit.

    See if you can post any kind of log so I can see whats going on.

     

    Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

    Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment.

    No need for that though ..... just post it as you would any other log.

     

    Have you ever tried downloading and using FireFox for a browser?

Link to comment
Share on other sites

I am posting this from the damaged laptop I hope it posts. Log listed below.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by McKnight (administrator) on HOME on 22-03-2014 12:36:49
Running from F:\
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-04-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-04-06] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [2894928 2009-03-23] (Dell Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Dell DataSafe Online] - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [273528 2011-10-20] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [RegWork] - C:\Program Files\RegWork\RegWork.exe [13787504 2010-11-15] (Honlyn (Macao Commercial Offshore) Limited)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\Antimalware\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3684456019-3897411188-896654251-1000\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\S-1-5-21-3684456019-3897411188-896654251-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3684456019-3897411188-896654251-1000\...\Run: [internet Security] - C:\Users\McKnight\AppData\Roaming\tdefender.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\McKnight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKLM - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (MindSpark)
URLSearchHook: HKCU - NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
URLSearchHook: HKCU - (No Name) - {801120a5-289d-4a31-9d09-3f1794681e02} - C:\Program Files\GasGlance_5i\bar\1.bin\5iSrcAs.dll (MindSpark)
SearchScopes: HKLM - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm503YYus&ptnrS=ZKxdm503YYus&ptb=73DE2E89-8B9F-4610-9F5A-7243FB57717E&ind=2012052019&n=77ed7a33&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3084223
SearchScopes: HKCU - DefaultScope {049D43D6-E112-4CF1-B6E9-4F5712FD018A} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120727,6900,0,5,0
SearchScopes: HKCU - {049D43D6-E112-4CF1-B6E9-4F5712FD018A} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120727,6900,0,5,0
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QK&apn_dtid=YYYYYYYYUS&apn_uid=80ED8642-6B0B-414E-86DD-B90C2A522B2C&apn_sauid=59D990EE-0B41-409E-823F-67256291EFC9
SearchScopes: HKCU - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm503YYus&ptnrS=ZKxdm503YYus&ptb=73DE2E89-8B9F-4610-9F5A-7243FB57717E&ind=2012052019&n=77ed7a33&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3084223
BHO: Search Assistant BHO - {002d1ba6-4766-4d7d-82b8-f49439c66f97} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (MindSpark)
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO: mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RivalGaming Games - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\McKnight\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
BHO: TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Search Assistant BHO - {9641d095-2c78-400e-bbb0-c20f3108358b} - C:\Program Files\GasGlance_5i\bar\1.bin\5iSrcAs.dll (MindSpark)
BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Toolbar BHO - {e1bfc11e-a392-4575-9ee7-27a96eb0db90} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)
BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
BHO: Toolbar BHO - {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
Toolbar: HKLM - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
Toolbar: HKLM - BringMeSports - {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll ()
Toolbar: HKLM - GasGlance - {865fc489-56eb-41fa-bb25-027900188070} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - TV Bar 2 Toolbar - {75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
Toolbar: HKCU - TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
Toolbar: HKCU - BringMeSports - {CC53BD19-7B23-43B0-AB7C-0E06C708CCED} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)
Toolbar: HKCU - GasGlance - {865FC489-56EB-41FA-BB25-027900188070} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 208.104.244.45 208.104.2.36 208.104.2.85

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\BringMeSports_1c\bar\1.bin\NP1cStub.dll (MindSpark)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\McKnight\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\McKnight\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-11]
CHR Extension: (Google Wallet) - C:\Users\McKnight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-20]

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-04-06] (Andrea Electronics Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-06-03] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-04-06] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.)
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [X]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jhlomgcj; \??\C:\Windows\system32\drivers\jhlomgcj.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-22 09:17 - 2014-03-22 12:36 - 00000000 ____D () C:\FRST
2014-03-21 01:25 - 2014-03-22 02:36 - 00000438 _____ () C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2014-03-21 01:21 - 2014-03-22 02:33 - 00000099 _____ () C:\Windows\Reimage.ini
2014-03-21 01:20 - 2014-03-21 01:21 - 00001890 _____ () C:\Users\McKnight\Desktop\Rkill.txt
2014-03-19 01:25 - 2014-03-19 01:25 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\Malwarebytes
2014-03-19 01:24 - 2014-03-19 01:24 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-19 01:24 - 2014-03-19 01:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 01:24 - 2014-03-19 01:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-19 01:24 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-18 18:21 - 2014-03-18 18:21 - 00000000 ____D () C:\Quarantine
2014-03-18 18:20 - 2014-03-18 18:21 - 00000000 ____D () C:\Program Files\stinger

