IE10 browser hijacked. Unable to load firewall or download programs.

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update Installer for WildTangent Games App (x32)
Virtual Families Packages (HKCU)
WebReg (x32 Version: 140.0.213.017)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.20)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Yahoo! Install Manager (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
Zynga Toolbar (x32 Version: 6.6.0.19)

==================== Restore Points =========================

14-10-2013 18:41:24 Windows Update
16-10-2013 07:00:26 Windows Update
19-10-2013 16:13:41 Windows Update
22-10-2013 20:32:44 Windows Update
26-10-2013 04:35:07 Windows Update
29-10-2013 19:09:22 Windows Update
02-11-2013 12:26:46 Windows Update
03-11-2013 16:26:36 Windows Update
05-11-2013 00:28:19 Windows Update
05-11-2013 01:04:52 Restore Operation
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {27C3AAA0-16B8-4734-B285-2F1FB4450262} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: {3BC23112-6EEF-4331-B187-4F035672F2DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3DE07794-F87E-465A-A542-302181639DDA} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {428AA29D-F7DF-434B-9414-B2EBA1918AA5} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-11-06] ()
Task: {52E5F916-18B8-4842-BB1A-B5231C2BE01C} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {5A7E9587-C543-46A7-AA9B-45D410CE9C43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6BD88CB3-D4A6-4F1D-9E3F-FDCF871262D5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-25] ()
Task: {77B31085-9A88-4558-B646-6F3429E464EF} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {87AB47AB-DE21-41BA-AF8D-10C63151FC4D} - System32\Tasks\HPCeeScheduleForDon's Computer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9112C581-18CA-4959-B8C7-A113A8FD42F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: {93187FAA-9E56-4C11-91A7-32E9D773ADDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {95F5A24D-8FAC-480D-8154-631D0775AB67} - System32\Tasks\{D64C2387-BAC1-487C-87F0-0E402859CC1A} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)
Task: {DFD2F881-A9E2-4ADA-99B8-A9984A9DF967} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {E5BD8A8A-F093-431F-8EE4-6E212FEA46E6} - System32\Tasks\{65A5A575-C28E-4A39-B942-ECFA090289BD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)
Task: {F6B02AE1-3226-461B-A1EE-130A4FF3BBB0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F9D6FA5B-B110-490B-B2A6-9E865ABC7AE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDon's Computer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-05 15:45 - 2009-08-05 15:45 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2013-10-17 06:59 - 2013-10-08 19:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-17 06:59 - 2013-10-08 19:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-17 06:59 - 2013-10-08 19:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-17 06:59 - 2013-10-08 19:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-17 06:59 - 2013-10-08 19:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2013 07:53:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8127

Error: (11/06/2013 07:53:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8127

Error: (11/06/2013 07:53:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2013 07:53:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7129

Error: (11/06/2013 07:53:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7129

Error: (11/06/2013 07:53:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2013 07:53:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6130

Error: (11/06/2013 07:53:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6130

Error: (11/06/2013 07:53:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2013 07:53:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5116


System errors:
=============
Error: (11/06/2013 07:54:26 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/06/2013 07:54:26 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/06/2013 06:52:25 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/06/2013 06:52:25 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/05/2013 07:51:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1475.0).

Error: (11/05/2013 07:51:09 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.161.1475.0

Update Source: %NT AUTHORITY59

Update Stage: 4.3.0219.00

Source Path: 4.3.0219.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/05/2013 07:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
%%1075

Error: (11/05/2013 07:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

Error: (11/05/2013 07:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
%%1075

Error: (11/05/2013 07:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (02/21/2013 01:20:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/17/2013 09:23:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/04/2012 10:36:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/30/2011 07:37:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/05/2011 09:08:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/13/2010 03:54:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/03/2010 10:00:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1115 seconds with 480 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 4085.18 MB
Available physical RAM: 2454.98 MB
Total Pagefile: 8168.54 MB
Available Pagefile: 5688.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:584.25 GB) (Free:515.1 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.83 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
Did not get the full reports...bummer!

Let's see if you can attach them.

