Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
can't connect online on any browser after running anti-malware.
Message
<blockquote data-quote="dnunez" data-source="post: 322444" data-attributes="member: 32414"><p>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-12-2014</p><p>Ran by D-Black at 2014-12-27 14:39:11 Run:1</p><p>Running from C:\Users\D-Black\Desktop\FRST</p><p>Loaded Profile: D-Black (Available profiles: D-Black & Delaney)</p><p>Boot Mode: Normal</p><p></p><p>==============================================</p><p></p><p>Content of fixlist:</p><p>*****************</p><p>closeprocesses:</p><p>emptytemp:</p><p>Task: {797B801C-1EEA-45B1-AE5F-B76901C5D929} - \DonutQuotes No Task File <==== ATTENTION</p><p>AlternateDataStreams: C:\ProgramData\TEMP:373E1720</p><p>C:\Users\D-Black\AppData\Roaming\Yontoo</p><p>HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p>CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {10abe97b-3a4f-11e4-b707-00219b1bee3d} - F:\Windows\AutoRun.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {7adb1515-4075-11e4-b6c3-00219b1bee3d} - F:\Windows\AutoRun.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {855517e7-b693-11e3-8295-00219b1bee3d} - F:\LaunchU3.exe -a</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {859f627d-2c9f-11e3-b7b7-00219b1bee3d} - F:\N8000_ZTE.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {cdd59a84-84c7-11e4-961f-00219b1bee3d} - F:\Windows\AutoRun.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {cf6cf40c-2f00-11e4-b6be-00219b1bee3d} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}</p><p>HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p>CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p>ProxyEnable: [HKLM] => ProxyEnable is set.</p><p>ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=" target="_blank">http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=</a></p><p>HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=" target="_blank">http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=</a></p><p>HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=" target="_blank">http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=</a></p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/?ocid=iehp" target="_blank">http://www.msn.com/?ocid=iehp</a></p><p>SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =</p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\.DEFAULT -> {C34A3EC2-C7F1-4F62-A549-DCE7F7322A79} URL = <a href="http://www.queryexplorer.com/?prt=QUERYEXPLORER187&keywords={searchTerms}" target="_blank">http://www.queryexplorer.com/?prt=QUERYEXPLORER187&keywords={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-21-2383511167-434876183-2691488376-1004 -> {E54321DF-FEBD-440C-8AD9-39DBC23CCBD0} URL = <a href="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}" target="_blank">http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}</a></p><p>FF DefaultSearchEngine: Bing</p><p>FF DefaultSearchEngine,S:</p><p>FF SearchEngineOrder.1:</p><p>FF SearchEngineOrder.1,S:</p><p>FF SelectedSearchEngine,S:</p><p>FF NetworkProxy: "type", 0</p><p>CHR StartupUrls: Default -> "", "hxxp://search.conduit.com/?ctid=CT3279411&SearchSource=48&CUI=UN33300377413157814&UM=2", "hxxp://websearch.ezsearches.info/", "<a href="https://www.google.com/" target="_blank">https://www.google.com/</a>"</p><p>CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path</p><p>S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]</p><p>2014-12-21 12:04 - 2014-12-21 12:04 - 00638888 _____ (Oracle Corporation) C:\Users\D-Black\Downloads\chromeinstall-8u25.exe</p><p>2014-12-21 10:39 - 2014-12-21 10:39 - 00000837 _____ () C:\Users\D-Black\Downloads\Unconfirmed 656290.crdownload</p><p>2014-12-21 10:15 - 2014-12-21 10:15 - 00000837 _____ () C:\Users\D-Black\Downloads\coupon_printer.jnlp</p><p>2014-12-21 09:42 - 2014-12-21 09:42 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-GscCTeaC.exe</p><p>2014-12-21 09:41 - 2014-12-21 09:41 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-xVWJ2i5c.exe</p><p>2014-12-20 12:28 - 2014-12-20 12:28 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-vJocDE6T.exe</p><p>2014-12-20 12:28 - 2014-12-20 12:28 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Valassis</p><p>2014-12-20 12:26 - 2014-12-20 12:26 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-KyCCGBI1.exe</p><p>2014-12-20 11:58 - 2014-12-20 11:58 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (3).exe</p><p>2014-12-20 11:56 - 2014-12-20 11:56 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (2).exe</p><p>2014-12-20 11:55 - 2014-12-20 11:55 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (1).exe</p><p>2014-12-20 10:59 - 2014-12-20 10:59 - 00001642 _____ () C:\ProgramData\tempimage.bmp</p><p>2014-12-20 01:40 - 2014-12-20 01:40 - 00628496 _____ (CMI Limited) C:\Users\D-Black\AppData\Local\nssA6E5.tmp</p><p>2014-12-20 00:35 - 2014-12-20 00:36 - 00880784 _____ (Google Inc.) C:\Users\D-Black\Downloads\ChromeSetup(1).exe</p><p>reg: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f</p><p>*****************</p><p></p><p>Processes closed successfully.