==================== One Month Modified Files and Folders =======

2014-03-22 12:36 - 2014-03-22 09:17 - 00000000 ____D () C:\FRST
2014-03-22 12:34 - 2011-10-20 17:48 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 12:34 - 2010-10-25 11:22 - 00000000 ____D () C:\Users\McKnight\Tracing
2014-03-22 12:33 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 12:33 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 12:33 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 09:55 - 2011-10-20 17:48 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 09:31 - 2012-04-22 17:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 09:19 - 2006-11-02 06:33 - 00694158 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 09:11 - 2006-11-02 08:58 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-22 08:00 - 2012-07-02 19:21 - 00000272 _____ () C:\Windows\Tasks\RGames Updater.job
2014-03-22 05:54 - 2008-01-20 23:02 - 00568242 _____ () C:\Windows\PFRO.log
2014-03-22 05:54 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\IME
2014-03-22 05:52 - 2010-09-01 18:57 - 00000000 ____D () C:\Users\McKnight
2014-03-22 02:36 - 2014-03-21 01:25 - 00000438 _____ () C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2014-03-22 02:33 - 2014-03-21 01:21 - 00000099 _____ () C:\Windows\Reimage.ini
2014-03-21 01:21 - 2014-03-21 01:20 - 00001890 _____ () C:\Users\McKnight\Desktop\Rkill.txt
2014-03-20 02:42 - 2009-08-25 10:53 - 01661400 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 23:44 - 2009-08-25 16:24 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-19 17:32 - 2010-10-22 17:07 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\AVG7
2014-03-19 17:32 - 2010-10-22 17:06 - 00000000 ____D () C:\ProgramData\avg7
2014-03-19 17:32 - 2010-10-22 17:06 - 00000000 ____D () C:\Program Files\Grisoft
2014-03-19 17:31 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system
2014-03-19 17:29 - 2010-11-23 17:57 - 00007052 _____ () C:\Users\McKnight\AppData\Local\d3d9caps.dat
2014-03-19 04:34 - 2012-04-22 17:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-19 04:34 - 2011-10-20 19:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-19 04:12 - 2012-07-02 19:21 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\Mozilla
2014-03-19 04:12 - 2010-09-02 00:20 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\Ywxi
2014-03-19 01:25 - 2014-03-19 01:25 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\Malwarebytes
2014-03-19 01:24 - 2014-03-19 01:24 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-19 01:24 - 2014-03-19 01:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 01:24 - 2014-03-19 01:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-18 18:21 - 2014-03-18 18:21 - 00000000 ____D () C:\Quarantine
2014-03-18 18:21 - 2014-03-18 18:20 - 00000000 ____D () C:\Program Files\stinger
2014-03-18 18:18 - 2006-11-02 08:49 - 00173866 _____ () C:\Windows\setupact.log
2014-03-18 18:04 - 2011-10-20 19:43 - 00001929 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-18 17:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-18 17:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-18 17:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-03-18 17:17 - 2006-11-02 06:22 - 37486592 _____ () C:\Windows\system32\config\software_previous
2014-03-18 17:17 - 2006-11-02 06:22 - 14680064 _____ () C:\Windows\system32\config\system_previous
2014-03-18 17:17 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-03-18 17:17 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-03-18 17:04 - 2006-11-02 06:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2014-03-18 02:50 - 2006-11-02 06:22 - 28311552 _____ () C:\Windows\system32\config\components_previous

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3684456019-3897411188-896654251-1000\$1a5cfd3ea8484a240ca86dd2f7aa192a

Files to move or delete:
====================
C:\Users\McKnight\notepad.exe
C:\Users\McKnight\teamviewer.exe

Some content of TEMP:
====================
C:\Users\McKnight\AppData\Local\Temp\askToolbarInstaller-1.9.1.0.exe
C:\Users\McKnight\AppData\Local\Temp\AVGsafeguard.exe
C:\Users\McKnight\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\McKnight\AppData\Local\Temp\lowproc.exe
C:\Users\McKnight\AppData\Local\Temp\regtdi.exe
C:\Users\McKnight\AppData\Local\Temp\ReimagePackage.exe
C:\Users\McKnight\AppData\Local\Temp\setup.exe
C:\Users\McKnight\AppData\Local\Temp\sqlite3.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2014-03-22 09:17

==================== End Of Log ============================

Link to comment
Share on other sites

Didn't even enter my mind to connect with from the laptop. Only slept one hour last night, mind is not working to well. Was on computer all night and also taking care of my 3 Saints that like to go in and out in the middle of the night. Yes I guess they call the shots. Any way I'm going to try and see if I can get Malwarebytes Anti-Rootkit from the link directly from the laptop where I am also connected to you. Let you know how it turns out.

