Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked, mbam won't open


  • This topic is locked This topic is locked
5 replies to this topic

#1 AHolladay

AHolladay

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 10 July 2014 - 11:55 AM

My computer seems to be running fine, possibly a little slow. I didn't notice a problem until my start page was changed. I tried to run Malwarebytes but it won't open at all. I tried running it through Chameleon and that didn't work either. So, I uninstalled it and tried installing it again with Chameleon. It installed but still won't open even using all 13 options. DDS logs attached. Thanks in advance for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:58 AM

Posted 14 July 2014 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 AHolladay

AHolladay
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 15 July 2014 - 02:54 PM

Good afternoon and thank you! The computer is behaving as before. My homepage is what it should be but mbam begins to run and then is shut down before it opens. Log files follow, as requested.

# AdwCleaner v3.215 - Report created 15/07/2014 at 15:23:20
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Home - HOME-HP
# Running from : C:\Users\Home\Desktop\adwcleaner_3.215.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\searchplugins\WSE Rocket.xml
File Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\user.js
File Found : C:\Windows\System32\Tasks\DigitalSite
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko
Folder Found : C:\Users\Home\AppData\Roaming\RocketUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\torch
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A063E015-A729-4487-ABD5-76070A3F795D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A063E015-A729-4487-ABD5-76070A3F795D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\torch
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_wnzp01_14_28_ch&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtAyC0CzyzyzytCyBtDtDtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0E0D0CyCzzyDyBtG0AyD0ByCtG0AyDtC0FtG0CyBzztCtGyC0FtBzzyC0BtByDtCzzyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzytCtBtByD0F0EtG0EtC0DtAtGyE0C0AzytGzyyEyDzztGyDtBtC0BtC0F0D0C0F0B0B0A2Q&cr=986499837&ir=
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtAyC0CzyzyzytCyBtDtDtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtAyDyCtDtB0E0DtGyCtAyEtCtGzz0Fzz0AtGyB0A0EtAtGtBtDtA0A0BtAyD0B0CtCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzytCtBtByD0F0EtG0EtC0DtAtGyE0C0AzytGzyyEyDzztGyDtBtC0BtC0F0D0C0F0B0B0A2Q&cr=373891444&ir=
Found [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_wnzp01_14_28_ch&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtAyC0CzyzyzytCyBtDtDtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0E0D0CyCzzyDyBtG0AyD0ByCtG0AyDtC0FtG0CyBzztCtGyC0FtBzzyC0BtByDtCzzyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzytCtBtByD0F0EtG0EtC0DtAtGyE0C0AzytGzyyEyDzztGyDtBtC0BtC0F0D0C0F0B0B0A2Q&cr=986499837&ir=
Found [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Found [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
Found [Extension] : iaimhpklononapfjngelgdokckfjekfc
Found [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
Found [Extension] : lbcoijfpdfchaihokncghkbplhiiehko
Found [Extension] : pljcgbedjplidkdjahbaalanadmjfgop
 
*************************
 
AdwCleaner[R0].txt - [8238 octets] - [15/07/2014 15:23:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8298 octets] ##########
 
