Jump to content


Photo

Laptop needs a look see


  • This topic is locked This topic is locked
27 replies to this topic

#1 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 10 October 2012 - 10:21 AM

My laptop seems to be having a little issue especially on start up when connecting to the internet. Still operates pretty good though. Would just like someone to take a peek at it because I know there are some issues. Following are all the logs requested except a HJT log.

When I run HJT it stops and a window pops up says for some reason the system denied write access to host file (C:\windows\System32\drivers\etc\hosts) if any hijacked domains are in this file Hijack this may not be able to fix it and then it says it can not find the log file and asks if I want to create a new one and when I press yes nothing shows up.

Thank you in advance for all of your valuable assistance.



Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 20
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dennis at 14:42:47 on 2012-10-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2001 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\notepad.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{58F72163-F5C6-42E7-A712-C7C38081BC4C} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368&q=
FF - user.js: extensions.funmoods.id - D0DF9A442A70EE2E
FF - user.js: extensions.funmoods.instlDay - 15601
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2212:59:3
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-21 2656280]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-7-21 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250808]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 114144]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-09 18:12:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-28 20:39:33 -------- d-----w- C:\Users\Dennis\AppData\Roaming\QuickScan
2012-09-28 19:00:45 35192 ----a-w- C:\windows\System32\TURegOpt.exe
2012-09-28 19:00:45 26488 ----a-w- C:\windows\System32\authuitu.dll
2012-09-28 19:00:45 21880 ----a-w- C:\windows\SysWow64\authuitu.dll
2012-09-28 18:59:59 -------- d-----w- C:\ProgramData\AVG
2012-09-28 18:59:51 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-28 18:51:25 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-28 18:22:30 98816 ----a-w- C:\windows\sed.exe
2012-09-28 18:22:30 518144 ----a-w- C:\windows\SWREG.exe
2012-09-28 18:22:30 256000 ----a-w- C:\windows\PEV.exe
2012-09-28 18:22:30 208896 ----a-w- C:\windows\MBR.exe
2012-09-28 17:32:38 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Malwarebytes
2012-09-28 17:32:27 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-28 17:32:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-26 21:38:22 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-09-26 21:38:22 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-09-26 13:38:18 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-09-20 22:07:13 -------- d-----w- C:\Users\Dennis\AppData\Local\VS Revo Group
2012-09-20 21:40:46 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Garmin
2012-09-18 16:59:12 -------- d-----w- C:\Users\Dennis\AppData\Local\Wajam
2012-09-17 23:26:52 -------- d-----w- C:\ProgramData\Tarma Installer
2012-09-12 14:12:11 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-12 14:12:11 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-12 14:12:09 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 14:12:09 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:12:09 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-12 14:12:08 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-12 14:12:08 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 02:08:17 -------- d-----w- C:\Users\Dennis\AppData\Local\{1A9D680D-60A3-4F29-92E6-5EEEFB6938B5}
.
==================== Find3M ====================
.
2012-10-09 00:55:15 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 00:55:15 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-24 19:43:16 384352 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-26 07:21:28 291680 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 14:43:12.59 ===============


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.09.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dennis :: DENNIS-LAPTOP [administrator]

10/9/2012 2:13:39 PM
mbam-log-2012-10-09 (14-13-39).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295144
Time elapsed: 28 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Kaspersky Security Scan

Detailed report
Problems found



C:\Program Files (x86)\Java\jre6\bin\java.exe

Other issues (10)

Information about vulnerabilities associated with the settings of installed applications and the operating system.

"Autorun from hard drives is allowed"
"Autorun from network drives is enabled"
"CD/DVD autorun is enabled"
"Removable media autorun is enabled"
"Microsoft Internet Explorer - disable caching data received via protected channel"
"Microsoft Internet Explorer: disable sending error reports"
"Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
"Microsoft Internet Explorer: enable cache autocleanup on browser closing"
"Windows Explorer: display of known file types extensions is disabled"
"Microsoft Internet Explorer: start page reset"

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 October 2012 - 10:58 AM

Hello STA.

You have some adware ("funmoods", etc).
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 10 October 2012 - 11:08 AM

Hi CNM here is the log you requested. Thank you for your assistance. Also, should I delete a program I found called Tarma installer? Thanks..





