Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects New Tabs


  • This topic is locked This topic is locked
2 replies to this topic

#1 Reapshot

Reapshot

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 21 November 2015 - 05:38 AM

Google keeps redirecting to "hxxttp://search.sidecubes.com/?st=dn&q=" whenever I open a new tab. It also does it when I start up Google Chrome for the first time. I ran JRT and Malwarebytes but the problem still persists. With Malwarebytes I quarantined and then removed afterwards, then I scanned again and quarantined and left it that way without removing anything before coming here.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by Edgar (administrator) on ERM (21-11-2015 04:17:25)
Running from C:\Users\Edgar\Downloads
Loaded Profiles: Edgar &  (Available Profiles: Edgar & Rubo & Mcx1-ERM)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.3\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.43\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.170\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Bamcof\Bamcof.exe
() C:\ProgramData\Bamcof\Bamcof.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\...\MountPoints2: {94bf16ed-5133-11e0-9874-806e6f6e6963} - E:\DVDSetup.exe
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\...\MountPoints2: {b54db834-8da5-11e0-a627-2c27d71a995b} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {94bf16ed-5133-11e0-9874-806e6f6e6963} - E:\DVDSetup.exe
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b54db834-8da5-11e0-a627-2c27d71a995b} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1847908225-1187381100-2629746871-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\ProgramData\Bamcof\Vivastatit.dll => C:\ProgramData\Bamcof\Vivastatit.dll [518656 2015-11-21] ()
AppInit_DLLs-x32: C:\ProgramData\Bamcof\Apkeylex.dll => C:\ProgramData\Bamcof\Apkeylex.dll [320512 2015-11-21] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
BootExecute: dfboottime \??\C:\Windows\System32\dfboottime.cfgautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2A2A7684-7845-4E83-9BDB-032927CB913F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{352E0B1A-0964-49A1-8707-78E01560D97F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6E0FA8FE-2E8E-4D19-8D3D-A7774A8867CE}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{AC6426B4-EC62-4E62-B1C5-217452DD060B}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQoz_fIp1ncRXUplvRgn3Ww-RKK13VUoBCmiUySRyZ3okG7gMM_RDAax6FLUtUVybPSxkuIOMipqx6kv
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQoz_fIp1ncRXUplvRgn3Ww-RKK13VUoBCmiUySRyZ3okG7gMM_RDAax6FLUtUVybPSxkuIOMipqx6kv
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1847908225-1187381100-2629746871-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1847908225-1187381100-2629746871-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1847908225-1187381100-2629746871-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1847908225-1187381100-2629746871-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> {7BB26702-72EE-464B-9379-DC9438BBE98B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7BB26702-72EE-464B-9379-DC9438BBE98B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-24] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: C:\ProgramData\Bamcofs\ff.HP
FF NewTab: C:\ProgramData\Bamcofs\ff.NT
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-02] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-02] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-08-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-06-25] (Nero AG)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-02-06] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Edgar\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1847908225-1187381100-2629746871-1000: @acestream.net/acestreamplugin,version=2.2.1.1-next -> C:\Users\Edgar\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-07-09] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1847908225-1187381100-2629746871-1000: @my.com/Games -> C:\Users\Edgar\AppData\Local\MyComGames\NPMyComDetector.dll [2015-09-29] (My.com, Inc)
FF Plugin HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @acestream.net/acestreamplugin,version=2.2.1.1-next -> C:\Users\Edgar\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-07-09] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @my.com/Games -> C:\Users\Edgar\AppData\Local\MyComGames\NPMyComDetector.dll [2015-09-29] (My.com, Inc)
FF Plugin HKU\S-1-5-21-1847908225-1187381100-2629746871-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1847908225-1187381100-2629746871-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF SearchPlugin: C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966\searchplugins\findit.xml [2015-11-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-11-21]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-11-27] [not signed]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-27] [not signed]
FF Extension: Magic Actions for YouTube™ - C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-05-07] [not signed]
FF Extension: Flash Control - C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-03-09] [not signed]
FF Extension: Adblock Plus - C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-14] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQa-PFBd2ji1sAaRe2Fs-tDWXtvVrmRwZd4Anqr7fLVxAZy9FgQ09QUvkukP251JbX-tt-Rkfa0-W5kH
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQay8jGZQEvHxIOONm4zRhiM10QHa7gQUzLZFLfap6zOlJuCNtqxbo5iCxJ_t78UY3MjmqHcnsWXc79m&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-15]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-09-12]
CHR Extension: (Tab Hibernate) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammlihljcndoijbkoobiobhjgoopiidn [2015-09-25]
CHR Extension: (Google Docs) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-15]
CHR Extension: (Google Drive) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-11-05]
CHR Extension: (Google Search) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Edgar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-15]
CHR Extension: (uBlock Origin) - C:\Users\Edgar\Downloads\uBlock0.chromium [2015-10-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
StartMenuInternet: Google Chrome.Rubo - C:\Users\Rubo\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Bamcof; C:\ProgramData\\Bamcof\\Bamcof.exe [792576 2015-11-21] () [File not signed]
S4 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-08-23] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-09-01] (CyberLink)