Can you go to Post Reply, and underneath it there is a Manage Attachements button.
Press the button, and use the Browse button to find the two reports
After you find the two reports, and they show in the Browse area, press Upload.
Then, Submit Reply.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Attached

ok- I believe they are attached!
 

Attachments

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10

My Computer My Computer

At a glance

64-bit Windows 8.1 ProCore(TM) i5 CPU 4330 Haswell @ 3.20GHz12.00 GBIntel(R) HD Graphics
Computer type
PC/Desktop
Computer Manufacturer/Model Number
LENOVO K450 @3.0GHZ
OS
64-bit Windows 8.1 Pro
CPU
Core(TM) i5 CPU 4330 Haswell @ 3.20GHz
Motherboard
LENOVO
Memory
12.00 GB
Graphics Card(s)
Intel(R) HD Graphics
Sound Card
Intel HD integtrated
Monitor(s) Displays
HP 25' ISP Monitor
Screen Resolution
1900/1020
Hard Drives
(1) ST1000DM003-1CH162 (2) Generic STORAGE DEVICE USB Device (3) Generic STORAGE DEVICE USB Device
Internet Speed
100mb down/10mb up
Thanks for attaching the reports...much better! :)

Please do the following:

:info: You currently have FRST runniing from here:
Running from C:\Users\Don's Computer\Downloads

Please move the program to the Desktop!!

FRST and the fixlist.txt must both be located on the Desktop for the fix to work.


:info: Next, open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code').
Save it to the Desktop, and name it: fixlist.txt

Code:
start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  
HKLM-x32\...\Run: [] - [x]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\$Recycle.Bin\S-1-5-21-2982386112-72398405-702705557-1001\$b80a22a4e43c428dffe6dbf6617acc42:
C:\$Recycle.Bin\S-1-5-18\$b80a22a4e43c428dffe6dbf6617acc42
C:\ProgramData\lsass.exe
C:\Users\Don's Computer\AppData\Local\Temp\BackupSetup.exe
C:\Users\Don's Computer\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Don's Computer\AppData\Local\Temp\HPPSdr.exe
C:\Users\Don's Computer\AppData\Local\Temp\i4jdel0.exe
C:\Users\Don's Computer\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Don's Computer\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Don's Computer\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Don's Computer\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Don's Computer\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Don's Computer\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Don's Computer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Don's Computer\AppData\Local\Temp\nsd1288.exe
C:\Users\Don's Computer\AppData\Local\Temp\nsnFB9.exe
C:\Users\Don's Computer\AppData\Local\Temp\nssD19.exe
C:\Users\Don's Computer\AppData\Local\Temp\nssE270.exe
C:\Users\Don's Computer\AppData\Local\Temp\nsxDD11.exe
C:\Users\Don's Computer\AppData\Local\Temp\nsxDFD0.exe
C:\Users\Don's Computer\AppData\Local\Temp\Resource.exe
C:\Users\Don's Computer\AppData\Local\Temp\setup.exe
C:\Users\Don's Computer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Don's Computer\AppData\Local\Temp\sp58915.exe
C:\Users\Don's Computer\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Don's Computer\AppData\Local\Temp\tbConn.dll
C:\Users\Don's Computer\AppData\Local\Temp\TB_6DB.exe
C:\Users\Don's Computer\AppData\Local\Temp\UninstallHPSA.exe
end

NOTICE: This script is written specifically for this computer.
Running this on another computer may cause damage to the Operating System.

:info: Run FRST again, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt
:ar: Please post the Fixlog.txt in your reply.


There is more to clean up, but, we'll use other programs to do so. We are getting the worst out of the way.

Norton 360 is also installed. It is disabled and outdated, and needs to be uninstalled from Control Panel > Programs and Features.