# AdwCleaner v2.004 - Logfile created 10/10/2012 at 13:06:14
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dennis - DENNIS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Dennis\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\searchplugins\Conduit.xml
File Found : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\searchplugins\search.xml
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Dennis\AppData\Local\Wajam
Folder Found : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\FCTB

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\prefs.js

Found : user_pref("CT3244149.1000082.isPlayDisplay", "true");
Found : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3244149.FirstTime", "true");
Found : user_pref("CT3244149.FirstTimeFF3", "true");
Found : user_pref("CT3244149.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Found : user_pref("CT3244149.UserID", "UN94397166264291456");
Found : user_pref("CT3244149.UserId", "08f6774f-fa7f-b0cb-9f3b-e2ddc7b0bc99");
Found : user_pref("CT3244149.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3244149.autoDisableScopes", -1);
Found : user_pref("CT3244149.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3244149.cb_experience_000", "2");
Found : user_pref("CT3244149.cb_firstuse0100", "1");
Found : user_pref("CT3244149.cbcountry_001", "US");
Found : user_pref("CT3244149.cbfirsttime", "Mon Sep 17 2012 19:26:23 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT3244149.defaultSearch", "true");
Found : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3244149.enableAlerts", "always");
Found : user_pref("CT3244149.enableSearchFromAddressBar", "true");
Found : user_pref("CT3244149.firstTimeDialogOpened", "true");
Found : user_pref("CT3244149.fixPageNotFoundError", "true");
Found : user_pref("CT3244149.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3244149.fixUrls", true);
Found : user_pref("CT3244149.hxxp___api18_starwebnet_com.pid2", "bccc06808545c80a");
Found : user_pref("CT3244149.hxxp___api25_starwebnet_com.pid2", "3d350fad15e219ae");
Found : user_pref("CT3244149.hxxp___api28_starwebnet_com.pid2", "14231a021de1b49f");
Found : user_pref("CT3244149.hxxp___api30_starwebnet_com.pid2", "5e98eac3b285cb9c");
Found : user_pref("CT3244149.hxxp___api6_starwebnet_com.pid2", "42200d35a07fb9eb");
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache", "[\"c822c1b63853ed273b89[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui", "{\"gui\":[{\"type\[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings", "{\"initUrl\":\"hxxp:[...]
Found : user_pref("CT3244149.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
Found : user_pref("CT3244149.installId", "155");
Found : user_pref("CT3244149.installType", "ConduitNSISIntegration");
Found : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.isNewTabEnabled", true);
Found : user_pref("CT3244149.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3244149.keyword", true);
Found : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3244149.openThankYouPage", "false");
Found : user_pref("CT3244149.openUninstallPage", "true");
Found : user_pref("CT3244149.search.searchAppId", "129895725399351616");
Found : user_pref("CT3244149.search.searchCount", "0");
Found : user_pref("CT3244149.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3244149.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3244149.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347924378556");
Found : user_pref("CT3244149.serviceLayer_services_appsMetadata_lastUpdate", "1347924378560");
Found : user_pref("CT3244149.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347924379154");
Found : user_pref("CT3244149.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347985262565");
Found : user_pref("CT3244149.serviceLayer_services_optimizer_lastUpdate", "1347924379142");
Found : user_pref("CT3244149.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347924379020");
Found : user_pref("CT3244149.serviceLayer_services_searchAPI_lastUpdate", "1347924377723");
Found : user_pref("CT3244149.serviceLayer_services_serviceMap_lastUpdate", "1347924376128");
Found : user_pref("CT3244149.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347924379052");
Found : user_pref("CT3244149.serviceLayer_services_toolbarSettings_lastUpdate", "1347985262311");
Found : user_pref("CT3244149.serviceLayer_services_translation_lastUpdate", "1347924379147");
Found : user_pref("CT3244149.settingsINI", true);
Found : user_pref("CT3244149.shouldFirstTimeDialog", "false");
Found : user_pref("CT3244149.smartbar.CTID", "CT3244149");
Found : user_pref("CT3244149.smartbar.Uninstall", "1");
Found : user_pref("CT3244149.smartbar.homepage", true);
Found : user_pref("CT3244149.smartbar.isHidden", true);
Found : user_pref("CT3244149.smartbar.toolbarName", "WhiteSmoke US New ");
Found : user_pref("CT3244149.startPage", "userChanged");
Found : user_pref("CT3244149.toolbarBornServerTime", "18-9-2012");
Found : user_pref("CT3244149.toolbarCurrentServerTime", "18-9-2012");
Found : user_pref("CT3244149.url_history0001", "hxxp://us.mc1410.mail.yahoo.com/mc/showFolder?fid=%2540B%254[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3244149");
Found : user_pref("backup.old.browser.search.selectedEngine", "WhiteSmoke US New Customized Web Search");
Found : user_pref("extensions.funmoods.aflt", "adknlg");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "5452934A8AF14BCD9685B709D61CB040");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Found : user_pref("extensions.funmoods.id", "D0DF9A442A70EE2E");
Found : user_pref("extensions.funmoods.instlDay", "15601");
Found : user_pref("extensions.funmoods.instlRef", "adknlg");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2212:59:3");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2212:59:3");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:59:3");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ClearCacheDate", 18);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DNSCatch", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DisplayEULA", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EBOMode", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EnableDCAData_xx", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EnableDCA_xx", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.FirstLaunchShown", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallDomain", "freecause.com");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallType", "standard");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.LoadLayoutDate.100815", 18);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ShowRecommendedOptions", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.StateReportDate", "1347924432202");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.Uninstall", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeInstallSaved", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.homepage", "hxxp%3A//search.condu[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.search", "WhiteSmoke%20US%20New%2[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.customNewTab", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.dcaDefaultMode", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.dcaShowInstallerPage", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.dcaShowSurvey", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.helpUsImprove", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.hideOthers", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.partnerauth", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.processAddrBar", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.restoreSearch", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.runcmd.", "bb_acct_status_1347988748");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.searchHistory", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.session", "AA2FC411DE59BAF5097D66EDCC7230205D12[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.showFirstLaunchOptions", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tb_lang", "en");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tool_id", "100815");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_id", "121243426");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_key", "b8bc8873b3d9f3993f1db6d606b6d4c1842[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_layouts", "100815");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_lnames", "fcreward.100815.b");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.yahooSearch", true);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.3] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368" ],
Found [l.10] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368",
Found [l.39] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368",

