Pollylop

October 31, 2015

Hi,

Having followed your instructions, I ran Opera, Chrome and Firefox. Opera and seem okay but Firefox still dogged by all sorts of rubbish.

Fixlog.txt content:

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Daddy (2015-10-31 12:41:06) Run:2
Running from C:\Users\Daddy\Desktop\Malwarebytes
Loaded Profiles: Daddy (Available Profiles: Daddy & Sam & Nellie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\ProgramData\Internet Helper Anti-phishing
HKLM-x32\...\Run: [internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)
SearchScopes: HKU\S-1-5-21-3623026587-3860720058-271737125-1001 -> {FDF1F1B1-5BD8-4234-BB21-BF6253A2DD58} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_09&param1=1&param2=f%253D4%26b%3DIE%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyByB0DtB0DzytCyCyBtCtN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyEtBzzzyzztByCtG0CtD0FyDtG0CtB0A0CtG0DtAyBzztGyB0B0DtCtA0C0B0CyEtD0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DtC0AyCzy0BtG0E0F0D0EtGyEyEyByBtG0A0Bzy0EtG0DzyyE0CyD0AyDyEtA0D0CyD2Q%26cr%3D790217884%26a%3Dwny_wnzp_15_09%26os%3DWindows 7 Home Premium&p={searchTerms}
FF Extension: Summer Sports - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\cy7hpxr5.default\Extensions\BJ35iqJ@gmail.com [2015-05-27]
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1425140025&from=obw&uid=WDCXWD1001FAES-75W7A0_WD-WCATR541459314593
CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1425140025&from=obw&uid=WDCXWD1001FAES-75W7A0_WD-WCATR541459314593"
CHR Extension: (ciajakjjdopefddbfcjpiabklfjjdmjn) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciajakjjdopefddbfcjpiabklfjjdmjn [2015-04-01]
CHR Extension: (kikeacjcceacohckgiajooneiabebfjj) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-03-04]
CHR Extension: (Summer Sports) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb [2015-05-27]
CHR Extension: (ciajakjjdopefddbfcjpiabklfjjdmjn) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciajakjjdopefddbfcjpiabklfjjdmjn [2015-04-01]
CHR Extension: (kikeacjcceacohckgiajooneiabebfjj) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-03-04]
CHR Extension: (Summer Sports) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb [2015-05-27]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
S1 xxqcbaox; \??\C:\Windows\system32\drivers\xxqcbaox.sys [X]
C:\Windows\system32\drivers\xxqcbaox.sys
C:\Users\Daddy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6c19z.dll
C:\Users\Daddy\AppData\Local\Temp\GURF91D.exe
C:\Users\Daddy\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File

*****************

Restore point was successfully created.
C:\ProgramData\Internet Helper Anti-phishing => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Internet Helper Anti-phishing => value removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDF1F1B1-5BD8-4234-BB21-BF6253A2DD58}" => key removed successfully
HKCR\CLSID\{FDF1F1B1-5BD8-4234-BB21-BF6253A2DD58} => key not found.
C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\cy7hpxr5.default\Extensions\BJ35iqJ@gmail.com => moved successfully
C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\cy7hpxr5.default\Extensions\BJ35iqJ@gmail.com => path removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciajakjjdopefddbfcjpiabklfjjdmjn => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikeacjcceacohckgiajooneiabebfjj => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciajakjjdopefddbfcjpiabklfjjdmjn => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kikeacjcceacohckgiajooneiabebfjj => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb => moved successfully
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service stopped successfully.
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => service removed successfully
xxqcbaox => service not found.
"C:\Windows\system32\drivers\xxqcbaox.sys" => not found.
"C:\Users\Daddy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6c19z.dll" => not found.
C:\Users\Daddy\AppData\Local\Temp\GURF91D.exe => moved successfully
C:\Users\Daddy\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully

==== End of Fixlog 12:42:00 ====

October 15, 2015

Hi,

Please find two files attached...

J

FRST.txt

Addition.txt

October 15, 2015

Hi,

Thanks for the new instructions; will run these this evening...

J

October 8, 2015

Thanks, that's made a big difference !

I've attached the logs as requested:

Fixlog.txt
AdwCleaner.txt
JRT.txt

Thanks !

J

Fixlog.txt

AdwCleanerC1.txt

JRT.txt

October 5, 2015

FRST.txt file attached

FRST.txt

October 5, 2015

Hi,

My son uses the home computer to play games. Unfortunately, his downloads have included lots of adware which makes it virtually impossible to browse the internet. The FRST.txt and Addition.txt files are attached.

Thank you so much!

J

Addition.txt

Sign In

Pollylop

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by Pollylop

Hijacked by adware

Hijacked by adware

Hijacked by adware

Hijacked by adware

Hijacked by adware

Hijacked by adware

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information