Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Request information please.


  • Please log in to reply
22 replies to this topic

#1 Nancy9108

Nancy9108

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 31 December 2013 - 04:54 PM

My husband uses a laptop for his teaching.  I am responsible to update the malwarebytes Pro and Avast.  I came down ill and am on the mend and decided I better run updates on his computer.  Ran Malwarebytes Pro and it popped up with Trojan.FakeMS.  The Malwarebytes quarantined it and deleted it.  I ran the program and it came up no threats.  I also have AVAST and ran that.  Some files could not be scanned but my understanding was there were no infected fines.
 
CAN I RELY ON THE FACT THAT MALWAREBYTES PRO SAID IT QUARANTINED AND DELETED THE TROJAN OR ARE THERE OTHER THINGS I SHOULD DO ON THIS COMPUTER?  THE COMPUTER APPEARS TO BE ACTING NORMALLY BUT SINCE I DON'T USE IT ALL THE TIME AND ONLY DO UPDATES AND RUN MALWAREBYTES PRO AND VIRUS SCANNER I CAN NOT BE SURE.
 
WE HAVE A SON WHO IS A QUADRIPLEGIC ON LIFE SUPPORT AND MY HUSBAND RELYS ON THIS COMPUTER.  CAN ANYONE GIVE ME ADVICE ON THIS?  WHEN I HAD A TROJAN ON MY DESKTOP GRINGO PR WAS A HUGE HELP.  ANYONE ABLE TO HELP ME ON THIS?  i AM NOW RUNNING A BOOT SCAN (THRU AVAST).
 
NANCY

Edit: Moved topic from Windows XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 31 December 2013 - 05:04 PM

I AM TERRIBLY SORRY, I JUST REALIZED THERE IS A TROJAN FORUM.  PLEASE FORGIVE ME.  I HAVE NOT MOVED TO THE TROJAN FORUM FOR HELP.  THANK YOU   NANCY9108



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 AM

Posted 31 December 2013 - 07:01 PM

Hello Nancy.. There are some files .such as the page file, hiberfil .sys and Restore points that are not scanned by tools and it's normal.
 
That said  Malwarebytes is an excellent tool that I trust.
 
But as no one tool does it all.. If you want to thoroughly scan. Run these also.
 
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.
I am leaving now to go out for the evening. I will look back tomorrow if you decide to scan.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 09:35 AM

Hi Bloopme,  First I would like to thank you so much.  I am going to do my best to run everything you have asked me to.  I am not very computer competent but I will do my best.  Also, I have great concerns that this trojan went thru my network onto my computer.  Is that possible?  With all the medical issues my son has I have to keep my computer up and running.  I run malware bytes and avast on my computer also.  It has not shown any trojan like on my husbands laptop.  So I am hopeful my computer is not infected.  Right now it is turned off.  I have an airport that provides the network for our computers.

 

So I will now start the process.  My husband needs to use this computer tomorrow for his class so I am hoping that I can get this checked out by then.  Thank you again for your help.

 

Nancy 



#5 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 09:45 AM

HERE IS THE RESULT OF THE MINITOOLBOX.  I COULD NOT SAVE IT TO THE DESKTOP BUT IT APPEARED TO WANT TO RUN.  SO I TICKED THE AREAS YOU ASKED ME TO  TICK AND THIS IS THE LOG THAT WAS PRODUCED.
 
 
 
 
 
MiniToolBox by Farbar  Version: 18-12-2013
Ran by Ron (administrator) on 01-01-2014 at 09:42:28
Running from "C:\Users\Ron\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Centrino® Ultimate-N 6300 AGN = Wireless Network Connection (Connected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=?) subinterface=ethernet_9 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Ron-Dell
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 24-77-03-EC-3B-D1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 24-77-03-EC-3B-D1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : hsd1.md.comcast.net.
   Description . . . . . . . . . . . : Intel® Centrino® Ultimate-N 6300 AGN
   Physical Address. . . . . . . . . : 24-77-03-EC-3B-D0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b430:512b:37c:15e7%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.1.9(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, January 01, 2014 9:23:47 AM
   Lease Expires . . . . . . . . . . : Wednesday, January 01, 2014 1:34:40 PM
   Default Gateway . . . . . . . . . : 10.0.1.1
   DHCP Server . . . . . . . . . . . : 10.0.1.1
   DHCPv6 IAID . . . . . . . . . . . : 220493571
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-BA-4D-71-B8-CA-3A-D3-69-CA
   DNS Servers . . . . . . . . . . . : 10.0.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : B8-CA-3A-D3-69-CA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{B23CDFC3-4EDA-46ED-A775-C34AED43907E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{50BC1897-56D6-4ABB-AAFD-1A66FE85C6D7}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hsd1.md.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.md.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{1522DEFA-FF98-423E-B63A-DB23B32BA2DD}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3cde:7a67:bbde:a548(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3cde:7a67:bbde:a548%18(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  10.0.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:803::1006
 74.125.228.73
 74.125.228.64
 74.125.228.70
 74.125.228.68
 74.125.228.72
 74.125.228.65
 74.125.228.67
 74.125.228.71
 74.125.228.78
 74.125.228.69
 74.125.228.66
 
