help with possible virus removal?

[drmax]

I thought there was a section here, that gave details on what to submit here, in order for a professional from within to examine the content and then give further instruction. Is it still here, or is it gone? I looked under security. Hmm, I'm missing something...Thx, DM

 

[Jacee]

Hi DM
What problems are you having?

Download DDS from one of these links:
DDS.com
DDS.pif

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

 

[drmax]

Under what section do I put the info? Oh, my kids have gotten into various sites. Sometimes when the desktop only displayed I hear an add running. Weird. I run malware bites and super anti spyware both free versions, with microsofts virus protection. IE explorer constantly crashes, while Firefox is stable. Figured I'd have some here have a look

 

[Jacee]

Stay here! .... copy and paste the DDS logs... Then click the button "Submit Reply".

I'm going to try to help you with your problem. I'm trained, and I train others in malware/virus removal

 

[drmax]

Ok. Will do tomorrow. Thx

 

[Jacee]

 

[drmax]

Under what section do I put the info? Oh, my kids have gotten into various sites. Sometimes when the desktop only displayed I hear an add running. Weird. I run malware bites and super anti spyware both free versions, with microsofts virus protection. IE explorer constantly crashes, while Firefox is stable. Figured I'd have some here have a look

I also keep getting a pop up window stating internet explorer has stopped working, and to ck for online solution or restart program. This is without IE not even opened.

 

[drmax]

.txt log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17728 BrowserJavaVersion: 1.6.0_31
Run by greg at 6:44:36 on 2015-04-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7656.3991 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.safesear.ch/web/?type=20150204-120-sshome-ie-df&q={searchTerms}
uSearch Page = hxxp://www.safesear.ch/web/?type=20150204-120-sshome-ie-df&q={searchTerms}
uDefault_Page_URL = Google
mStart Page = Google
mSearch Page = hxxp://www.safesear.ch/web/?type=20150204-120-sshome-ie-df&q={searchTerms}
mDefault_Page_URL = Google
uProxyOverride = <-loopback>
uSearchAssistant = Google
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Simple: {886bf106-6ebf-4ef4-8676-6663caabbda4} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
mRun: [Check Point VPN] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\greg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KASPER~1.LNK - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICJ~1.LNK - C:\Users\greg\AppData\Roaming\mjusbsp\magicJackLoader.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://portal.edc-ssl.vpn.fedex.com//SNX/CSHELL/extender.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{79EC1C0D-6AFB-42D0-AF61-CC1A54B9D6EE} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D324EA4D-1C7B-4229-97CF-2839FB068F34} : DHCPNameServer = 204.135.46.98 199.82.243.70 146.18.173.70
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [CucusoftNetGuard] <no file>
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\eyt134nm.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-3-23 36448]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-7 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-8 365568]
R2 CS_SysMsgProxy;CS_SysMsgProxy;C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [2015-2-28 255136]
R2 EPWD;Check Point Endpoint Client Watchdog;C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [2013-5-16 281104]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [2014-11-6 242216]
R2 kss;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-4-6 918824]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 124560]
R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
R2 TracSrvWrapper;Check Point Endpoint Security VPN;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2013-8-12 4974728]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-4 46136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\System32\drivers\vnaap.sys [2011-9-15 161256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-9-4 87168]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-9-4 188544]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2015-1-3 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-4-19 114688]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-4 1255736]
.
=============== Created Last 30 ================
.
2015-04-26 10:43:16 99384 ----a-w- C:\Users\greg\AppData\Roaming\inst.exe
2015-04-25 23:54:38 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A4C808B-8EA9-41E6-9DDE-EDCECB5CD0F0}\offreg.dll
2015-04-25 23:53:32 12032440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A4C808B-8EA9-41E6-9DDE-EDCECB5CD0F0}\mpengine.dll
2015-04-25 18:18:05 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-04-25 18:18:05 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-04-25 18:04:05 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2015-04-25 17:07:20 12032440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-19 18:58:22 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-04-19 18:58:22 -------- d-s---w- C:\Windows\System32\GWX
2015-04-19 18:58:22 -------- d-----w- C:\Windows\System32\appraiser
2015-04-10 18:00:26 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-03-31 16:36:53 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00CB84D3-CE66-4537-9E01-2552F6CD65FB}\gapaengine.dll
.
==================== Find3M ====================
.
2015-04-26 10:43:16 82816 ----a-w- C:\Users\greg\AppData\Roaming\pcouffin.sys
2015-04-25 18:19:22 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-19 16:25:28 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-19 15:42:28 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-19 15:42:28 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-13 04:25:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-03-13 04:25:01 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-03-13 04:09:12 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-03-13 04:08:33 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-03-13 04:08:27 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-03-13 04:08:17 417280 ----a-w- C:\Windows\System32\html.iec
2015-03-13 04:06:54 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-03-13 03:54:11 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-03-13 03:54:00 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-03-13 03:53:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-03-13 03:50:45 6025216 ----a-w- C:\Windows\System32\jscript9.dll
2015-03-13 03:44:48 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-03-13 03:42:18 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-03-13 03:32:48 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-03-13 03:28:48 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-03-13 03:28:37 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-03-13 03:27:35 340992 ----a-w- C:\Windows\SysWow64\html.iec
2015-03-13 03:26:19 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-03-13 03:16:26 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-03-13 03:15:40 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-03-13 03:05:50 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-03-13 03:05:24 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-03-13 03:01:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21 4305408 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-03-13 02:43:41 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-03-13 02:42:47 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-17 19:26:28 1217184 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-02-04 16:23:14 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 16:13:22 869536 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll

