Inactive Browser Hijacker

Limon

Thread Starter
Joined
Aug 13, 2014
Messages
151
Hello.

Epic, is one of my browsers. I seem to have a Browser hijacker on it.

Please see as attached: Search engine ; The only Search engine should be Epic.

Browser warning. When I type in search term, for example, the sun.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,902
Hello, Limon.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

==========================

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,902
Hi, Limon.

Thank you.

You have posted the FRST log twice. Please post the Addition log as well.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,902
Hi, Limon.

A critical question before we move on.

You have Microsoft Office Enterprise installed. Enterprise products are usually used by big companies where the Volume type of license is used to activate specific programs. If the computer doesn't belong to a company, then probably the Office suite is not legally activated. Some other programs installed in the computer make me also think that the computer belongs to a company. If that is the case, then we can't help you here, as the IT Department of the company has to do that.

Please let me know about that.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,902
Due to lack of feedback, this topic is marked as Inactive. If you still need assistance, you can post here again, or, if the thread is closed, send me a personal message (hover the mouse on my profile avatar and press Start a conversation) with a link to the topic.
 

Limon

Thread Starter
Joined
Aug 13, 2014
Messages
151
Thank you.

The computer was bought as second hand/refurbished.

So will have been previously owned by a company.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,902
Hi, Limon.

Thank for the info.

However, I need to know if you are going to be here at least once a day, so your computer's issues will be solved effectively. If your replies come once a month, unfortunately I can't help you.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,902
Since it's been a month from the the day you posted the FRST logs, please let me check fresh logs.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,902
Hi, Limon.

Here are my first comments/instructions:

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
Trusteer Endpoint Protection
  • Select the above program and click Uninstall.
  • Restart the computer.

I would also uninstall Microsoft Office Enterprise 2007, since Enterprise version belongs to companies. That means you don't have your own activation license and you will have problems soon or later.

As an alternative you can use free Microsoft Office Online, or any other free Office platform, like Libre Office or Free Office.