</p><p>"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{797B801C-1EEA-45B1-AE5F-B76901C5D929}" => Key deleted successfully.</p><p>"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{797B801C-1EEA-45B1-AE5F-B76901C5D929}" => Key deleted successfully.</p><p>"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => Key deleted successfully.</p><p>C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.</p><p>"C:\Users\D-Black\AppData\Roaming\Yontoo" => File/Directory not found.</p><p>HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.</p><p>C:\Windows\system32\GroupPolicy\Machine => Moved successfully.</p><p>C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.</p><p>"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.</p><p>"HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google" => Key deleted successfully.</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully.</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value deleted successfully.</p><p>"HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10abe97b-3a4f-11e4-b707-00219b1bee3d}" => Key deleted successfully.</p><p>HKCR\CLSID\{10abe97b-3a4f-11e4-b707-00219b1bee3d} => Key not found.</p><p>"HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7adb1515-4075-11e4-b6c3-00219b1bee3d}" => Key deleted successfully.</p><p>HKCR\CLSID\{7adb1515-4075-11e4-b6c3-00219b1bee3d} => Key not found.</p><p>"HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{855517e7-b693-11e3-8295-00219b1bee3d}" => Key deleted successfully.</p><p>HKCR\CLSID\{855517e7-b693-11e3-8295-00219b1bee3d} => Key not found.</p><p>"HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{859f627d-2c9f-11e3-b7b7-00219b1bee3d}" => Key deleted successfully.</p><p>HKCR\CLSID\{859f627d-2c9f-11e3-b7b7-00219b1bee3d} => Key not found.</p><p>"HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdd59a84-84c7-11e4-961f-00219b1bee3d}" => Key deleted successfully.</p><p>HKCR\CLSID\{cdd59a84-84c7-11e4-961f-00219b1bee3d} => Key not found.</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf6cf40c-2f00-11e4-b6be-00219b1bee3d} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} => Key not found.</p><p>HKCR\CLSID\{cf6cf40c-2f00-11e4-b6be-00219b1bee3d} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} => Key not found.</p><p>HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value not found.</p><p>"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.</p><p>HKLM\SOFTWARE\Policies\Google => Key not found.</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google => Key not found.</p><p>HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.</p><p>HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.</p><p>HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.</p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.</p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully.</p><p>HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.</p><p>HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully.</p><p>HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.</p><p>HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully.</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.</p><p>"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.</p><p>HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.</p><p>HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.</p><p>"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C34A3EC2-C7F1-4F62-A549-DCE7F7322A79}" => Key deleted successfully.</p><p>HKCR\CLSID\{C34A3EC2-C7F1-4F62-A549-DCE7F7322A79} => Key not found.</p><p>HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.</p><p>HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.</p><p>"HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E54321DF-FEBD-440C-8AD9-39DBC23CCBD0}" => Key deleted successfully.</p><p>HKCR\CLSID\{E54321DF-FEBD-440C-8AD9-39DBC23CCBD0} => Key not found.</p><p>Firefox DefaultSearchEngine deleted successfully.</p><p>Firefox DefaultSearchEngine,S deleted successfully.</p><p>Firefox SearchEngineOrder.1 deleted successfully.</p><p>Firefox SearchEngineOrder.1,S deleted successfully.</p><p>Firefox SelectedSearchEngine,S deleted successfully.</p><p>Firefox Proxy settings were reset.</p><p>Chrome StartupUrls deleted successfully.</p><p>"HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion" => Key deleted successfully.</p><p>MBAMSwissArmy => Service deleted successfully.</p><p>C:\Users\D-Black\Downloads\chromeinstall-8u25.exe => Moved successfully.