Link to comment
Share on other sites

OK

From the FRST log you posted, You have Zero Access Back door trojan

 

Looking at your system now, one or more of the identified infections is a backdoor Trojan. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

 

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

* From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

 

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear

 

We can clean the computer and make it useable again. I cannot repair damage it might have done to your finances.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKLM\...\Run: [] - [X]

HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\Antimalware\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)

HKU\S-1-5-21-3684456019-3897411188-896654251-1000\...\Run: [internet Security] - C:\Users\McKnight\AppData\Roaming\tdefender.exe

URLSearchHook: HKLM - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

URLSearchHook: HKCU - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)

URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)

URLSearchHook: HKCU - (No Name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (MindSpark)

URLSearchHook: HKCU - NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)

URLSearchHook: HKCU - (No Name) - {801120a5-289d-4a31-9d09-3f1794681e02} - C:\Program Files\GasGlance_5i\bar\1.bin\5iSrcAs.dll (MindSpark)

SearchScopes: HKLM - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm503YYus&ptnrS=ZKxdm503YYus&ptb=73DE2E89-8B9F-4610-9F5A-7243FB57717E&ind=2012052019&n=77ed7a33&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3084223

SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QK&apn_dtid=YYYYYYYYUS&apn_uid=80ED8642-6B0B-414E-86DD-B90C2A522B2C&apn_sauid=59D990EE-0B41-409E-823F-67256291EFC9

SearchScopes: HKCU - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm503YYus&ptnrS=ZKxdm503YYus&ptb=73DE2E89-8B9F-4610-9F5A-7243FB57717E&ind=2012052019&n=77ed7a33&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3084223

BHO: Search Assistant BHO - {002d1ba6-4766-4d7d-82b8-f49439c66f97} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (MindSpark)

BHO: mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll ()

BHO: RivalGaming Games - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\McKnight\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)

BHO: TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)

BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)

BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

HO: Toolbar BHO - {e1bfc11e-a392-4575-9ee7-27a96eb0db90} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)

BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)

BHO: Toolbar BHO - {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)

Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)

Toolbar: HKLM - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)

Toolbar: HKLM - BringMeSports - {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)

Toolbar: HKLM - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll ()

Toolbar: HKLM - GasGlance - {865fc489-56eb-41fa-bb25-027900188070} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - TV Bar 2 Toolbar - {75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)

Toolbar: HKCU - TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)

Toolbar: HKCU - BringMeSports - {CC53BD19-7B23-43B0-AB7C-0E06C708CCED} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)

Toolbar: HKCU - GasGlance - {865FC489-56EB-41FA-BB25-027900188070} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

cmd: netsh winsock reset

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\BringMeSports_1c\bar\1.bin\NP1cStub.dll (MindSpark)

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)

S1 jhlomgcj; \??\C:\Windows\system32\drivers\jhlomgcj.sys [X]

C:\$Recycle.Bin\S-1-5-21-3684456019-3897411188-896654251-1000\$1a5cfd3ea8484a240ca86dd2f7aa192a

C:\Users\McKnight\notepad.exe

C:\Users\McKnight\teamviewer.exe

C:\Users\McKnight\AppData\Local\Temp\askToolbarInstaller-1.9.1.0.exe

C:\Users\McKnight\AppData\Local\Temp\AVGsafeguard.exe

C:\Users\McKnight\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\McKnight\AppData\Local\Temp\lowproc.exe

C:\Users\McKnight\AppData\Local\Temp\regtdi.exe

C:\Users\McKnight\AppData\Local\Temp\ReimagePackage.exe

C:\Users\McKnight\AppData\Local\Temp\setup.exe

C:\Users\McKnight\AppData\Local\Temp\sqlite3.exe

DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

CMD: ipconfig /flushdns

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Link to comment
Share on other sites

I need you to copy the fix I created and run it through Farbar Recovery Scan Tool (FRST) and post the log it sends back.

 

My last reply had no links to click on.

 

OK, you'll send the information to your friend for him to run the script?, thats ok if you guys have it set up that way but I wouldn't try to use the computer till it was cleaned.

Link to comment
Share on other sites

I need you to copy the fix I created and run it through Farbar Recovery Scan Tool (FRST) and post the log it sends back.

 

My last reply had no links to click on.

 

OK, you'll send the information to your friend for him to run the script?, thats ok if you guys have it set up that way but I wouldn't try to use the computer till it was cleaned.