 
# AdwCleaner v3.215 - Report created 15/07/2014 at 15:28:01
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Home - HOME-HP
# Running from : C:\Users\Home\Desktop\adwcleaner_3.215.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\Home\AppData\Roaming\RocketUpdater
Folder Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko
File Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\searchplugins\WSE Rocket.xml
File Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\user.js
File Deleted : C:\Windows\System32\Tasks\DigitalSite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A063E015-A729-4487-ABD5-76070A3F795D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A063E015-A729-4487-ABD5-76070A3F795D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\torch
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtAyC0CzyzyzytCyBtDtDtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtAyDyCtDtB0E0DtGyCtAyEtCtGzz0Fzz0AtGyB0A0EtAtGtBtDtA0A0BtAyD0B0CtCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzytCtBtByD0F0EtG0EtC0DtAtGyE0C0AzytGzyyEyDzztGyDtBtC0BtC0F0D0C0F0B0B0A2Q&cr=373891444&ir=
Deleted [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_wnzp01_14_28_ch&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtAyC0CzyzyzytCyBtDtDtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0E0D0CyCzzyDyBtG0AyD0ByCtG0AyDtC0FtG0CyBzztCtGyC0FtBzzyC0BtByDtCzzyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzytCtBtByD0F0EtG0EtC0DtAtGyE0C0AzytGzyyEyDzztGyDtBtC0BtC0F0D0C0F0B0B0A2Q&cr=986499837&ir=
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
Deleted [Extension] : iaimhpklononapfjngelgdokckfjekfc
Deleted [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
Deleted [Extension] : lbcoijfpdfchaihokncghkbplhiiehko
Deleted [Extension] : pljcgbedjplidkdjahbaalanadmjfgop
 
