[ginnyjoe]

Just thought I should let you know that the Firefox is working fine now. When I see the logs that I pasted it does not look Italicized. Sorry about that but I don't know what happened. Hope this is better now.

[Advertisements]

Just thought I should let you know that the Firefox is working fine now. When I see the logs that I pasted it does not look Italicized. Sorry about that but I don't know what happened. Hope this is better now.

No problem, and thanks for re-posting.  I don't know what may have happened either.

 

In your first logs post after the Windows Repair, MBAM and ESET instructions I provided, these entries were inserted between 2 Malwarebytes logs:

C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib\default-config.js JS/Bandoo.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winzipdusetup.exe a variant of Win32/Systweak.N potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winziprosetup.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\BrowserConnection.dll Win32/Toolbar.SearchSuite.H potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\datamngr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.R potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\BrowserConnection.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\IEBHO.dll Win64/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\nsb42AF.tmp\__localxml.xml Win32/DownloadAdmin.A.Gen potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SR\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\srpu.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

It's not clear to me what tool produced these lines, or which machine they were from.   Do you have any ideas about this?  I want to be certain we aren't missing anything.

 

Thanks for the logs so far, and things are indeed shaping up here. 

 

I look forward to reviewing your ESET log. 

[DanoNH]

Just thought I should let you know that the Firefox is working fine now. When I see the logs that I pasted it does not look Italicized. Sorry about that but I don't know what happened. Hope this is better now.

No problem, and thanks for re-posting.  I don't know what may have happened either.

 

In your first logs post after the Windows Repair, MBAM and ESET instructions I provided, these entries were inserted between 2 Malwarebytes logs:

C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib\default-config.js JS/Bandoo.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winzipdusetup.exe a variant of Win32/Systweak.N potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winziprosetup.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\BrowserConnection.dll Win32/Toolbar.SearchSuite.H potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\datamngr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.R potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\BrowserConnection.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\IEBHO.dll Win64/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\nsb42AF.tmp\__localxml.xml Win32/DownloadAdmin.A.Gen potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SR\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\srpu.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

It's not clear to me what tool produced these lines, or which machine they were from.   Do you have any ideas about this?  I want to be certain we aren't missing anything.

 

Thanks for the logs so far, and things are indeed shaping up here. 

 

I look forward to reviewing your ESET log. 

[ginnyjoe]

I thought I had posted this. I have been using the hp to post now that the internet is working on it. I have been using the ctrl c and ctrl v to copy and paste as I still cannot do it the other way.

C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib\default-config.js JS/Bandoo.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winzipdusetup.exe a variant of Win32/Systweak.N potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winziprosetup.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\BrowserConnection.dll Win32/Toolbar.SearchSuite.H potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\datamngr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.R potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\BrowserConnection.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\IEBHO.dll Win64/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\nsb42AF.tmp\__localxml.xml Win32/DownloadAdmin.A.Gen potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SR\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\srpu.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

Edited by ginnyjoe, 25 April 2015 - 08:11 AM.

[ginnyjoe]

When I did the ESET did this clean threats found as I did not see that after it was finished. If not should I redo it. Thanks.

[DanoNH]

Yes, those are the lines I was questioning. They showed up in between two MBAM logs...

 

So that is the ESET log you last posted?  I see ESET found PUPs (Potentially Unwanted Programs) there, but we did not select the "Remove Found Threats" option for this past scan because ESET can be overly aggressive.  Now that I've seen the results, I'll be back with instructions to clean up that mess too.

 

Thanks for being patient.  Just sit tight for right now.  I'll be back.

 

 

 

 

[DanoNH]

OK, hopefully we are almost done here...

 

Run a FRST Fix
 

• Download the attached fixlist.txt file and save it to the Desktop.   fixlist.txt   91bytes   201 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  
   
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

[ginnyjoe]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2015
Ran by Ginette at 2015-04-25 20:15:18 Run:3
Running from C:\Users\Ginette\Desktop
Loaded Profiles: Ginette (Available profiles: Ginette)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\SR Toolbar
C:\Windows\Installer\MSIDCD7.tmp
EmptyTemp:
end
*****************

C:\Program Files (x86)\SR Toolbar => Moved successfully.
"C:\Windows\Installer\MSIDCD7.tmp" => File/Directory not found.
EmptyTemp: => Removed 130 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:15:29 ====

[DanoNH]

OK, one more quick fix here, sorry.  It looks like one line was missing a character...

Run a FRST Fix

• Download the attached fixlist.txt file and save it to the Desktop.  fixlist.txt   57bytes   176 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
   
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

[ginnyjoe]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2015
Ran by Ginette at 2015-04-25 21:43:02 Run:5
Running from C:\Users\Ginette\Desktop
Loaded Profiles: Ginette (Available profiles: Ginette)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Windows\Installer\MSIDCD7.tmp-
EmptyTemp:
end
*****************

"C:\Windows\Installer\MSIDCD7.tmp-" => File/Directory not found.
EmptyTemp: => Removed 23.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:43:10 ====

[DanoNH]

Just checking in here.  I haven't forgotten about you.  I'll be back with a bit more to do for your system. 

[DanoNH]

Thanks for you patience.  Hopefully this will do the trick:

 

 

Run a FRST Fix

• Download the attached fixlist.txt file and save it to the Desktop.   fixlist.txt   172bytes   168 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
   
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

[ginnyjoe]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by Ginette at 2015-04-27 16:22:50 Run:6
Running from C:\Users\Ginette\Desktop
Loaded Profiles: Ginette (Available profiles: Ginette)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
C:\Windows\Installer\MSIDCD7.tmp-\srpu.dll
C:\Windows\Installer\MSIDCD7.tmp-\Smartbar.Resources.LanguageSettings.resources.dll
EmptyTemp:
end
*****************

Restore point was successfully created.
"C:\Windows\Installer\MSIDCD7.tmp-\srpu.dll" => File/Directory not found.
"C:\Windows\Installer\MSIDCD7.tmp-\Smartbar.Resources.LanguageSettings.resources.dll" => File/Directory not found.
EmptyTemp: => Removed 104.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:23:46 ====

[ginnyjoe]

My Microsoft security essentials found three Trojans. They were deleted, hope this doesn't create a problem. Just thought you should know.

[DanoNH]

My Microsoft security essentials found three Trojans. They were deleted, hope this doesn't create a problem. Just thought you should know.

It depends where they were found.  We have quarantined quite a bit on the machine, and it will be there until we begin our clean up.  I have had to consult with my colleagues on something about your system, so that is taking me a while to sort out.  Sorry.

 

You can check what MSE quarantined by double-clicking on the icon in the System Tray, going to the History tab, and selecting All detected items:

 

Let me know where they are located. 

[DanoNH]

Hi ginnyjoe,
 
Thanks for your patience here.  I need to make sure we have cleaned everything up on your system.  Besides the information requested in my last post, please try another FRST fix:
 
Run a FRST Fix

• Download the attached fixlist.txt file and save it to the Desktop.  fixlist.txt   121bytes   169 downloads
   
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.