 

[drmax]

oh is MIE considered a script blocker? Sorry but if so I did not disable this while I performed the above. I can redo, let me know

 

[Jacee]

I see you have two antivirus programs running. Please uninstall one.
Microsoft Security Essentials
Kaspersky Security Scan
These programs are resource hogs and fight each other for your system's resources. They may also fight each other's 'definitions'.

Download AdwCleaner by Xplode and save to your Desktop.

Step 1.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 2.
Using AdwCleaner v3: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

******Post both .txt logs

 

[drmax]

I see you have two antivirus programs running. Please uninstall one.
Microsoft Security Essentials
Kaspersky Security Scan
These programs are resource hogs and fight each other for your system's resources. They may also fight each other's 'definitions'.

Download AdwCleaner by Xplode and save to your Desktop.

Step 1.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 2.
Using AdwCleaner v3: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

******Post both .txt logs

it is wanting me to select a folder or something. Right now it's highlighted on "services" and is doing nothing. There is nothing to uncheck or check under services.

 

[Jacee]

Just click on the scan button.......

 

[drmax]

Just click on the scan button.......

I did. It has showed the same thing for the last 2 hrs. Nothing....I restarted the program and the same thing
It says..."waiting for action....please uncheck elements you want to keep".

 

[Jacee]

Okay, do this now....
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Click on Computer, then local disk C:\ You should see a folder that says AdwCleaner. Open it to find the report log.

 

[drmax]

Okay, do this now....
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Click on Computer, then local disk C:\ You should see a folder that says AdwCleaner. Open it to find the report log.

you do not understand. it has done nothing. scan is still greyed out. it doesn't appear to work. there is no "finished" button. it never scanned anything.

 

[Jacee]

Delete the copy you have, re-download a new copy of AdwCleaner from my link above. Be sure to save it to your desk top before clicking to run --> 7/8 users right-click and select Run As Administrator

Tell me if that works.

 

[Jacee]

Have I lost you?

 

[drmax]

Have I lost you?

Downloaded a new copy. It does perform the generic scan. After those 10 seconds, it still says "waiting for action. please uncheck elements you want to keep" there are tabs at the bottom. Services, folders, files, shortcuts, scheduled tasks...etc. If I click on folders, then there are bunch of things to look at. So I don't know what the problem is. I'm about over it.

 

[drmax]

i performed the same action on my windows 7 laptop. Same thing!! I think you are missing some instructions. I am doing exactly what you are telling me to do. Don't assume I know what I'm doing, like clicking on something else down below in this program. Here is a screenshot

 

[Jacee]

I don't want you to click on anything else, just the full *scan* button. It may take a while. I just need to see the .txt log that the full scan produces.
After it says "waiting for action" .... click on the Report button. Then copy and paste the log file.

I'll look at that and then tell you what to click on next.