*************************

AdwCleaner[R1].txt - [16782 octets] - [10/10/2012 13:06:14]

########## EOF - C:\AdwCleaner[R1].txt - [16843 octets] ##########

#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 October 2012 - 11:23 AM

Please look at the log and if you are pretty sure there is nothing you want to keep, allow AdwCleaner to remove everything it found.
Make a Restore Point first. Give it description like "Before AdwCleaner".

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 10 October 2012 - 11:51 AM

I ran as instructed but the computer did not reboot automatically I had to reboot it manually and then I had to search for the following log file. Thank you.


# AdwCleaner v2.004 - Logfile created 10/10/2012 at 13:39:43
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dennis - DENNIS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Dennis\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\searchplugins\search.xml
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Dennis\AppData\Local\Wajam
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\FCTB

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM64\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM64\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM64\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = http://start.funmood...tB&cr=930267368 --> http://www.google.com



Sorry for the edit thing but I started thinking about that first scan and thought maybe AVG might have caused some issues so I disabled AVG and reran the scan and delete. Following is the log from the second run, I also ran delete but can't seem to find a log from that run. I ran it a third time and the log is at the bottom of this edit. Also during the runs, close to the end of the runs, a blank notepad window opened and also a small window opened with it saying access denied. This time it asked for permission to reboot as you instructed. Also I would like to inform you that during the run with AVG active, an AVG threat box popped up and so I clicked on the quarantine it box and AVG has whatever it supposedly quarantined in the AVG virus vault but will not delete and keeps coming back. One more thing I would like you to know, after the first scan, I was looking through my files and I deleted some Google files that I thought were not needed and after that deletion, a bios update appeared in my Toshiba service station so I installed that update. That update was issued a while ago on my girlfriends PC and I was wondering why I never received it. Another Toshiba update appeared but would not install and showed an error message and is being blocked by something with Google in it. Evidently, something that was cleaned out had been blocking that and also 14 windows updates that showed up and I also installed. Thank for you assistance I greatly appreciate it.


