21

@samuelgross

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...\Policies\Explorer\Run: [531646816] => C:\Documents and Settings\All Users\msanz.exe [77920512 2008-04-13] () CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-220523388-484061587-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,, HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms} HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms} HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,, HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms} HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms} HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKU\S-1-5-19 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms} SearchScopes: HKU\S-1-5-19 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms} SearchScopes: HKU\S-1-5-20 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms} SearchScopes: HKU\S-1-5-20 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {3AEAD5DA-D308-414D-8F76-0CCCFFAAE25B} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms} CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_br CHR RestoreOnStartup: Default -> "hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_br" CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - S2 vofohope; C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF\jnsn938.tmp [X] 2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430497961-FFFF-FFFF-FFFFFFFFFFFF 2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF 2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487407-FFFF-FFFF-FFFFFFFFFFFF 2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487393-FFFF-FFFF-FFFFFFFFFFFF 2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487251-FFFF-FFFF-FFFFFFFFFFFF 2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430094679-FFFF-FFFF-FFFFFFFFFFFF 2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2008-04-13 18:21 - 2008-04-13 18:21 - 77920512 ___SH () C:\Documents and Settings\All Users\msanz.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.