*************************
 
AdwCleaner[R0].txt - [8378 octets] - [15/07/2014 15:23:20]
AdwCleaner[S0].txt - [8100 octets] - [15/07/2014 15:28:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8160 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Home (administrator) on HOME-HP on 15-07-2014 15:34:12
Running from C:\Users\Home\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\tgsrvc.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
() C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 4\Integrator.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP KEYBOARDx] => C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-2027250934-3594322611-3621127875-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{C6C3E788-2604-45A0-B47D-42FF8EA503D4}: [NameServer]208.67.222.222,208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default
FF DefaultSearchEngine: Startpage HTTPS
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Startpage HTTPS
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Home\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Home\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\searchplugins\startpage-ssl.xml
FF Extension: DoNotTrackMe - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\Extensions\donottrackplus@abine.com [2013-07-12]
FF Extension: MyWordTool - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\Extensions\emily@wilford.biz [2014-01-03]
FF Extension: MaskMe - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\Extensions\idme@abine.com [2013-08-15]
FF Extension: Search Experiment - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\Extensions\fx-searchtest@mozilla.org.xpi [2014-07-03]
FF Extension: Lightbeam - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-10-25]
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-08]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-11]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://startpage.com/
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (MindMeister) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2014-01-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Planeto Quiz) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\caekfgjhgmkgdhbiaikgdbpldepnkchg [2014-01-15]
CHR Extension: (Test My Speed!) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcjjdphdponfcmmeebndmnfhmbpongj [2014-01-15]
CHR Extension: (PicMonkey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-05-26]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-01-15]
CHR Extension: (Little Alchemy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-01-15]
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko [2014-01-15]
CHR Extension: (Webcam Toy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-08-17]
CHR Extension: (AudioSauna) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-01-15]
CHR Extension: (Poppit) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-01-15]
CHR Extension: (Dragon City) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\naahhibcgbjfjllnippkhifdifegcclh [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284160 2010-11-10] (Advanced Micro Devices, Inc.) [File not signed]
S4 AMD Reservation Manager; c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1617080 2014-06-19] (Microsoft Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-01-22] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPFSService; c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-11] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2012-09-06] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2012-09-06] (SupportSoft, Inc.)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [53248 2007-05-31] (Tablet Driver) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2013-03-31] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2013-03-31] (Advanced Micro Devices)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [32408 2011-03-30] (Google Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [82048 2008-07-31] (OEM)
R3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [18944 2007-06-07] (PenTablet Driver)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [10752 2007-04-23] (PenTablet Driver)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [94584 2011-09-29] (GFI Software)
S3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [94584 2011-09-29] (GFI Software)
S3 Tablet2k; C:\Windows\System32\Drivers\Tablet2k.sys [17920 2007-04-23] (Windows ® Server 2003 DDK provider) [File not signed]
S3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [18432 2007-04-23] (Tablet Driver)
S3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [12800 2007-05-31] (Tablet Driver)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 catchme; \??\C:\Users\Home\AppData\Local\Temp\catchme.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-15 15:34 - 2014-07-15 15:39 - 00020166 _____ () C:\Users\Home\Desktop\FRST.txt
2014-07-15 15:34 - 2014-07-15 15:34 - 00000000 ____D () C:\FRST
2014-07-15 15:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-15 15:23 - 2014-07-15 15:29 - 00000000 ____D () C:\AdwCleaner
2014-07-15 15:22 - 2014-07-15 15:22 - 01077248 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2014-07-15 15:21 - 2014-07-15 15:21 - 01348263 _____ () C:\Users\Home\Desktop\adwcleaner_3.215.exe
2014-07-10 12:46 - 2014-07-10 12:46 - 00016724 _____ () C:\Users\Home\Desktop\dds.txt
2014-07-10 12:46 - 2014-07-10 12:46 - 00015646 _____ () C:\Users\Home\Desktop\attach.txt
2014-07-10 12:42 - 2014-07-10 12:42 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com
2014-07-10 12:33 - 2014-07-10 12:37 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-10 12:33 - 2014-07-10 12:33 - 00001026 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-10 12:33 - 2014-07-10 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-10 12:33 - 2014-07-10 12:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-10 12:33 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-10 12:33 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-10 12:32 - 2014-07-10 12:32 - 04872677 _____ () C:\Users\Home\Desktop\mbam-chameleon-3.1.4.0.zip
2014-07-10 12:32 - 2014-07-10 12:32 - 00000000 ____D () C:\Users\Home\Desktop\mbam-chameleon-3.1.4.0
2014-07-10 12:14 - 2014-07-10 12:14 - 00020319 _____ () C:\ComboFix.txt
2014-07-10 11:50 - 2014-07-10 11:50 - 05217324 ____R (Swearware) C:\Users\Home\Desktop\ROMBORIX.exe
2014-07-10 11:31 - 2014-07-15 15:31 - 00008000 _____ () C:\Windows\PFRO.log
2014-07-08 15:02 - 2014-07-10 12:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-07 12:23 - 2014-07-10 12:18 - 00000000 ____D () C:\Users\Home\AppData\Local\Rocket
2014-07-07 12:22 - 2014-07-10 12:17 - 00000000 ____D () C:\Users\Home\AppData\Local\WinZip
2014-07-05 00:32 - 2014-07-15 15:31 - 00001064 _____ () C:\Windows\setupact.log
2014-07-05 00:32 - 2014-07-05 00:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-04 09:08 - 2014-07-04 09:08 - 00433050 _____ () C:\Users\Home\Desktop\Declaration-of-Independence-Hero-H.jpeg
2014-06-30 16:20 - 2014-06-30 16:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2014-06-30 13:24 - 2014-06-30 13:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-27 16:49 - 2014-07-04 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital - A Love Story
2014-06-22 05:12 - 2014-06-22 05:12 - 00000568 _____ () C:\Users\Home\Documents\resume.txt
2014-06-21 23:23 - 2014-06-21 23:24 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_2EF
2014-06-18 18:30 - 2014-06-18 19:22 - 00019071 _____ () C:\Users\Home\Desktop\CLCoverLetter.odt
2014-06-18 18:28 - 2014-06-18 18:28 - 00026960 _____ () C:\Users\Home\Desktop\RyanResume.odt
2014-06-17 22:46 - 2014-07-05 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
 