# AdwCleaner v2.004 - Logfile created 10/10/2012 at 13:39:22
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dennis - DENNIS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Dennis\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\searchplugins\Conduit.xml
File Found : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\searchplugins\search.xml
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Dennis\AppData\Local\Wajam
Folder Found : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\FCTB

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\prefs.js

Found : user_pref("CT3244149.1000082.isPlayDisplay", "true");
Found : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3244149.FirstTime", "true");
Found : user_pref("CT3244149.FirstTimeFF3", "true");
Found : user_pref("CT3244149.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Found : user_pref("CT3244149.UserID", "UN94397166264291456");
Found : user_pref("CT3244149.UserId", "08f6774f-fa7f-b0cb-9f3b-e2ddc7b0bc99");
Found : user_pref("CT3244149.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3244149.autoDisableScopes", -1);
Found : user_pref("CT3244149.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3244149.cb_experience_000", "2");
Found : user_pref("CT3244149.cb_firstuse0100", "1");
Found : user_pref("CT3244149.cbcountry_001", "US");
Found : user_pref("CT3244149.cbfirsttime", "Mon Sep 17 2012 19:26:23 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT3244149.defaultSearch", "true");
Found : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3244149.enableAlerts", "always");
Found : user_pref("CT3244149.enableSearchFromAddressBar", "true");
Found : user_pref("CT3244149.firstTimeDialogOpened", "true");
Found : user_pref("CT3244149.fixPageNotFoundError", "true");
Found : user_pref("CT3244149.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3244149.fixUrls", true);
Found : user_pref("CT3244149.hxxp___api18_starwebnet_com.pid2", "bccc06808545c80a");
Found : user_pref("CT3244149.hxxp___api25_starwebnet_com.pid2", "3d350fad15e219ae");
Found : user_pref("CT3244149.hxxp___api28_starwebnet_com.pid2", "14231a021de1b49f");
Found : user_pref("CT3244149.hxxp___api30_starwebnet_com.pid2", "5e98eac3b285cb9c");
Found : user_pref("CT3244149.hxxp___api6_starwebnet_com.pid2", "42200d35a07fb9eb");
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache", "[\"c822c1b63853ed273b89[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui", "{\"gui\":[{\"type\[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings", "{\"initUrl\":\"hxxp:[...]
Found : user_pref("CT3244149.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
Found : user_pref("CT3244149.installId", "155");
Found : user_pref("CT3244149.installType", "ConduitNSISIntegration");
Found : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.isNewTabEnabled", true);
Found : user_pref("CT3244149.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3244149.keyword", true);
Found : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3244149.openThankYouPage", "false");
Found : user_pref("CT3244149.openUninstallPage", "true");
Found : user_pref("CT3244149.search.searchAppId", "129895725399351616");
Found : user_pref("CT3244149.search.searchCount", "0");
Found : user_pref("CT3244149.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3244149.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3244149.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347924378556");
Found : user_pref("CT3244149.serviceLayer_services_appsMetadata_lastUpdate", "1347924378560");
Found : user_pref("CT3244149.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347924379154");
Found : user_pref("CT3244149.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347985262565");
Found : user_pref("CT3244149.serviceLayer_services_optimizer_lastUpdate", "1347924379142");
Found : user_pref("CT3244149.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347924379020");
Found : user_pref("CT3244149.serviceLayer_services_searchAPI_lastUpdate", "1347924377723");
Found : user_pref("CT3244149.serviceLayer_services_serviceMap_lastUpdate", "1347924376128");
Found : user_pref("CT3244149.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347924379052");
Found : user_pref("CT3244149.serviceLayer_services_toolbarSettings_lastUpdate", "1347985262311");
Found : user_pref("CT3244149.serviceLayer_services_translation_lastUpdate", "1347924379147");
Found : user_pref("CT3244149.settingsINI", true);
Found : user_pref("CT3244149.shouldFirstTimeDialog", "false");
Found : user_pref("CT3244149.smartbar.CTID", "CT3244149");
Found : user_pref("CT3244149.smartbar.Uninstall", "1");
Found : user_pref("CT3244149.smartbar.homepage", true);
Found : user_pref("CT3244149.smartbar.isHidden", true);
Found : user_pref("CT3244149.smartbar.toolbarName", "WhiteSmoke US New ");
Found : user_pref("CT3244149.startPage", "userChanged");
Found : user_pref("CT3244149.toolbarBornServerTime", "18-9-2012");
Found : user_pref("CT3244149.toolbarCurrentServerTime", "18-9-2012");
Found : user_pref("CT3244149.url_history0001", "hxxp://us.mc1410.mail.yahoo.com/mc/showFolder?fid=%2540B%254[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3244149");
Found : user_pref("backup.old.browser.search.selectedEngine", "WhiteSmoke US New Customized Web Search");
Found : user_pref("extensions.funmoods.aflt", "adknlg");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "5452934A8AF14BCD9685B709D61CB040");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Found : user_pref("extensions.funmoods.id", "D0DF9A442A70EE2E");
Found : user_pref("extensions.funmoods.instlDay", "15601");
Found : user_pref("extensions.funmoods.instlRef", "adknlg");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2212:59:3");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2212:59:3");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:59:3");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ClearCacheDate", 18);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DNSCatch", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DisplayEULA", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EBOMode", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EnableDCAData_xx", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EnableDCA_xx", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.FirstLaunchShown", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallDomain", "freecause.com");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallType", "standard");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.LoadLayoutDate.100815", 18);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ShowRecommendedOptions", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.StateReportDate", "1347924432202");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.Uninstall", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeInstallSaved", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.homepage", "hxxp%3A//search.condu[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.search", "WhiteSmoke%20US%20New%2[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.customNewTab", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.dcaDefaultMode", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.dcaShowInstallerPage", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.dcaShowSurvey", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.helpUsImprove", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.hideOthers", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.partnerauth", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.processAddrBar", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.restoreSearch", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.runcmd.", "bb_acct_status_1347988748");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.searchHistory", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.session", "AA2FC411DE59BAF5097D66EDCC7230205D12[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.showFirstLaunchOptions", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tb_lang", "en");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tool_id", "100815");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_id", "121243426");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_key", "b8bc8873b3d9f3993f1db6d606b6d4c1842[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_layouts", "100815");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_lnames", "fcreward.100815.b");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.yahooSearch", true);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.3] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368" ],
Found [l.10] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368",
Found [l.39] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyEyEtB0AyBtD0E0EtB0EtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=930267368",