 
Pinging google.com [74.125.228.73] with 32 bytes of data:
Reply from 74.125.228.73: bytes=32 time=17ms TTL=55
Reply from 74.125.228.73: bytes=32 time=18ms TTL=55
 
Ping statistics for 74.125.228.73:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 18ms, Average = 17ms
Server:  UnKnown
Address:  10.0.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=52ms TTL=47
Reply from 98.138.253.109: bytes=32 time=65ms TTL=47
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 52ms, Maximum = 65ms, Average = 58ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 3ms, Average = 3ms
===========================================================================
Interface List
 17...24 77 03 ec 3b d1 ......Microsoft Virtual WiFi Miniport Adapter #2
 16...24 77 03 ec 3b d1 ......Microsoft Virtual WiFi Miniport Adapter
 15...24 77 03 ec 3b d0 ......Intel® Centrino® Ultimate-N 6300 AGN
 11...b8 ca 3a d3 69 ca ......Intel® 82579LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 44...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1         10.0.1.9     25
         10.0.1.0    255.255.255.0         On-link          10.0.1.9    281
         10.0.1.9  255.255.255.255         On-link          10.0.1.9    281
       10.0.1.255  255.255.255.255         On-link          10.0.1.9    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.1.9    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.1.9    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 18     58 2001::/32                On-link
 18    306 2001:0:9d38:6ab8:3cde:7a67:bbde:a548/128
                                    On-link
 15    281 fe80::/64                On-link
 18    306 fe80::/64                On-link
 18    306 fe80::3cde:7a67:bbde:a548/128
                                    On-link
 15    281 fe80::b430:512b:37c:15e7/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/01/2014 09:23:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2013 06:17:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2013 06:00:46 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (12/31/2013 05:09:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2013 04:08:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2013 03:34:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswTdi.
 
System Error:
The system cannot find the file specified.
.
 
Error: (12/31/2013 03:34:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (12/31/2013 03:34:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswFsBlk.
 
System Error:
The system cannot find the file specified.
.
 
Error: (12/31/2013 03:28:08 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\DrvInst.exe "4" "8" "C:\Windows\TEMP\{30be445f-86b2-2830-ce6c-597650c30805}\aswNdisFlt.inf" "9" "6280e9107" "0000000000000690" "WinSta0\Default" "0000000000000320" "208" "C:\Program Files\AVAST Software\Avast\setup\Inf\x64"; Description = Device Driver Package Install: Avast Network Service; Error = 0x80070422).
 
Error: (12/31/2013 03:27:53 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed iTunes; Error = 0x80070422).
 
 
System errors:
=============
Error: (01/01/2014 09:23:26 AM) (Source: Service Control Manager) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (01/01/2014 09:23:26 AM) (Source: Service Control Manager) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (12/31/2013 06:28:09 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.1.9.
The computer with the IP address 10.0.1.7 did not allow the name to be claimed by
this computer.
 
Error: (12/31/2013 06:22:58 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.1.9.
The computer with the IP address 10.0.1.7 did not allow the name to be claimed by
this computer.
 
Error: (12/31/2013 06:17:33 PM) (Source: Service Control Manager) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (12/31/2013 06:17:33 PM) (Source: Service Control Manager) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (12/31/2013 05:32:52 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{48956B53-8426-4166-B103-917C26B29ECD}.
The backup browser is stopping.
 
Error: (12/31/2013 05:10:28 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.1.9.
The computer with the IP address 10.0.1.7 did not allow the name to be claimed by
this computer.
 
Error: (12/31/2013 05:09:43 PM) (Source: Service Control Manager) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (12/31/2013 05:09:43 PM) (Source: Service Control Manager) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
 
Microsoft Office Sessions:
=========================
Error: (01/01/2014 09:23:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2013 06:17:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2013 06:00:46 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (12/31/2013 05:09:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2013 04:08:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2013 03:34:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswTdi.
 
System Error:
The system cannot find the file specified.
 
Error: (12/31/2013 03:34:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.
 
System Error:
The system cannot find the file specified.
 
Error: (12/31/2013 03:34:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswFsBlk.
 
System Error:
The system cannot find the file specified.
 