I'm so sorry I am not quite understanding what I nned to do. How do I go about running your fix through FRCT? I copied your fix into Notepad nd placed it on desktop. Not even sureif that was what I was suppose to do. I appreciate you so much, Thank you for this help. I did not want to give up with failure.

Link to comment
Share on other sites

When you downloaded Farbar Recovery Scan Tool, where did you save it too?

What we need to do .....is locate it, so that we can save the fixlist.txt I created (and you saved to notepad) in the same folder or slide it next to it so the fix will work.

Once you find where it's been saved to (Farbar Recovery Scan Tool) and you have the fixlist.txt located with it, Open Farbar Recovery Scan Tool and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

NOTE:

If you cannot find FRST (Farbar Recovery Scan Tool), we'll download it again and make sure to please save it to desktop.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

Once you see it or have located the previous folder, you can click the FIX button.

Link to comment
Share on other sites

I had it on the flash drive, but I just dragged it to the desktop next to the Notepad I posted. Just clicked the fix it and it did have to restart. Funny (strange) thing happened. System came back and I still have the icon of Frst and icon of fixlog, but it seems the one I had from Notepad is gone. I went to Notepad to retrieve it and has vanished. I will have to Copy and Paste again and bring it side by side correct?

Link to comment
Share on other sites

I had it on the flash drive, but I just dragged it to the desktop next to the Notepad I posted. Just clicked the fix it and it did have to restart. Funny (strange) thing happened. System came back and I still have the icon of Frst and icon of fixlog, but it seems the one I had from Notepad is gone. I went to Notepad to retrieve it and has vanished. I will have to Copy and Paste again and bring it side by side correct?

Once again my mistake. The fixlog is yours and the one from Notepad.Can I go and get a copy of the other fix or do I need to click fixit again?

Link to comment
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by McKnight at 2014-03-22 17:03:15 Run:1
Running from C:\Users\McKnight\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Quote
start
HKLM\...\Run: [] - [X]
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\Antimalware\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKU\S-1-5-21-3684456019-3897411188-896654251-1000\...\Run: [internet Security] - C:\Users\McKnight\AppData\Roaming\tdefender.exe
URLSearchHook: HKLM - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (MindSpark)
URLSearchHook: HKCU - NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
URLSearchHook: HKCU - (No Name) - {801120a5-289d-4a31-9d09-3f1794681e02} - C:\Program Files\GasGlance_5i\bar\1.bin\5iSrcAs.dll (MindSpark)
SearchScopes: HKLM - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3084223
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...3F-67256291EFC9
SearchScopes: HKCU - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3084223
BHO: Search Assistant BHO - {002d1ba6-4766-4d7d-82b8-f49439c66f97} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (MindSpark)
BHO: mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll ()
BHO: RivalGaming Games - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\McKnight\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
BHO: TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
HO: Toolbar BHO - {e1bfc11e-a392-4575-9ee7-27a96eb0db90} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)
BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
BHO: Toolbar BHO - {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
Toolbar: HKLM - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
Toolbar: HKLM - BringMeSports - {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)
Toolbar: HKLM - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll ()
Toolbar: HKLM - GasGlance - {865fc489-56eb-41fa-bb25-027900188070} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - TV Bar 2 Toolbar - {75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} - C:\Program Files\TV_Bar_2\prxtbTV_B.dll (Conduit Ltd.)
Toolbar: HKCU - TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
Toolbar: HKCU - BringMeSports - {CC53BD19-7B23-43B0-AB7C-0E06C708CCED} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark)
Toolbar: HKCU - GasGlance - {865FC489-56EB-41FA-BB25-027900188070} - C:\Program Files\GasGlance_5i\bar\1.bin\5ibar.dll (MindSpark)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\BringMeSports_1c\bar\1.bin\NP1cStub.dll (MindSpark)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
S1 jhlomgcj; \??\C:\Windows\system32\drivers\jhlomgcj.sys [X]
C:\$Recycle.Bin\S-1-5-21-3684456019-3897411188-896654251-1000\$1a5cfd3ea8484a240ca86dd2f7aa192a
C:\Users\McKnight\notepad.exe
C:\Users\McKnight\teamviewer.exe
C:\Users\McKnight\AppData\Local\Temp\askToolbarInstaller-1.9.1.0.exe
C:\Users\McKnight\AppData\Local\Temp\AVGsafeguard.exe
C:\Users\McKnight\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\McKnight\AppData\Local\Temp\lowproc.exe
C:\Users\McKnight\AppData\Local\Temp\regtdi.exe
C:\Users\McKnight\AppData\Local\Temp\ReimagePackage.exe
C:\Users\McKnight\AppData\Local\Temp\setup.exe
C:\Users\McKnight\AppData\Local\Temp\sqlite3.exe
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
CMD: ipconfig /flushdns
Reboot:
end