*************************

AdwCleaner[R1].txt - [16905 octets] - [10/10/2012 13:06:14]
AdwCleaner[R2].txt - [16843 octets] - [10/10/2012 13:39:22]

########## EOF - C:\AdwCleaner[R2].txt - [16904 octets] ##########




THIRD RUN LOG FILE:

# AdwCleaner v2.004 - Logfile created 10/10/2012 at 15:48:42
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dennis - DENNIS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [17951 octets] - [10/10/2012 13:39:22]
AdwCleaner[S2].txt - [915 octets] - [10/10/2012 15:48:42]

########## EOF - C:\AdwCleaner[S2].txt - [974 octets] ##########

Edited by STA, 11 October 2012 - 07:29 AM.


#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 11 October 2012 - 11:17 PM

Puzzling. AdwCleaner deleted all that stuff ('funmoods', 'conduit' et al.), then found it, then no sign of it in your final log. It appears that AdwClweaner did succeed in deleting it, but please run it one more time using the 'Search' button and post the search log.

Please do this important security update:
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 07:58 AM

Hi CNM, I uninstalled the old version of Java and installed the new version per your instructions and following is the AdwCleaner log you requested. I disabled AVG and Windows firewall before I ran AdwCleaner to make sure nothing interfered with it like it did in previous runs as I mentioned in my last post. Then I also ran it with AVG and Windows firewall active and posted that log as well. I also wanted to let you know when I uninstall AdwCleaner an AVG threat detected box opens and asks me to quarantine threats. After I click OK to that I get a box that says threat removal completed and then,

file name: C:\USERS\DENNIS\DESKTOP\ADWCLEANER.EXE

then 4 red bars that says the level of security

then it says 12 processes terminated and 3 files deleted. I don't know if that is important but I thought I should inform you of this.

Thank you for your valuable time and assistance.