S4 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-09-01] (CyberLink)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S4 lxbl_device; C:\Windows\system32\lxblcoms.exe [566704 2007-04-20] ( )
S4 lxbl_device; C:\Windows\SysWOW64\lxblcoms.exe [537520 2007-04-20] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-08-07] (The OpenVPN Project)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
S3 gogoTunnelDevice; C:\Windows\System32\DRIVERS\gogotun.sys [27648 2010-03-22] (gogo6 Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-21] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-22] (Duplex Secure Ltd.)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-09-02] (CyberLink Corp.)
U3 aq3joklp; C:\Windows\System32\Drivers\aq3joklp.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-21 04:17 - 2015-11-21 04:19 - 00035997 _____ C:\Users\Edgar\Downloads\FRST.txt
2015-11-21 04:17 - 2015-11-21 04:17 - 00000000 ____D C:\Users\Edgar\Downloads\FRST-OlderVersion
2015-11-21 03:35 - 2015-11-21 03:36 - 00000000 ____D C:\ProgramData\Bamcof
2015-11-21 03:35 - 2015-11-21 03:35 - 00000000 ____D C:\ProgramData\Bamcofs
2015-11-21 03:34 - 2015-11-21 03:34 - 02954094 _____ C:\Program Files\Common Files\i4atvb2c.exe
2015-11-20 00:30 - 2015-11-20 00:30 - 00202388 ____H C:\Windows\system32\mlfcache.dat
2015-11-19 23:35 - 2015-11-21 04:17 - 02345984 _____ (Farbar) C:\Users\Edgar\Downloads\FRST64.exe
2015-11-19 23:35 - 2015-11-21 04:17 - 00000000 ____D C:\FRST
2015-11-17 06:00 - 2015-11-21 04:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-17 06:00 - 2015-11-19 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-17 06:00 - 2015-11-19 23:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-17 06:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-17 06:00 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-17 06:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-17 05:58 - 2015-11-17 05:58 - 00000151 _____ C:\Users\Edgar\Documents\Bleeping Computer Malware Tools.txt
2015-11-17 05:16 - 2015-11-17 05:16 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2015-11-17 05:14 - 2015-11-17 05:14 - 00001443 _____ C:\Users\Edgar\Desktop\JRT.txt
2015-11-17 05:10 - 2015-11-17 05:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ERM-Windows-7-Home-Premium-(64-bit).dat
2015-11-17 05:10 - 2015-11-17 05:10 - 00000000 ____D C:\RegBackup
2015-11-17 03:32 - 2015-11-17 03:32 - 00003388 _____ C:\Windows\System32\Tasks\lv2a5g1c
2015-11-17 03:32 - 2015-11-17 03:32 - 00000000 ____D C:\Program Files\Common Files\uedekxrc
2015-11-17 02:53 - 2015-11-19 23:28 - 00000000 ____D C:\Users\Edgar\AppData\Local\9348
2015-11-17 02:32 - 2015-11-17 02:32 - 00002560 _____ C:\Users\Edgar\AppData\Local\uninstall.exe
2015-11-16 13:16 - 2015-11-16 13:16 - 00262144 ____N C:\Windows\Minidump\111615-23852-01.dmp
2015-11-15 06:23 - 2015-11-15 06:28 - 00001490 _____ C:\Users\Edgar\Documents\Symptoms.txt
2015-11-15 02:23 - 2015-11-15 02:23 - 00016791 _____ C:\Users\Edgar\Downloads\20150705020121mix.torrent
2015-11-04 06:46 - 2015-11-19 18:41 - 00017671 _____ C:\Users\Edgar\Desktop\watch.xspf
2015-10-24 00:31 - 2015-11-15 22:32 - 00000000 ____D C:\Users\Edgar\AppData\Local\Spotify
2015-10-24 00:31 - 2015-10-24 00:31 - 00001790 _____ C:\Users\Edgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-10-24 00:31 - 2015-10-24 00:31 - 00000000 ____D C:\Users\Edgar\AppData\Local\CEF
2015-10-24 00:30 - 2015-11-15 22:30 - 00000000 ____D C:\Users\Edgar\AppData\Roaming\Spotify
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-21 04:13 - 2009-07-13 23:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-21 04:11 - 2015-05-15 01:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-21 04:11 - 2015-05-15 01:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 03:35 - 2015-08-24 15:51 - 00002233 _____ C:\Users\Rubo\Desktop\Google Chrome.lnk
2015-11-21 03:35 - 2011-06-03 23:05 - 00001407 _____ C:\Users\Rubo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-21 03:35 - 2011-06-02 22:49 - 00001407 _____ C:\Users\Edgar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-21 02:06 - 2015-08-02 07:38 - 00035392 _____ C:\Windows\setupact.log
2015-11-21 01:01 - 2013-10-29 17:52 - 00000000 ____D C:\Users\Edgar\AppData\Roaming\vlc
2015-11-21 01:00 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-21 01:00 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-20 20:50 - 2011-03-17 23:34 - 01847462 _____ C:\Windows\WindowsUpdate.log
2015-11-20 05:53 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-20 02:22 - 2015-08-24 17:45 - 00087314 _____ C:\Windows\PFRO.log
2015-11-20 02:07 - 2011-06-04 05:26 - 00000000 ____D C:\Users\Edgar\AppData\Local\CrashDumps
2015-11-20 01:36 - 2013-03-02 05:10 - 00000000 ____D C:\Users\Edgar\AppData\Roaming\uTorrent
2015-11-20 00:35 - 2015-04-04 02:50 - 00000000 ____D C:\Users\Edgar\Documents\Outlook Files
2015-11-20 00:17 - 2015-10-05 00:02 - 00000099 _____ C:\Users\Edgar\Desktop\Shows.txt
2015-11-19 23:28 - 2014-02-18 12:35 - 00000000 ____D C:\Users\Edgar\AppData\Roaming\PC-Gizmos
2015-11-18 01:39 - 2015-10-19 06:19 - 00000000 ____D C:\Users\Edgar\Documents\VideoOutput
2015-11-17 06:00 - 2013-09-03 23:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-17 02:36 - 2015-07-15 23:16 - 00000000 ____D C:\Program Files (x86)\Blackboard
2015-11-17 01:53 - 2013-07-28 01:12 - 00000000 ____D C:\Users\Edgar\Documents\Health
2015-11-16 13:16 - 2011-11-05 06:06 - 00000000 ____D C:\Windows\Minidump
2015-11-15 02:28 - 2013-02-21 04:55 - 00000000 ____D C:\Users\Edgar\AppData\Roaming\Mp3tag
2015-11-15 02:27 - 2015-01-25 20:02 - 00000000 ____D C:\Users\Edgar\AppData\Roaming\spek
2015-11-14 18:32 - 2014-12-11 18:52 - 00001834 _____ C:\Users\Edgar\Documents\Important.txt
2015-11-14 02:49 - 2011-07-04 01:32 - 00003208 _____ C:\Windows\System32\Tasks\HPCeeScheduleForERM$
2015-11-14 02:49 - 2011-07-04 01:32 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForERM$.job
2015-11-09 03:50 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-27 23:19 - 2011-06-07 10:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-27 23:16 - 2015-07-15 23:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 22:57 - 2009-07-13 23:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-25 19:54 - 2015-07-25 15:32 - 00000000 ____D C:\Users\Edgar\Documents\My Kindle Content
2015-10-25 19:54 - 2015-07-25 15:32 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-10-25 05:23 - 2011-09-24 08:02 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForEdgar.job
2015-10-25 05:23 - 2011-06-11 10:25 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEdgar
 