</p><p>C:\Users\D-Black\Downloads\Unconfirmed 656290.crdownload => Moved successfully.</p><p>C:\Users\D-Black\Downloads\coupon_printer.jnlp => Moved successfully.</p><p>C:\Users\D-Black\Downloads\P@H_prodcand-GscCTeaC.exe => Moved successfully.</p><p>C:\Users\D-Black\Downloads\P@H_prodcand-xVWJ2i5c.exe => Moved successfully.</p><p>C:\Users\D-Black\Downloads\P@H_prodcand-vJocDE6T.exe => Moved successfully.</p><p>C:\Users\D-Black\AppData\Local\Valassis => Moved successfully.</p><p>C:\Users\D-Black\Downloads\P@H_prodcand-KyCCGBI1.exe => Moved successfully.</p><p>C:\Users\D-Black\Downloads\CouponPrinterCPS (3).exe => Moved successfully.</p><p>C:\Users\D-Black\Downloads\CouponPrinterCPS (2).exe => Moved successfully.</p><p>C:\Users\D-Black\Downloads\CouponPrinterCPS (1).exe => Moved successfully.</p><p>C:\ProgramData\tempimage.bmp => Moved successfully.</p><p>C:\Users\D-Black\AppData\Local\nssA6E5.tmp => Moved successfully.</p><p>C:\Users\D-Black\Downloads\ChromeSetup(1).exe => Moved successfully.</p><p></p><p>========= reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========</p><p></p><p>The operation completed successfully.</p><p></p><p></p><p></p><p>========= End of Reg: =========</p><p></p><p>EmptyTemp: => Removed 83 GB temporary data.</p><p></p><p></p><p>The system needed a reboot.</p><p></p><p>==== End of Fixlog 14:40:44 ====</p></blockquote><p></p>
[QUOTE="dnunez, post: 322444, member: 32414"] Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-12-2014 Ran by D-Black at 2014-12-27 14:39:11 Run:1 Running from C:\Users\D-Black\Desktop\FRST Loaded Profile: D-Black (Available profiles: D-Black & Delaney) Boot Mode: Normal ============================================== Content of fixlist: ***************** closeprocesses: emptytemp: Task: {797B801C-1EEA-45B1-AE5F-B76901C5D929} - \DonutQuotes No Task File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:373E1720 C:\Users\D-Black\AppData\Roaming\Yontoo HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {10abe97b-3a4f-11e4-b707-00219b1bee3d} - F:\Windows\AutoRun.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {7adb1515-4075-11e4-b6c3-00219b1bee3d} - F:\Windows\AutoRun.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {855517e7-b693-11e3-8295-00219b1bee3d} - F:\LaunchU3.exe -a HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {859f627d-2c9f-11e3-b7b7-00219b1bee3d} - F:\N8000_ZTE.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {cdd59a84-84c7-11e4-961f-00219b1bee3d} - F:\Windows\AutoRun.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {cf6cf40c-2f00-11e4-b6be-00219b1bee3d} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [HKLM] => ProxyEnable is set. ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [url]http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=[/url] HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = [url]http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=[/url] HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = [url]http://go.microsoft.com/fwlink/?Lin...E&Tid=000328B9&OHP=http://www.google.com&OSP=[/url] HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://www.msn.com/?ocid=iehp[/url] SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {C34A3EC2-C7F1-4F62-A549-DCE7F7322A79} URL = [url]http://www.queryexplorer.com/?prt=QUERYEXPLORER187&keywords={searchTerms}[/url] SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2383511167-434876183-2691488376-1004 -> {E54321DF-FEBD-440C-8AD9-39DBC23CCBD0} URL = [url]http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}[/url] FF DefaultSearchEngine: Bing FF DefaultSearchEngine,S: FF SearchEngineOrder.1: FF SearchEngineOrder.1,S: FF SelectedSearchEngine,S: FF NetworkProxy: "type", 0 CHR StartupUrls: Default -> "", "hxxp://search.conduit.com/?ctid=CT3279411&SearchSource=48&CUI=UN33300377413157814&UM=2", "hxxp://websearch.ezsearches.info/", "[url]https://www.google.com/[/url]" CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] 2014-12-21 12:04 - 2014-12-21 12:04 - 00638888 _____ (Oracle Corporation) C:\Users\D-Black\Downloads\chromeinstall-8u25.exe 2014-12-21 10:39 - 2014-12-21 10:39 - 00000837 _____ () C:\Users\D-Black\Downloads\Unconfirmed 656290.crdownload 2014-12-21 10:15 - 2014-12-21 10:15 - 00000837 _____ () C:\Users\D-Black\Downloads\coupon_printer.jnlp 2014-12-21 09:42 - 2014-12-21 09:42 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-GscCTeaC.exe 2014-12-21 09:41 - 2014-12-21 09:41 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-xVWJ2i5c.exe 2014-12-20 12:28 - 2014-12-20 12:28 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-vJocDE6T.exe 2014-12-20 12:28 - 2014-12-20 12:28 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Valassis 2014-12-20 12:26 - 2014-12-20 12:26 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-KyCCGBI1.exe 2014-12-20 11:58 - 2014-12-20 