Error: (12/31/2013 03:28:08 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\DrvInst.exe "4" "8" "C:\Windows\TEMP\{30be445f-86b2-2830-ce6c-597650c30805}\aswNdisFlt.inf" "9" "6280e9107" "0000000000000690" "WinSta0\Default" "0000000000000320" "208" "C:\Program Files\AVAST Software\Avast\setup\Inf\x64"Device Driver Package Install: Avast Network Service0x80070422
 
Error: (12/31/2013 03:27:53 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled iTunes0x80070422
 
 
=========================== Installed Programs ============================
 
Acronis True Image Home (Version: 12.0.9646)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Auslogics Duplicate File Finder (Version: 2.5)
avast! Internet Security (Version: 9.0.2011)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.00)
Custom (Version: 01.00.00.002)
D3DX10 (Version: 15.4.2368.0902)
Dell Client System Update (Version: 1.3.0)
Dell Custom Help (Version: 16.01.1000.0235)
Dell Data Protection | Access (Version: 2.3.00001.021)
Dell Edoc Viewer (Version: 1.0.0)
Dell Feature Enhancement Pack (Version: 2.2.1)
Dell Touchpad (Version: 8.1200.101.134)
Dell Webcam Central (Version: 1.40.54)
DellAccess (Version: 01.03.00.046)
Download Navigator (Version: 3.4.1)
EMBASSY Client Core (Version: 01.03.00.092)
Epson Connect
Epson Connect Printer Setup (Version: 1.1.1)
Epson Customer Participation (Version: 1.4.0.0)
Epson Event Manager (Version: 3.01.0000)
Epson E-Web Print (Version: 1.17.0000)
EPSON Printer Finder (Version: 1.0.0)
EPSON Scan
EPSON XP-400 Series Printer Uninstall
EpsonNet Print (Version: 2.5.00)
ERAS Connector (Version: 02.09.05.0330)
Gemalto (Version: 01.64.01.0010)
GemPcCCID (Version: 2.0.1)
Google Chrome (Version: 31.0.1650.63)
Google Drive (Version: 1.13.5782.599)
Google Update Helper (Version: 1.3.22.3)
iCloud (Version: 3.0.2.163)
IDT Audio (Version: 1.0.6454.0)
Intel® Control Center (Version: 1.2.1.1011)
Intel® Management Engine Components (Version: 9.5.14.1724)
Intel® Network Connections 16.8.45.00 (Version: 16.8.45.00)
Intel® PRO/Wireless Driver (Version: 16.01.1000.0494)
Intel® Processor Graphics (Version: 9.17.10.3040)
Intel® Rapid Storage Technology (Version: 11.2.0.1006)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.8.251)
Intel® WiDi (Version: 3.5.40.0)
Intel® Wireless Display
Intel® PROSet/Wireless Software (Version: 16.1.1)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.1000.0235)
Intel® Trusted Connect Service Client (Version: 1.28.487.1)
iTunes (Version: 11.1.3.8)
Junk Mail filter update (Version: 15.4.3502.0922)
LastPass(uninstall only)
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4454.1511)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SkyDrive (Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4454.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1511)
Office 15 Click-to-Run Localization Component (Version: 15.0.4454.1511)
PBA Driver (Version: 1.0.1.7)
Preboot Manager (Version: 03.05.00.026)
Private Information Manager (Version: 07.03.00.016)
QuickTime (Version: 7.74.80.86)
SI TSS (Version: 2.1.41)
SPBA (WBF) 5.9 (Version: 5.9.7.7232)
ST Microelectronics 3 Axis Digital Accelerometer Solution (Version: 4.10.0046)
toolkit32for64bit (Version: 7.68.85.0013)
Trusted Drive Manager (Version: 5.0.0.304)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000)
Wave Crypto Runtime 2.0.9.0 x86 (Version: 02.00.09.0000)
Wave Infrastructure Installer (Version: 07.68.85.0014)
Wave Support Software Installer (Version: 05.15.00.021)
WD SmartWare (Version: 1.6.4.7)
WIDCOMM Bluetooth Software (Version: 6.5.1.4000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 28%
Total physical RAM: 8065.4 MB
Available physical RAM: 5737.86 MB
Total Pagefile: 16128.98 MB
Available Pagefile: 13579.26 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.54 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:377.21 GB) (Free:265.28 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\RON-DELL
 
Administrator            Guest                    Ron                      
 
 
**** End of log ****


#6 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 09:51 AM

HI BOOPME.  ALSO WANTED TO ADD THAT THE ONLY USE OF THIS COMPUTER IS TEACHING.  MY HUSBAND WAS GOING ON UTUBE UP UNTIL ABOUT A MONTH AGO.  WHEN I TOLD HIM TO NOT DO THAT HE QUIT.  THIS IS HIS WORK COMPUTER AND HE TEACHES AND SHOWS SLIDES FROM THIS COMPUTER.  IT IS NOT SLOW AND THERE HAVE BEEN NO PROBLEMS WITH IT UNTIL I RAN THE MALWAREBYTES AND IT SHOWED THE COMPUTER FOUND THE TROJAN.FAKEMS ON THE COMPUTER.  MALWAREBYTES SAID IT QUARANTIED IT AND DELETED IT SO THAT IS WHY I AM WONDERING IF IT IS REALLY GONE.  OK ON TO THE NEXT ITEM.  

