DeeplyDisturbed

Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Adobe Flash Player 12.0.0.44 Adobe Reader XI Mozilla Firefox (27.0.1) Mozilla Thunderbird (24.3.0) Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` Malcolm AppData Roaming Dropbox\bin\Dropbox.exe Malcolm Desktop SecurityCheck.exe Malcolm AppData Local Temp\RarSFX0\SecurityCheck\Objlist.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````

The last thing you told me about properties >> Shortcuts >> Target Line seemed to be the final part of the removal puzzle. Times are tough but rest assured I'll find enough to buy you a beer or two at least. Thank you so much for amazing help and support.

Hey, things appear to be back to normal. Logs attached... FRST.txt Addition.txt

I always use Firefox which in infected of course. I have Chrome and that is also infected. I have IE (not sure which version) that won't open at all.

This still hasn't removed awesomehp.

ComboFix 14-02-16.01 - Malcolm 18/02/2014 16:21:26.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1918.799 [GMT 1:00] Running from: c:\users\Malcolm\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\repair.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-01-18 to 2014-02-18 ))))))))))))))))))))))))))))))) . . 2014-02-18 15:49 . 2014-02-18 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-13 08:01 . 2014-02-18 15:01 -------- d-----w- c:\programdata\boost_interprocess 2014-02-12 19:59 . 2014-02-13 07:58 -------- d-----w- C:\AdwCleaner 2014-02-12 18:43 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll 2014-02-12 18:38 . 2014-02-13 20:26 -------- d-----w- c:\program files\Bench 2014-02-12 18:37 . 2014-02-12 18:37 -------- d-----w- c:\program files\predm 2014-02-12 18:35 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll 2014-02-12 18:35 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-02-12 18:32 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll 2014-02-12 18:32 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll 2014-02-12 18:30 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-02-12 18:30 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2014-02-12 18:30 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe 2014-02-12 18:30 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2014-02-12 18:30 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll 2014-02-12 18:30 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll 2014-02-12 18:30 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll 2014-02-12 18:30 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll 2014-02-12 18:30 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2014-02-12 08:02 . 2014-02-12 08:02 -------- d-----w- c:\program files\NewPlayer 2014-02-05 19:26 . 2014-02-06 07:23 -------- d-----w- c:\program files\Mozilla Thunderbird 2014-02-04 06:33 . 2014-02-04 06:33 -------- d-----w- c:\users\Default\AppData\Local\Trusteer 2014-01-27 17:08 . 2014-01-27 17:08 -------- d-----w- c:\users\Malcolm\AppData\Local\Trusteer 2014-01-27 17:08 . 2014-01-27 17:08 -------- d-----w- c:\program files\Trusteer 2014-01-27 17:05 . 2014-01-27 17:05 -------- d-----w- c:\programdata\Trusteer 2014-01-22 19:37 . 2014-01-22 19:37 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-18 15:09 . 2013-09-04 08:02 265072 ----a-w- c:\windows\system32\drivers\aswndisflt.sys 2014-02-06 07:17 . 2013-09-04 08:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-06 07:17 . 2013-09-04 08:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-01-25 14:19 . 2013-12-22 16:37 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-01-25 14:19 . 2013-09-04 08:05 410784 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-01-25 14:19 . 2013-09-04 08:04 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-01-25 14:19 . 2013-09-04 08:04 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-01-25 14:19 . 2013-09-04 08:04 270240 ----a-w- c:\windows\system32\aswBoot.exe 2014-01-25 14:19 . 2013-09-04 08:02 43152 ----a-w- c:\windows\avastSS.scr 2014-01-25 14:18 . 2013-09-04 08:02 265072 ----a-w- c:\windows\system32\drivers\aswndisflt.sys.1392736152249 2014-01-03 10:08 . 2013-11-04 13:54 57344 ----a-r- c:\users\Malcolm\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2014-01-03 10:05 . 2013-09-04 10:37 106496 ----a-w- c:\windows\system32\ATL71.DLL 2013-12-22 18:42 . 2013-12-22 18:42 49940480 ----a-w- c:\program files\GUT959D.tmp 2013-12-22 16:37 . 2013-09-04 08:04 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-21 14:23 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll 2013-12-18 05:13 . 2013-09-03 16:23 231584 ------w- c:\windows\system32\MpSigStub.exe 2013-12-05 10:10 . 2013-12-05 10:10 360448 ------w- c:\windows\Setup1.exe 2013-12-05 10:10 . 2013-12-05 10:10 73216 ----a-w- c:\windows\ST6UNST.EXE 2013-11-27 01:14 . 2014-01-17 07:30 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-11-27 01:13 . 2014-01-17 07:30 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-11-27 01:13 . 2014-01-17 07:30 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-11-27 01:13 . 2014-01-17 07:30 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-11-27 01:13 . 2014-01-17 07:30 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-11-27 01:13 . 2014-01-17 07:30 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-11-27 01:13 . 2014-01-17 07:30 6016 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-11-26 11:11 . 2014-01-17 07:31 240576 ----a-w- c:\windows\system32\drivers\netio.sys 2013-11-26 10:10 . 2014-01-17 07:31 2349056 ----a-w- c:\windows\system32\win32k.sys 2013-11-23 18:26 . 2013-12-12 11:30 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2013-11-21 13:44 . 2013-11-21 13:44 35288 ----a-w- c:\windows\system32\drivers\tap0901.