11:58 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (3).exe 2014-12-20 11:56 - 2014-12-20 11:56 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (2).exe 2014-12-20 11:55 - 2014-12-20 11:55 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (1).exe 2014-12-20 10:59 - 2014-12-20 10:59 - 00001642 _____ () C:\ProgramData\tempimage.bmp 2014-12-20 01:40 - 2014-12-20 01:40 - 00628496 _____ (CMI Limited) C:\Users\D-Black\AppData\Local\nssA6E5.tmp 2014-12-20 00:35 - 2014-12-20 00:36 - 00880784 _____ (Google Inc.) C:\Users\D-Black\Downloads\ChromeSetup(1).exe reg: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{797B801C-1EEA-45B1-AE5F-B76901C5D929}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{797B801C-1EEA-45B1-AE5F-B76901C5D929}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => Key deleted successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. "C:\Users\D-Black\AppData\Roaming\Yontoo" => File/Directory not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully. HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value deleted successfully. "HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10abe97b-3a4f-11e4-b707-00219b1bee3d}" => Key deleted successfully. HKCR\CLSID\{10abe97b-3a4f-11e4-b707-00219b1bee3d} => Key not found. "HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7adb1515-4075-11e4-b6c3-00219b1bee3d}" => Key deleted successfully. HKCR\CLSID\{7adb1515-4075-11e4-b6c3-00219b1bee3d} => Key not found. "HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{855517e7-b693-11e3-8295-00219b1bee3d}" => Key deleted successfully. HKCR\CLSID\{855517e7-b693-11e3-8295-00219b1bee3d} => Key not found. "HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{859f627d-2c9f-11e3-b7b7-00219b1bee3d}" => Key deleted successfully. HKCR\CLSID\{859f627d-2c9f-11e3-b7b7-00219b1bee3d} => Key not found. "HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdd59a84-84c7-11e4-961f-00219b1bee3d}" => Key deleted successfully. HKCR\CLSID\{cdd59a84-84c7-11e4-961f-00219b1bee3d} => Key not found. HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf6cf40c-2f00-11e4-b6be-00219b1bee3d} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} => Key not found. HKCR\CLSID\{cf6cf40c-2f00-11e4-b6be-00219b1bee3d} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} => Key not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value not found. "C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found. HKLM\SOFTWARE\Policies\Google => Key not found. HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google => Key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully. HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully. HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C34A3EC2-C7F1-4F62-A549-DCE7F7322A79}" => Key deleted successfully. HKCR\CLSID\{C34A3EC2-C7F1-4F62-A549-DCE7F7322A79} => Key not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E54321DF-FEBD-440C-8AD9-39DBC23CCBD0}" => Key deleted successfully. HKCR\CLSID\{E54321DF-FEBD-440C-8AD9-39DBC23CCBD0} => Key not found. Firefox DefaultSearchEngine deleted successfully. Firefox DefaultSearchEngine,S deleted successfully. Firefox SearchEngineOrder.1 deleted successfully. Firefox SearchEngineOrder.1,S deleted successfully. Firefox SelectedSearchEngine,S deleted successfully. Firefox Proxy settings were reset. Chrome StartupUrls deleted successfully. "HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion" => Key deleted successfully. MBAMSwissArmy => Service deleted successfully. C:\Users\D-Black\Downloads\chromeinstall-8u25.exe => Moved successfully. C:\Users\D-Black\Downloads\Unconfirmed 656290.crdownload => Moved successfully. C:\Users\D-Black\Downloads\coupon_printer.jnlp => Moved successfully. C:\Users\D-Black\Downloads\P@H_prodcand-GscCTeaC.exe => Moved successfully. C:\Users\D-Black\Downloads\P@H_prodcand-xVWJ2i5c.exe => Moved successfully. C:\Users\D-Black\Downloads\P@H_prodcand-vJocDE6T.exe => Moved successfully. C:\Users\D-Black\AppData\Local\Valassis => Moved successfully. C:\Users\D-Black\Downloads\P@H_prodcand-KyCCGBI1.exe => Moved successfully. C:\Users\D-Black\Downloads\CouponPrinterCPS (3).exe => Moved successfully. C:\Users\D-Black\Downloads\CouponPrinterCPS (2).exe => Moved successfully. C:\Users\D-Black\Downloads\CouponPrinterCPS (1).exe => Moved successfully. C:\ProgramData\tempimage.bmp => Moved successfully. C:\Users\D-Black\AppData\Local\nssA6E5.tmp => Moved successfully. C:\Users\D-Black\Downloads\ChromeSetup(1).exe => Moved successfully. ========= reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f ========= The operation completed successfully. ========= End of Reg: ========= EmptyTemp: => Removed 83 GB temporary data. The system needed a reboot. ==== End of Fixlog 14:40:44 ==== [/QUOTE]
Insert quotes…
Verification
Post reply
Top