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully.
HKU\S-1-5-21-3684456019-3897411188-896654251-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{75e0046f-2275-4bce-9afd-d8da19abdf0b} => Value deleted successfully.
HKCR\CLSID\{75e0046f-2275-4bce-9afd-d8da19abdf0b} => Key deleted successfully.
Default URLSearchHook was restored successfully .
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{75e0046f-2275-4bce-9afd-d8da19abdf0b} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} => Value deleted successfully.
HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{06b5b051-1d05-443d-822f-39ab0d05f018} => Value deleted successfully.
HKCR\CLSID\{06b5b051-1d05-443d-822f-39ab0d05f018} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Value deleted successfully.
HKCR\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{801120a5-289d-4a31-9d09-3f1794681e02} => Value deleted successfully.
HKCR\CLSID\{801120a5-289d-4a31-9d09-3f1794681e02} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{993f1df9-4ef3-450c-bf9c-f312f7be85d0} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{993f1df9-4ef3-450c-bf9c-f312f7be85d0} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002d1ba6-4766-4d7d-82b8-f49439c66f97} => Key deleted successfully.
HKCR\CLSID\{002d1ba6-4766-4d7d-82b8-f49439c66f97} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{154d932f-dc51-4a4f-9d52-b78b1419d3b4} => Key deleted successfully.
HKCR\CLSID\{154d932f-dc51-4a4f-9d52-b78b1419d3b4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB} => Key deleted successfully.
HKCR\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75} => Key deleted successfully.
HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75e0046f-2275-4bce-9afd-d8da19abdf0b} => Key deleted successfully.
HKCR\CLSID\{75e0046f-2275-4bce-9afd-d8da19abdf0b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} => Key deleted successfully.
HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key deleted successfully.
HKCR\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f653d037-97fa-4755-98c1-7f382eeb59a7} => Key deleted successfully.
HKCR\CLSID\{f653d037-97fa-4755-98c1-7f382eeb59a7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{75e0046f-2275-4bce-9afd-d8da19abdf0b} => Value deleted successfully.
HKCR\CLSID\{75e0046f-2275-4bce-9afd-d8da19abdf0b} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880} => Value deleted successfully.
HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{cc53bd19-7b23-43b0-ab7c-0e06c708cced} => Value deleted successfully.
HKCR\CLSID\{cc53bd19-7b23-43b0-ab7c-0e06c708cced} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{154d932f-dc51-4a4f-9d52-b78b1419d3b4} => Value deleted successfully.
HKCR\CLSID\{154d932f-dc51-4a4f-9d52-b78b1419d3b4} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{865fc489-56eb-41fa-bb25-027900188070} => Value deleted successfully.
HKCR\CLSID\{865fc489-56eb-41fa-bb25-027900188070} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} => Value deleted successfully.
HKCR\CLSID\{75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C98D5B61-B0EA-4D48-9839-1079D352D880} => Value deleted successfully.
HKCR\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED} => Value deleted successfully.
HKCR\CLSID\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{865FC489-56EB-41FA-BB25-027900188070} => Value deleted successfully.
HKCR\CLSID\{865FC489-56EB-41FA-BB25-027900188070} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

C:\Program Files\BringMeSports_1c\bar\1.bin\NP1cStub.dll => Moved successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll => Moved successfully.
jhlomgcj => Service deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3684456019-3897411188-896654251-1000\$1a5cfd3ea8484a240ca86dd2f7aa192a => Directory moved successfully.
C:\Users\McKnight\notepad.exe => Moved successfully.
C:\Users\McKnight\teamviewer.exe => Moved successfully.
C:\Users\McKnight\AppData\Local\Temp\askToolbarInstaller-1.9.1.0.exe => Moved successfully.
C:\Users\McKnight\AppData\Local\Temp\AVGsafeguard.exe => Moved successfully.
C:\Users\McKnight\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\McKnight\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\McKnight\AppData\Local\Temp\regtdi.exe => Moved successfully.
C:\Users\McKnight\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\McKnight\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\McKnight\AppData\Local\Temp\sqlite3.exe => Moved successfully.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Antimalware" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\eppmanifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\setupres.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

 

The system needed a reboot.

==== End of Fixlog ====

Link to comment
Share on other sites

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

At times this tool may appear to be stalled, please have patience.

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
please post the logs from these 2 scans.

C:\AdwCleaner.txt

JRT.txt

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...