# AdwCleaner v2.004 - Logfile created 10/12/2012 at 09:49:39
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dennis - DENNIS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [854 octets] - [12/10/2012 09:49:39]

########## EOF - C:\AdwCleaner[R1].txt - [913 octets] ##########





FOLLOWING IS A LOG WITH AVG AND WINDOWS FIREWALL ACTIVE, THANK YOU:



# AdwCleaner v2.004 - Logfile created 10/12/2012 at 10:07:23
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dennis - DENNIS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\0whjjedl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [981 octets] - [12/10/2012 09:49:39]
AdwCleaner[R2].txt - [913 octets] - [12/10/2012 10:07:23]

########## EOF - C:\AdwCleaner[R2].txt - [972 octets] ##########




Also, I thought this might be pertinent, I tried to install the software update titled "Toshiba start page configurations" in my Toshiba Service Station and it will not install and the following information showed up in a box that pops up and I believe not all of the text shows up in the box, it looks like some of these lines are cut off but I can not expand the box to see if I can view the remainder of the information:


BOX TITLE:
Error: WBT - 090241_13.04.30.startpage_2nd_10003.e


Error: C:\ProgramData\Toshiba\TSS\Plugins\SwUpdates


A RED STOP SIGN ICON APPEARS HERE, AND THEN,
3052: Ininitialized variable, undefined function, or unquoted string

On line 55 of C:\Winbatch\T...\startpage_2nd_install.WBT

(THIS ITEM IS IN A WINDOW INSIDE THE ERROR BOX JUST AS WRITTEN:)

if currscdn== "Google" Then Goto End

(AND THEN AT THE BOTTOM OF THE ERROR BOX IT SAYS:)

WinBatch 32 2011A
WIL Version: 6.11aka

Three option buttons accross the bottom of the box are:
OK, Traceback, More Error Info

When I hit the Traceback button a box opens titled Traceback and the text in the box says:
#Type, Line # Error Line, Source FIle
1 <Error> 55 If currscdn = = "Google Then ... startpage_2nd_inst



When I hit the more error info button a small box opens with a yellow yeild sign with an exclimation point in it
and the text says: Un intializes variable or undefined function: currscdn

Edited by STA, 12 October 2012 - 09:11 AM.


#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 10:13 AM

Your PC is clean.

Now for that error. Similar one reported here. There is evidently a bug in the batch file that is run. I need to have a look at it. First I'll try to identify the batch file.
Please download SystemLook from one of the links below and save it to your Desktop on the affected PC.
http://jpshortstuff..../SystemLook.exe
http://images.malwar.../SystemLook.exe
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\Winbatch\Toshiba /s
C:\ProgramData\Toshiba\TSS\Plugins
Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 10:22 AM

Following is the log as requested. Thank you CNM your help is greatly appreciated.


SystemLook 30.07.11 by jpshortstuff
Log created at 12:20 on 12/10/2012 by Dennis
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Winbatch\Toshiba - Unable to find folder.

C:\ProgramData\Toshiba\TSS\Plugins - Parameters: "(none)"

---Files---
None found.

---Folders---
SwUpdates d------ [14:46 28/07/2011]

-= EOF =-

#10 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 11:24 AM

Hmmm. The folder must be there. Please try this:

Please download SystemLook_x64 from one of the links below and save it to your Desktop on the affected PC.
http://jpshortstuff....temLook_x64.exe
http://images.malwar...temLook_x64.exe
Double-click SystemLook_x64.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\Winbatch /s
Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 12:03 PM

Hi CNM, ran it again following is the log. Thank you. By the way, this process takes less than a second to complete when I run it.


SystemLook 30.07.11 by jpshortstuff
Log created at 14:00 on 12/10/2012 by Dennis
Administrator - Elevation successful

========== dir ==========

C:\Winbatch - Unable to find folder.

-= EOF =-

Edited by STA, 12 October 2012 - 12:05 PM.


#12 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 12:27 PM

Well that makes the error message incomprehensibly demented. :D
Possibly AdwCleaner removed something it shouldn't have.

(From http://forums.toshib...ion/td-p/279717)

Try reinstalling Toshiba Service Station
Uninstall it first if possible.


I notice that many users here don't like Service Station and remove it. They prefer to visit the Toshiba site from time to time and check the Support Bulletins.

That 'Toshiba site' link is for Satellite A665D-S6051. What model do you have?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#13 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 01:01 PM

Hi CNM, I have an L770 Satellite. I used revo uninstaller to uninstall service station and then I went to Toshiba's website and found the right download for it and reinstalled it. When I checked it after the reinstall, the same update "Toshiba start page configurations" was there and I tried to install it but the same issue showed up as previously posted. Thank you again for your valuable time and assistance.