==================== One Month Modified Files and Folders =======
 
2014-07-15 15:39 - 2014-07-15 15:34 - 00020166 _____ () C:\Users\Home\Desktop\FRST.txt
2014-07-15 15:38 - 2009-07-14 00:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 15:38 - 2009-07-14 00:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 15:35 - 2014-04-04 10:58 - 00141263 _____ () C:\Windows\system32\RegFile3.txt
2014-07-15 15:35 - 2011-05-11 09:57 - 01588419 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 15:34 - 2014-07-15 15:34 - 00000000 ____D () C:\FRST
2014-07-15 15:32 - 2014-01-06 20:47 - 00000318 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-07-15 15:32 - 2014-01-06 20:47 - 00000000 ____D () C:\Program Files\Glary Utilities 4
2014-07-15 15:32 - 2011-05-11 10:10 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-07-15 15:31 - 2014-07-10 11:31 - 00008000 _____ () C:\Windows\PFRO.log
2014-07-15 15:31 - 2014-07-05 00:32 - 00001064 _____ () C:\Windows\setupact.log
2014-07-15 15:31 - 2012-02-17 09:24 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 15:31 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 15:29 - 2014-07-15 15:23 - 00000000 ____D () C:\AdwCleaner
2014-07-15 15:22 - 2014-07-15 15:22 - 01077248 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2014-07-15 15:22 - 2013-06-12 14:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 15:21 - 2014-07-15 15:21 - 01348263 _____ () C:\Users\Home\Desktop\adwcleaner_3.215.exe
2014-07-15 15:19 - 2012-07-25 16:28 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Skype
2014-07-15 15:12 - 2012-02-17 09:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 14:52 - 2011-09-27 16:23 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003UA.job
2014-07-15 14:44 - 2011-12-23 19:19 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-07-14 16:52 - 2011-09-27 16:23 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027250934-3594322611-3621127875-1003Core.job
2014-07-14 04:01 - 2014-04-28 08:57 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-07-10 13:06 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-10 12:46 - 2014-07-10 12:46 - 00016724 _____ () C:\Users\Home\Desktop\dds.txt
2014-07-10 12:46 - 2014-07-10 12:46 - 00015646 _____ () C:\Users\Home\Desktop\attach.txt
2014-07-10 12:45 - 2013-09-04 19:51 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-10 12:42 - 2014-07-10 12:42 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com
2014-07-10 12:38 - 2011-10-05 07:10 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps
2014-07-10 12:37 - 2014-07-10 12:33 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-10 12:33 - 2014-07-10 12:33 - 00001026 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-10 12:33 - 2014-07-10 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-10 12:33 - 2014-07-10 12:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-10 12:32 - 2014-07-10 12:32 - 04872677 _____ () C:\Users\Home\Desktop\mbam-chameleon-3.1.4.0.zip
2014-07-10 12:32 - 2014-07-10 12:32 - 00000000 ____D () C:\Users\Home\Desktop\mbam-chameleon-3.1.4.0
2014-07-10 12:21 - 2014-07-08 15:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-10 12:18 - 2014-07-07 12:23 - 00000000 ____D () C:\Users\Home\AppData\Local\Rocket
2014-07-10 12:17 - 2014-07-07 12:22 - 00000000 ____D () C:\Users\Home\AppData\Local\WinZip
 