2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-725993642-1267063097-1636782652-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=fp-comodo&type=26_25050004005_65.0.2.15_i_hp
SearchScopes: HKU\S-1-5-21-725993642-1267063097-1636782652-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=26_25050004005_65.0.2.15_i_ds&p={searchTerms}
FF Homepage: Comodo\IceDragon\Profiles\hl0bec6d.default -> about:newtab
FF Extension: (Online Security Pro) - C:\Users\COMPUTER\AppData\Roaming\Comodo\IceDragon\Profiles\hl0bec6d.default\Extensions\[email protected] [2021-01-08]
FF Extension: (Https Enforcement) - C:\Users\COMPUTER\AppData\Roaming\Comodo\IceDragon\Profiles\hl0bec6d.default\Extensions\[email protected] [2019-03-15]
FF Extension: (Media Downloader) - C:\Users\COMPUTER\AppData\Roaming\Comodo\IceDragon\Profiles\hl0bec6d.default\Extensions\{5e9eca63-6e0d-47ce-9862-07d938121575}.xpi [2019-03-15] [Legacy]
CustomCLSID: HKU\S-1-5-21-725993642-1267063097-1636782652-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\COMPUTER\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-725993642-1267063097-1636782652-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\COMPUTER\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-725993642-1267063097-1636782652-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\COMPUTER\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
AlternateDataStreams: C:\Users\COMPUTER\Documents\1 LL.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\1 LL.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\ab.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\ab.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Dooley Calling Card 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Dooley Calling Card 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Dooley Calling Card.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Dooley Calling Card.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\For Lintel.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\For Lintel.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\For Lintels.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\For Lintels.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\gates for norbury.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\gates for norbury.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Gregory Billing 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Gregory Billing 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Gregory Billing.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Gregory Billing.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz's brother copy.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz's brother copy.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz's brother in law.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz's brother in law.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz's brother.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz's brother.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz's cousin.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz's cousin.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz'z cousin.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mariusz'z cousin.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mr  Olszewski's brother 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mr  Olszewski's brother 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mr M Olszewski's cousin.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mr M Olszewski's cousin.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mr Olszewski's brother & cousin.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Mr Olszewski's brother & cousin.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\new.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\new.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA AST Tenancy Agreement 8.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA AST Tenancy Agreement 8.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 0.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 0.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 3.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 4.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 5.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 6.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 7.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\COMPUTER\Documents\NRLA Tenancy Agreement 7.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\P 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\P 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Searches Norbury Fence.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\Searches Norbury Fence.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\COMPUTER\Documents\spind;le.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\COMPUTER\Documents\spind;le.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [TCP Query User{7264B315-42DD-4BD0-8472-4D075FC1FDC2}C:\program files (x86)\slimjet\slimjet.exe] => (Block) C:\program files (x86)\slimjet\slimjet.exe => No File
FirewallRules: [UDP Query User{893B32F1-3F4D-49EA-9B20-60AA80507FD4}C:\program files (x86)\slimjet\slimjet.exe] => (Block) C:\program files (x86)\slimjet\slimjet.exe => No File
FirewallRules: [TCP Query User{4399A0A3-4FBC-4D68-B29F-B1A245B24DB6}C:\program files (x86)\slimjet\slimjet.exe] => (Block) C:\program files (x86)\slimjet\slimjet.exe => No File
FirewallRules: [UDP Query User{56778662-9561-40C6-A006-FE234041234E}C:\program files (x86)\slimjet\slimjet.exe] => (Block) C:\program files (x86)\slimjet\slimjet.exe => No File
FirewallRules: [{CA667961-5709-4230-AC57-D82015566A97}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS71B6\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F97091FA-EB04-481A-B6E9-2A5A3F0E5FE3}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS71B6\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{892E1DB3-0C58-4552-A30A-29984DFDAB98}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS1D3F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{04761348-C293-4086-9533-457D6CC0B499}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS1D3F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{0CF982CC-6E26-40B1-8389-6493A0B7D370}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS15EC\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{96869AFE-003A-45BB-B49C-AA38E80C0A57}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS15EC\HPDiagnosticCoreUI.exe => No File
FirewallRules: [TCP Query User{71B39A4E-6B41-409A-A3B1-670B3409B9F3}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => No File
FirewallRules: [UDP Query User{FAC8B642-1B9B-4DA1-BC97-5D65F3C83D0B}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => No File
FirewallRules: [TCP Query User{424F2283-56F5-4D7E-89B0-C005E4690414}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => No File
FirewallRules: [UDP Query User{2865CFFA-FCC9-43C0-ABE5-EDD6164C5502}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => No File
FirewallRules: [{2E771AC1-481B-417C-963F-56EC00BD877C}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS4471\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{A19A7931-8F26-419D-A9CA-101FC7C267C6}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS4471\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{07EA8498-485C-45E2-B973-22253CAF3FD0}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS257E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{913B6B3E-0DBF-4B9A-A4C0-A74F0778BFCA}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS257E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7E4B1827-259E-45A2-AAD4-83A49E5C9A12}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS553E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{773C3D0A-5E91-4A41-A893-4DAE735B0FC0}] => (Allow) C:\Users\COMPUTER\AppData\Local\Temp\7zS553E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [TCP Query User{C8791855-17A2-4B35-B03B-C9AD6453AA38}C:\program files (x86)\device config tool\deviceconfigtool.exe] => (Allow) C:\program files (x86)\device config tool\deviceconfigtool.exe => No File
FirewallRules: [UDP Query User{6C061A03-A18D-4F51-A2FB-6663E1DFF7B5}C:\program files (x86)\device config tool\deviceconfigtool.exe] => (Allow) C:\program files (x86)\device config tool\deviceconfigtool.exe => No File
FirewallRules: [TCP Query User{467639F1-B9FE-4D02-BAE0-376156B3DFC4}C:\users\computer\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Block) C:\users\computer\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{71ABE845-FE75-422A-AA90-CE8C8AE95F21}C:\users\computer\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Block) C:\users\computer\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{FBFB9CAF-39BF-4CE4-8856-D17E005011DD}] => (Allow) c:\users\computer\appdata\local\programs\opera\72.0.3815.378\opera.exe => No File
FirewallRules: [TCP Query User{2B3DC9A7-F556-4626-9D2E-A73C6EB93B0B}C:\users\computer\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Block) C:\users\computer\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{C9E6A4C1-83A1-4230-85AD-86F5CF4EEFF7}C:\users\computer\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Block) C:\users\computer\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
HKU\S-1-5-21-725993642-1267063097-1636782652-1001\...\MountPoints2: {262c8b38-cb99-11eb-a076-000ffec4e79e} - "E:\EasySuite.exe" bootup
HKU\S-1-5-21-725993642-1267063097-1636782652-1001\...\Run: [Free Download Manager] => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
CHR Notifications: Default -> hxxps://en.softonic.com
CHR HKU\S-1-5-21-725993642-1267063097-1636782652-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKU\S-1-5-21-725993642-1267063097-1636782652-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm]
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

3. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

4. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. If everything went fine with uninstalling the programs in Step 1
  2. The fixlog.txt
  3. The AdwCleaner[S0*].txt
  4. The Malwarebytes report
 

Limon

Thread Starter
Joined
Aug 13, 2014
Messages
151
I ran AdwCleaner.

I didn't know how to post Notepad.

However, the file Notepad, is absolutely clean.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top