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-01-25 14:19 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664] "Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2013-12-23 4277896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 344064] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-02-25 2416368] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-25 3767096] "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392] "FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2013-09-26 239288] . c:\users\Malcolm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Malcolm\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-25 64168] R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2013-08-09 144600] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-25 1343400] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2014-01-22 107256] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-10-22 26136] S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-02-18 265072] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-25 775952] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-25 410784] S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [2014-01-27 340432] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2014-01-22 155704] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2014-01-22 228888] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-28 291840] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-25 67824] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-01-25 113704] S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-28 1680088] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-01-22 1444120] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 5120] S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-28 175320] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-04 06:50 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-04 07:17] . 2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-12-22 18:36] . 2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-12-22 18:36] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2CCAE600-BC25-4024-A16B-2DBC303C6653}: NameServer = 54.247.108.9,46.165.219.110 TCP: Interfaces\{2CCAE600-BC25-4024-A16B-2DBC303C6653}\E4545564F564537303: NameServer = 23.21.182.24,50.22.147.234 FF - ProfilePath - c:\users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\4kimnyfw.default\ . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Classes\CLSID] @DACL=(02 0000) . [HKEY_USERS\.Default\Software\Classes\CLSID\{8B0FA615-584F-40DC-85C7-78901AC6B80A}] @DACL=(02 0000) @="XarViewer Class" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}] @DACL=(02 0000) @="CLSID_RecordInfo" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}] @DACL=(02 0000) @="PSDispatch" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}] @DACL=(02 0000) @="PSEnumVariant" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}] @DACL=(02 0000) @="PSTypeInfo" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}] @DACL=(02 0000) @="PSTypeLib" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}] @DACL=(02 0000) @="PSOAInterface" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}] @DACL=(02 0000) @="PSTypeComp" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}] @DACL=(02 0000) @="Component Categories Manager" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}] @DACL=(02 0000) @="Dropbox Autoplay COM Server" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}] @DACL=(02 0000) @="CLSID_StdFont" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}] @DACL=(02 0000) @="CLSID_StdPict" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{111BCF6E-8BB4-11D2-ADBA-00A0C9A76405}] @DACL=(02 0000) @="Coolbar Band" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{111BCF70-8BB4-11D2-ADBA-00A0C9A76405}] @DACL=(02 0000) @="Coolbar Bands" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{111BCF7A-8BB4-11D2-ADBA-00A0C9A76405}] @DACL=(02 0000) @="ComCtl3.BandProperties" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}] @DACL=(02 0000) @="Microsoft Date and Time Picker Control 6.0 (SP6)" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}] @DACL=(02 0000) @="Microsoft MonthView Control 6.0 (SP6)" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}] @DACL=(02 0000) @="ComCtl3.CoolBarPage" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}] @DACL=(02 0000) @="ComCtl3.BandsPage" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}] @DACL=(02 0000) @="Microsoft Coolbar Control, version 6.0" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}] @DACL=(02 0000) @="Obsolete Font" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{5522DAF8-06D6-11D2-8D70-00A0C98B28E2}] @DACL=(02 0000) @="Coolbar Band" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{5522DAFA-06D6-11D2-8D70-00A0C98B28E2}] @DACL=(02 0000) @="Coolbar Bands" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{5522DB04-06D6-11D2-8D70-00A0C98B28E2}] @DACL=(02 0000) @="ComCtl3.BandProperties" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}] @DACL=(02 0000) @="Microsoft UpDown Control 6.0 (SP6)" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}] @DACL=(02 0000) @="Microsoft Animation Control 6.0 (SP6)" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}] @DACL=(02 0000) @="PSFactoryBuffer" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] @DACL=(02 0000) @="DropboxExt" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] @DACL=(02 0000) @="DropboxExt" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] @DACL=(02 0000) @="DropboxExt" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] @DACL=(02 0000) @="DropboxExt" . [HKEY_USERS\S-1-5-21-2345512989-863147342-970537167-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}] @DACL=(02 0000) @="Microsoft Flat Scrollbar Control 6.0 (SP6)" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-02-18 16:54:56 ComboFix-quarantined-files.txt 2014-02-18 15:54 . Pre-Run: 114,703,323,136 bytes free Post-Run: 114,240,286,720 bytes free . - - End Of File - - E2578497D790E8DA6C206C979DEA6363 A36C5E4F47E84449FF07ED3517B43A31

I still need help. I need to action the prior post but I was called away to work. I should get the above done this evening. I'll respond with results.