2014-07-10 12:14 - 2013-04-13 10:18 - 00000000 ____D () C:\Qoobox
2014-07-10 12:14 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-07-10 12:08 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-07-10 11:32 - 2013-10-01 16:54 - 00843264 ___SH () C:\Users\Home\Desktop\Thumbs.db
2014-07-10 04:22 - 2013-02-27 15:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-10 04:22 - 2011-10-18 14:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 15:48 - 2011-10-30 20:42 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job
2014-07-07 06:49 - 2012-05-28 16:48 - 00000000 ____D () C:\Windows\Minidump
2014-07-07 06:49 - 2011-05-11 12:45 - 00146994 ____N () C:\Windows\Minidump\070714-25521-01.dmp
2014-07-07 06:47 - 2011-05-11 12:45 - 00147954 ____N () C:\Windows\Minidump\070714-25646-01.dmp
2014-07-06 01:08 - 2011-05-11 12:45 - 00146962 ____N () C:\Windows\Minidump\070614-22604-01.dmp
2014-07-06 00:59 - 2011-05-11 12:45 - 00146962 ____N () C:\Windows\Minidump\070614-23836-01.dmp
2014-07-06 00:32 - 2009-07-25 08:54 - 00783714 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-06 00:28 - 2011-05-11 12:45 - 00147954 ____N () C:\Windows\Minidump\070614-26020-01.dmp
2014-07-05 18:18 - 2014-06-17 22:46 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-05 00:32 - 2014-07-05 00:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-05 00:32 - 2011-05-11 12:45 - 00147954 ____N () C:\Windows\Minidump\070514-25022-01.dmp
2014-07-04 16:25 - 2012-08-17 10:58 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-04 16:25 - 2011-11-07 12:27 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Malwarebytes
2014-07-04 16:25 - 2011-11-07 12:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 16:20 - 2014-06-27 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital - A Love Story
2014-07-04 09:08 - 2014-07-04 09:08 - 00433050 _____ () C:\Users\Home\Desktop\Declaration-of-Independence-Hero-H.jpeg
2014-07-02 15:44 - 2009-07-14 00:33 - 00467776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-30 16:20 - 2014-06-30 16:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2014-06-30 13:24 - 2014-06-30 13:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 09:29 - 2011-09-27 16:20 - 00119480 _____ () C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 16:35 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-27 16:50 - 2014-03-07 20:39 - 00000000 ____D () C:\Users\Home\AppData\Roaming\RenPy
2014-06-27 16:49 - 2013-08-22 20:29 - 00000000 ____D () C:\Users\Mcx1-HOME-HP
2014-06-27 16:37 - 2011-11-12 20:48 - 00000000 ____D () C:\Users\Home\Documents\Lili
2014-06-26 13:26 - 2011-09-27 19:14 - 00000000 ____D () C:\Users\Home\AppData\Local\VirtualStore
2014-06-22 05:12 - 2014-06-22 05:12 - 00000568 _____ () C:\Users\Home\Documents\resume.txt
2014-06-21 23:24 - 2014-06-21 23:23 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_2EF
2014-06-18 19:22 - 2014-06-18 18:30 - 00019071 _____ () C:\Users\Home\Desktop\CLCoverLetter.odt
2014-06-18 18:28 - 2014-06-18 18:28 - 00026960 _____ () C:\Users\Home\Desktop\RyanResume.odt
2014-06-15 02:32 - 2013-12-14 12:30 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Audacity
 
Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-08 00:55
 
==================== End Of Log ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:58 AM

Posted 16 July 2014 - 06:59 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_wnzp01_14_28_ch&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtAyC0CzyzyzytCyBtDtDtN0D0Tzu0SzytCzytN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0E0D0CyCzzyDyBtG0AyD0ByCtG0AyDtC0FtG0CyBzztCtGyC0FtBzzyC0BtByDtCzzyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzytCtBtByD0F0EtG0EtC0DtAtGyE0C0AzytGzyyEyDzztGyDtBtC0BtC0F0D0C0F0B0B0A2Q&cr=986499837&ir=
SearchScopes: HKCU - {962C963C-B71E-49E0-8680-9EA440A6D1F2} URL = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=APN10379&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^US&apn_uid=a3d06eba-58a0-43cf-b6cc-792d0bd7b799&apn_sauid=9ABFF5C1-B8A4-47E0-ACBB-3256A088FA25
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: https://startpage.com/
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\searchplugins\startpage-ssl.xml
FF Extension: MyWordTool - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\w7zvl6zm.default\Extensions\emily@wilford.biz [2014-01-03]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-11]
CHR HomePage: hxxp://startpage.com/
CHR StartupUrls: "https://startpage.com/do/mypage.pl?prf=54d22050408fe3a4d14954075252533b"
CHR Extension: (Poppit) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-01-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 catchme; \??\C:\Users\Home\AppData\Local\Temp\catchme.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:58 AM

Posted 22 July 2014 - 10:01 AM

Are you still with me.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:58 AM

Posted 28 July 2014 - 08:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users