Edited by STA, 12 October 2012 - 01:20 PM.


#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 02:02 PM

I suggest forgetting Service Station and going directly to the support site to check for updates from time to time.
There are a lot of different Satellite L770
This link is for L770-BT4N22 which doesn't appear to have any updates available: http://www.csd.toshi...ategory=2756709

Please go to http://www.csd.toshi...rt/jsp/home.jsp
Click 'Product Support'.
In the Model Finding Filter, write 'L770'. Then pick the right one. Click 'Go'. Save the link for it, for future use.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 02:22 PM

Ok I will forget about Service Station. Does everything else look good? I was wondering because of that issue with HiJackThis not running properly, but I have never used it with Windows 7. Also can I ask your advice on using Firefox or IE. I have also read a few of your posts regarding anti virus programs and it seems I am making a mistake by Using AVG. Unfortunately I just renewed my subscription with them but if you think I should change I certainly will listen to your expert advice. Thank you for all of your assistance I greatly appreciate it.

Edited by STA, 12 October 2012 - 02:25 PM.


#16 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 02:27 PM

AVG is OK, but I myself wouldn't pay money when there is first-rate free Avast available.

As long as they are updated I don't think there is any significant difference between IE and FF any more.
I personally use Chrome. It's generally much the fastest to load.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#17 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 02:34 PM

OK thanks for the information.

#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 02:37 PM

Did you find the support link for your laptop?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#19 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 03:28 PM

I found the support page for the model L770 but I am not sure what the BT4N22 is or where I can find that part of it for my pc. I have looked all over but can not locate anything like that. I was wondering if you can tell me how to get rid of the following. I use CCleaner and when I run the registry cleaner this seems to always be there,

Unused File Extension . HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.

Thank you again for all of your generous time and assistance.

#20 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 04:01 PM

Did you do what I said here and find the right one?

BT4N22 is probably wrong. The correct one should be on the label on the bottom of the case.

Turning your laptop upside down while it is still powered on and the lid open may result in damage.

Shut down the laptop and close the lid. Also, if you have any peripherals such as a USB mouse or headphones connected, you may want to disconnect those items, along with your power adapter.

Position the laptop. With the lid closed, lay the laptop on its lid with the underside facing up, being careful not to damage or scratch your chassis.

Record your model number. The model number will be stickered on the underside of your laptop. The color of the sticker will usually be black and gray, with the words "Toshiba" and "Satellite" labeled across the top. Your model number will appear at the top, for example as "Satellite A505-S6004." Use a pen and paper to record the number.

Restore your laptop for normal use. Carefully upright your laptop and reattach any peripherals and chords. You may then proceed to using your laptop as normal.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#21 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 04:19 PM

I have looked all over, even in my system information, but the only thing I can find is Satellite L770, part number PSK3SU-01E00C I got this information off of the sticker on the bottom of the laptop. Thank you.

#22 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 04:36 PM

I guess your laptop is so old that Toshiba has forgotten about it. (Which could be why the Toshiba Service Station doesn't work).

Also I forgot to say:
Unused File Extension	.	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
is nothing to worry about. We don't recommend use of Registry cleaners, which can do harm and don't speed up the PC..
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#23 STA

STA

    Member

  • Helper Trainee
  • Pip
  • 59 posts

Posted 12 October 2012 - 04:53 PM

Ok Thank you, I will stop running that reg. cleaner. I bought it new from Best Buy in 2010.

#24 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 October 2012 - 05:11 PM

2010 wouldn't seems that old. But the model was sold as early as 2006.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#25 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 October 2012 - 08:01 PM

Does everything else look good? I was wondering because of that issue with HiJackThis not running properly, but I have never used it with Windows 7.

HijackThis can't deal effectively with Win 7. You can ignore that.

Your PC appears to be in good shape for an elderly model. Noticing any remaining problems?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#26 deejay

deejay

    Member

  • Full Member
  • Pip
  • 76 posts

Posted 18 October 2012 - 09:02 PM

No other issues that I am aware of at this time. Thank you for your valuable time and expertise I greatly appreciate it.

#27 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 October 2012 - 09:09 PM

Please clean up our tools now:

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with yes
Delete DDS and Security Check from your Desktop. Also SystemLook.



Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#28 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 25 October 2012 - 12:37 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button