Hi, after doing all of that to the letter in Chrome Awesomehp still returned as the home page. Let me please say at this stage thank you for all you are doing, it is greatly appreciated. It's a toughie to remove huh!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01 Ran by Malcolm at 2014-02-16 13:04:39 Run:1 Running from C:\Users\Malcolm\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [fst_fr_83] - [X] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1392192095&from=tugs&uid=TOSHIBAXMK1646GSX_Y79ET3XSTXXY79ET3XST&q={searchTerms} SearchScopes: HKLM - DefaultScope value is missing. FF SelectedSearchEngine: awesomehp FF Extension: No Name - C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\4kimnyfw.default\Extensions\1392192135_xpi [2014-02-12] FF Extension: Extension_Protected - C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\4kimnyfw.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-12] CHR HKLM\...\Chrome\Extension: [dbpebffoameokfhnaaedmefjncfboino] - C:\Program Files\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx [2013-12-23] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\fst_fr_83 => Value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. Firefox newtab deleted successfully. Firefox SelectedSearchEngine deleted successfully. C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\4kimnyfw.default\Extensions\1392192135_xpi => Moved successfully. C:\Users\Malcolm\AppData\Roaming\Mozilla\Firefox\Profiles\4kimnyfw.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi => Moved successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino => Key deleted successfully. "C:\Program Files\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx" => File/Directory not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ====

Attached, (Awesomehp is still hijacking my browser). Addition.txt FRST.txt

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.13.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16518 Malcolm :: MALCOLM-PC [administrator] 15/02/2014 16:37:02 mbam-log-2014-02-15 (16-37-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211429 Time elapsed: 14 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows 7 Ultimate x86 Ran by Malcolm on 15/02/2014 at 16:14:50.91 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\boost_interprocess" Failed to delete: [Folder] "C:\ProgramData\application data\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Malcolm\AppData\Roaming\getrighttogo" Successfully deleted: [Folder] "C:\Users\Malcolm\appdata\local\software" ~~~ FireFox Successfully deleted the following from C:\Users\Malcolm\AppData\Roaming\mozilla\firefox\profiles\4kimnyfw.default\prefs.js user_pref("extensions.iminent.admin", false); user_pref("extensions.iminent.aflt", "orgnl"); user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}"); user_pref("extensions.iminent.autoRvrt", "false"); user_pref("extensions.iminent.dfltLng", ""); user_pref("extensions.iminent.excTlbr", false); user_pref("extensions.iminent.ffxUnstlRst", false); user_pref("extensions.iminent.id", "548a8c2c000000000000001dd9e928af"); user_pref("extensions.iminent.instlDay", "16036"); user_pref("extensions.iminent.instlRef", ""); user_pref("extensions.iminent.newTab", false); user_pref("extensions.iminent.prdct", "iminent"); user_pref("extensions.iminent.prtnrId", "iminent"); user_pref("extensions.iminent.rvrt", "false"); user_pref("extensions.iminent.smplGrp", "none"); user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO"); user_pref("extensions.iminent.vrsn", "1.8.26.8"); user_pref("extensions.iminent.vrsnTs", "1.8.26.816:24:48"); user_pref("extensions.iminent.vrsni", "1.8.26.8"); user_pref("iminent.LayoutId", "1"); user_pref("iminent.enabledAds", "false"); user_pref("iminent.version", "7.48.1.1"); user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.48.1.1\",\"InstallEventCTime\":1385565904873,\"InstallEvent\":\"True\"}"); Emptied folder: C:\Users\Malcolm\AppData\Roaming\mozilla\firefox\profiles\4kimnyfw.default\minidumps [194 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15/02/2014 at 16:26:43.13 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi, many thanks. No I heven't run JRT, will do so now.

Attached attach.txt dds.txt

Report attached RKreport0_S_02152014_102227.txt

Attached as instructed. attach.txt dds.txt

Hi, it appears to be a browser hijack. How can I remove it please?