 

NANCY



#7 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 10:00 AM

i RAN THE TDSSKILLER AND I CAN NOT GET THE REPORT TO COPY AND PASTE.  i TRIED SEVERAL TIMES.  THE BOTTOM LINE IS THAT THE TEST SAID NO THREATS.  WHAT DO YOU WANT ME TO DO?

 

I NOW WILL RUN THE adw CLEANER



#8 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 10:08 AM

here is the log from the adwcleaner
 
 
 
 
# AdwCleaner v3.016 - Report created 01/01/2014 at 10:03:34
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ron - RON-DELL
# Running from : C:\Users\Ron\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Ron\AppData\Local\apn
File Deleted : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4nexica3.default\searchplugins\Askcom.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4nexica3.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
 
-\\ Google Chrome v31.0.1650.63
 
 
[ File : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [2198 octets] - [01/01/2014 10:02:09]
AdwCleaner[S0].txt - [2123 octets] - [01/01/2014 10:03:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2183 octets] ##########


#9 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 10:19 AM

 
HERE US THE LOG FROM THE JUNKWARE REMOVAL TOOL
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Ron on Wed 01/01/2014 at 10:11:28.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F3FF9B7-4EE6-4C27-8B08-47613B59CE57}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\4nexica3.default\extensions\staged
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/01/2014 at 10:18:14.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 11:27 AM

HERE US THE LOG FROM THE ESET SCAN

 

C:\Users\Ron\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Ron\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Ron\Downloads\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined


#11 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 11:31 AM

OK I HAVE FINISHED.  I WAS UNABLE TO SAVE ANY OF THE PROGRAMS TO MY DESKTOP.  IT DID NOT GIVE AN OPTION TO DO THAT AND ONLY THE OPTION TO RUN.  sO THIS HAS BEEN STORED IN MY DOWNLOADS.  PLEASE LET ME KNOW IF THE TROJAN.FAKEMS IS STILL HERE AND IF THERE IS ANYTHING ELSE YOU SEE THAT NEEDS TO BE DONE.

 

IN DOING THESE DOWNLOADS I AM WONDERING IF I SHOULD RUN THEM ON MY COMPUTER THAT I USE FOR MEDICAL PURPOSES FOR MY SON.  I RUN MALWAREBYTES PRO, AVAST SECURITY  RESTARTING THE MACHINE SINCE MY AVAST IS STILL TURNED OFF.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 AM

Posted 01 January 2014 - 12:16 PM

Good job!!

 

This is clean.. You can run these on the other and gat any other junk off...


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 12:35 PM

OH MY GOSH< IT IS REALLY GONE?   I CAN NOT THANK YOU ENOUGH.  I HAVE WARNED MY HUSBAND TO NOT GO ON THE INTERNET AGAIN WITH THIS COMPUTER.  I REALLY APPRECIATE YOUR HELP.   HOW CAN I MAKE A CONTRIBUTION FOR YOUR HELP????

NANCY



#14 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:11:50 AM

Posted 01 January 2014 - 12:51 PM

Am I supposed to remove the downloads that I installed or do I leave it on the computer?  Is there anything that I am supposed to "clean up"?



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 AM

Posted 01 January 2014 - 01:31 PM

Hello Nancy.
 
If you used a Flash Drive between compys then it should be cleaned.
 
All tools will be removed with the last step. If you want to use them again in the future, download anew so you have the latest database.
 
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
After every scan, an option to uninstall ESET Online Scanner with all its components is provided. It is a simple process and can be done directly via the graphic user interface by clicking the corresponding check box and clicking the uninstall on close button.

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs (filename: appwiz.cpl) applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Manual Uninstall: Run the ESET Online Scanner Uninstaller (filename: OnlineScannerUninstaller.exe) program, located in the C:/WINDOWS/SYSTEM32 directory on computers running 32-bit (x86) editions of Microsoft Windows and in the C:/WINDOWS/SYSWOW64 directory on computers running 64-bit (x64) editions of Microsoft Windows.
 
 
Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Thanks for the offer... I do not accept donations nor does BC.. But I will recommend, if you'd like to contribute to something that would be very much appreciated..
Make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers or are ajust hard workers.
I am still adding to this list.
[url="[url="[url="[url="[url="[url="[url="[url="

Happy New Year ~~~ boop
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users