==================== Files in the root of some directories =======
 
2015-11-21 03:34 - 2015-11-21 03:34 - 2954094 _____ () C:\Program Files\Common Files\i4atvb2c.exe
2012-07-06 02:49 - 2015-03-10 14:53 - 0057344 _____ () C:\Users\Edgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-03 02:58 - 2015-05-15 01:30 - 0007600 _____ () C:\Users\Edgar\AppData\Local\Resmon.ResmonCfg
2015-11-17 02:32 - 2015-11-17 02:32 - 0000187 _____ () C:\Users\Edgar\AppData\Local\Silcan.exe.config
2015-11-17 02:32 - 2015-11-17 02:32 - 0002560 _____ () C:\Users\Edgar\AppData\Local\uninstall.exe
2011-07-09 06:18 - 2015-06-18 17:03 - 0000043 ___SH () C:\ProgramData\.zreglib
 
Some files in TEMP:
====================
C:\Users\Edgar\AppData\Local\Temp\SDL_2.dll
C:\Users\Edgar\AppData\Local\Temp\setbr.exe
C:\Users\Rubo\AppData\Local\Temp\GUR6AA4.exe
C:\Users\Rubo\AppData\Local\Temp\GUR7F8B.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2013-08-16 12:47] - [2011-02-25 00:19] - 2388992 ____A (Microsoft Corporation) CECFDCB2CC68EE9D67D87B5C28B80E2F
 
