Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
ATTENTION: System Restore is disabledTurn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html===
Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Extended Update (HKU\S-1-5-21-667826694-88005462-4060237046-1001\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
VidsqaurE (HKLM-x32\...\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1) (Version: 1.4 - ) <==== ATTENTION
===
Press the
Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to a new file.
Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
(TOSHIBA CORPORATION) C:\Windows\Temp\msnxcapsrv.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-667826694-88005462-4060237046-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D062817-AB130A7715E&form=CONMHP&conlogo=CT3335649
SearchScopes: HKU\S-1-5-21-667826694-88005462-4060237046-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D062817-AB130A7715E&form=CONBDF&conlogo=CT3335649&q={searchTerms}
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
FF NewTab: Mozilla\Firefox\Profiles\f9ujd3du.default -> hxxp://www.bing.com/?pc=COSP&ptag=D062817-AB130A7715E&form=CONMHP&conlogo=CT3335649
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\f9ujd3du.default -> hxxps://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
CHR NewTab: Default -> Active:"chrome-extension://jddmnkdeojnommcapgiojabnpecbpage/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
CHR DefaultSearchKeyword: Default -> se
CHR Extension: (Screen Addict) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddmnkdeojnommcapgiojabnpecbpage [2017-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
S2 4vUMsZiCdrDc Updater; C:\Program Files (x86)\4vUMsZiCdrDc Updater\4vUMsZiCdrDc Updater.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File
Task: {56281AA6-A160-4D7B-A605-3C7D1AAB098F} - \AutoKMS -> No File <==== ATTENTION
Task: {67737AF3-6D07-4191-B051-6FFBD2665AFF} - System32\Tasks\4vUMsZiCdrDc => 4vumszicdrdc.exe
DNS Servers: 82.163.142.8 - 95.211.158.136
HKLM\...\StartupApproved\Run32: => "lsalskj.exe"
C:\Program Files (x86)\4vUMsZiCdrDc
C:\Windows\System32\Tasks\4vUMsZiCdrDc
C:\Windows\Temp\msnxcapsrv.exe
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
End
Save the file as
fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
Run
FRST and click
Fix only once and wait.
The tool will create a log (Fixlog.txt) please post it to your reply.
===
Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F===
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jspBe careful not to install malware posing as Java update!Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.htmlHow to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
---
Please let me know what problem persists with this computer.