:info: Now, please download Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
:ar: Please provide the FSS.txt in your reply.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Hi Tews- Yes, I had done that previously. Thank you for the input.
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
I would also like to chime in: if you have time on the weekend when you do not require the computer in question, I would STRONGLY advise running the Windows Defender Offline tool. I'm sure that it will come in very handy.
For instructions and download, go to: What is Windows Defender Offline?
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
OS
Windows 7
Antivirus
Microsoft Security Essentials
Browser
Google Chrome
Also, is your security program MSE?
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
OS
Windows 7
Antivirus
Microsoft Security Essentials
Browser
Google Chrome

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
~~~
() C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
(Conduit) C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
~~~
Let me make myself clear. I'm not asking you to do anything at this point. You should only be following the instructions of one member at a time in cleanup thread like this. (Well, cottonball asked you to uninstall Norton 360 and Jacee provided a link to help with that - so no conflicting instructions there.)

I saw the "Social Privacy DNS" program when you first made the post. It took me a while to locate a link to download it so the I could learn about it. The only way that I could get it was to download a file that IE warned me not to save/run. I downloaded that bad file anyway and once I said yes to the UAC warning, that bad file silently installed the Conduit search engine and several other things.

I now know a bit about these "Social Privacy" (browser plug-in) and "Social Privacy DNS" (a DNS changer) apps. I'm not suggesting that you do anything about them just yet. Please continue to follow cottonball's road map for cleaning your computer.

By the way, I installed this possible malware into a Virtual Machine. I'm not risking infecting a real computer. If you have the UAC set at the default or higher level, then the DNS changer will fail to work after one reboot. The UAC app is a good thing :-)
 

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
I would also like to chime in: if you have time on the weekend when you do not require the computer in question, I would STRONGLY advise running the Windows Defender Offline tool. I'm sure that it will come in very handy.
For instructions and download, go to: What is Windows Defender Offline?
While it is fine to run this tool... it is not a good idea to do anything out of sequence with cottonball's instructions. The reports that the cleanup tools generate are analyzed by cottonball and a FIXIT* file is generated. If WDO is run between the time that the FIXIT file is prepared and the time that the OP runs the FIXIT file - bad stuff can happen.

That said, bad stuff probably won't happen due ton the nature of the FIXIT file - but it could happen. Let's let cottonball and Jacee move this OP toward a clean computer and then we can have our inputs after that.

I don't want to discourage you from helping others - this is just a nudge to ask you to change the timing on when you offer that help in a cleanup thread like these.

About WDO: it is by far the simplest offline scanner to suggest to people. I've suggested many time. However, it does not have the best track record at fixing the stuff that it finds. Sometimes if will "fix" the computer in such a way that it will no longer boot because WDO barfed the MBR fix.


*FIXIT is just a generic term not meant to reflect any real file name for any real cleanup tool.
 
Last edited:

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
Yes my security is MSE. I ran it. It found one item : Exploit:Java/CVE-2012-1723.

I will check into Windows Defender offline after work today.
Thank you!
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
Usernameissues- I just saw your post. Thank you. I will do as suggested.
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
Good morning Cottonball. I completely missed your last post somehow! I just saw it. I am on my way to work now, so I will do all you said when I get home tonight. I thank you for being so diligent in your help! I will keep you posted.
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
Hi Cottonball,

I put the frst & fixit file on the desktop. Then while running the frst again (scanning), this error came up:Line(file"C:users\Don's computer\frst64.exe"): Error: can not redeclare a constant.

Waiting on you to continue.
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
~~~
FRST and the fixlist.txt must both be located on the Desktop for the fix to work.
~~~

Hi Cottonball,

I put the frst & fixit file on the desktop. Then while running the frst again (scanning), this error came up:Line(file"C:users\Don's computer\frst64.exe"): Error: can not redeclare a constant.

Waiting on you to continue.
I hope that my post did not throw you off.
Did you name the file "fixit"?
Or did you named the file fixlist.txt as cottonball instructed?
 

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
No, you didn't throw me off. I appreciate the assistance, and Cottonball did a wonderful job a couple of weeks ago on a similar issue on a work computer for my sister! He's quite an asset! I nemd it fixlist.txt as he instructed. :)
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7
Antivirus
Microsoft
Browser
IE10
Phew...
Good.

:::back to lurking:::
 

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
Back
Top