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-10 19:28
 
==================== End of FRST.txt ============================

Attached Files


Edited by nasdaq, 23 November 2015 - 10:23 AM.
Bad link offuscated


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 AM

Posted 23 November 2015 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If you did not install this application I suggest you read this article and decide if you with to keep it.
http://sensorstechforum.com/remove-ace-stream-media-products-completely/

It can be uninstalled via the Control Panel > Programs and Features applet.
Ace Stream Media 2.2.1.1-next (HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\...\AceStream) (Version: 2.2.1.1-next - Ace Stream Media) <==== ATTENTION
Ace Stream Media 2.2.1.1-next (HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\AceStream) (Version: 2.2.1.1-next - Ace Stream Media) <==== ATTENTION

===

Remove these programs in bold via Control Panel > Programs and Features applet.
Duplicate Cleaner Free 3.2.4 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.4 - DigitalVolcano Software Ltd) <==== ATTENTION
YTD Video Downloader 4.9.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9.1 - GreenTree Applications SRL) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\ProgramData\Bamcof\Bamcof.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1847908225-1187381100-2629746871-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\ProgramData\Bamcof\Vivastatit.dll => C:\ProgramData\Bamcof\Vivastatit.dll [518656 2015-11-21] ()
AppInit_DLLs-x32: C:\ProgramData\Bamcof\Apkeylex.dll => C:\ProgramData\Bamcof\Apkeylex.dll [320512 2015-11-21] ()
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQoz_fIp1ncRXUplvRgn3Ww-RKK13VUoBCmiUySRyZ3okG7gMM_RDAax6FLUtUVybPSxkuIOMipqx6kv
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQoz_fIp1ncRXUplvRgn3Ww-RKK13VUoBCmiUySRyZ3okG7gMM_RDAax6FLUtUVybPSxkuIOMipqx6kv
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQalWzfcIkYZoqtqNMaDicl5ddcGI-poRtWZVUTIuemFMMhiWDHJOylS1FhEMVT2FyAiOaIrGv_8wzPR&q={searchTerms}
Toolbar: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1847908225-1187381100-2629746871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Homepage: C:\ProgramData\Bamcofs\ff.HP
FF NewTab: C:\ProgramData\Bamcofs\ff.NT
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1847908225-1187381100-2629746871-1000: @acestream.net/acestreamplugin,version=2.2.1.1-next -> C:\Users\Edgar\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-07-09] (Innovative Digital Technologies)
FF SearchPlugin: C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966\searchplugins\findit.xml [2015-11-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-11-21]
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQa-PFBd2ji1sAaRe2Fs-tDWXtvVrmRwZd4Anqr7fLVxAZy9FgQ09QUvkukP251JbX-tt-Rkfa0-W5kH
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eqL7qV_RHXR0_q10fOo77UAB-TOt0kLRZ81xP33sGcc07lhiNQ5CdUaToeL6daIQQay8jGZQEvHxIOONm4zRhiM10QHa7gQUzLZFLfap6zOlJuCNtqxbo5iCxJ_t78UY3MjmqHcnsWXc79m&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
R2 Bamcof; C:\ProgramData\\Bamcof\\Bamcof.exe [792576 2015-11-21] () [File not signed]
U3 aq3joklp; C:\Windows\System32\Drivers\aq3joklp.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
Task: {2DC4B799-8620-46A7-BDA7-D1DEEED60B08} - \Run LSI -> No File <==== ATTENTION
Task: {2E532EBA-D23A-4DA9-A0D2-827CD747741A} - System32\Tasks\{0F14B3C1-1E74-47F3-A08B-371FD9A82340} => Chrome.exe hxxp://ui.skype.com/ui/0/5.5.59.124/en/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {7C378653-BB47-4F5D-900D-8E4EC22A747C} - System32\Tasks\{DE195C31-70C3-4E35-B1DD-99A2BC9B40F1} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.166.272/en/go/help.faq.installer?LastError=1603
Task: {88BAF2F2-86D2-4932-8626-A2A944A4B96B} - System32\Tasks\lv2a5g1c => C:\Program Files\Common Files\uedekxrc\7a2aaxfbbpp3b.exe [2015-10-18] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B
AlternateDataStreams: C:\ProgramData\Temp:BC359956
AlternateDataStreams: C:\ProgramData\Temp:DDCCB2FA
AlternateDataStreams: C:\Users\Edgar\Documents\Troubleshooting?Optimizing Computer components.rtf:AFP_AfpInfo
C:\Program Files\Common Files\i4atvb2c.exe
C:\Users\Edgar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\Bamcof
C:\Users\Edgar\AppData\Roaming\ACEStream\player\npace_plugin.dll 
C:\Users\Edgar\AppData\Roaming\Mozilla\Firefox\Profiles\q2dc05bc.default-1385536023966\searchplugins\findit.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml 
C:\Windows\System32\Drivers\aq3joklp.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:45 AM

Posted 28 November 2015 - 08:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users