Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Abusive popping internet windows - Need a help


  • This topic is locked This topic is locked
14 replies to this topic

#1 Pufu

Pufu

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 04 April 2014 - 04:13 PM

Hi!

 

Unfortunately i have some problems with my computer:

 

1. From time to time a half of Chrome new window is opening in a corner of my screen and it shows me different sites with commercials (the most common site that is showened is League of Angels), and a song is starting while the page is opened. This is happending only when i have Chrome opened. This is very annoyng because it can pop up many times.

 

2. The second problem that i notice is that for example i am in GMAIL account and i clik on a link send by another friend (and for example that link is about a weather site) after clicking, instead of directing me to that weather site, "something" is redirecting me to another site (the most common site that i was redirected was bet365 ) which is a sporting bet site.

 

I made some reserch and i found out that ComboFix is a very good program, that can help me with my problem. I downloaded the program from http://www.bleepingcomputer.com/download/combofix/ and i Instaled using the normal steps there were required on this site (I have also the steps - if needed, i can attach them). After i run the scan, as per the instruction, i obtain the ComboFix log, that i should receive after scanning.

 

I was enthusiat because i thought that the tool remove the infection, but after browsing the internet, in a couple of minutes, the pages start pop-ing up again. 

 

Than i found this forum, and i was thinking that somebody can help me removing this Malware.

 

So the question is, what to do next? Does somebody can help me? 

 

Sorry for my english..... i am not a very good writer but i hope that it is readable.

 

Thank you for your time and help!

 

Pufu



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 05 April 2014 - 04:23 AM





Hello Pufu

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Pufu

Pufu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 05 April 2014 - 04:50 AM

Attached File  Addition.txt   48.94KB   0 downloadsHi!
 
I finished scanning with Farbar Recovery Scan Tool. Below you can find the FRST.txt report.
Also attached you can find Addition.txt log.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Niflor (administrator) on NIFLOR-PC on 05-04-2014 12:40:01
Running from C:\Users\Niflor\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Wlan\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Intel® Corporation) C:\Program Files\Wlan\WiFi\bin\ZeroConfigService.exe
(Joxi) C:\Program Files (x86)\Joxi\joxi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Wlan\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Wlan\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IME JPN 2007 Migration] - C:\Program Files\Common Files\Microsoft Shared\IME12\IMEJP\IMJPKLMG.EXE [107824 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Korean IME Migration] - C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Microsoft Pinyin IME Migration] - C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE [60208 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IME JPN 2007 Migration] - C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE [59184 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Korean IME Migration] - C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] - C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32560 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR10] - C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2010-12-30] (ABBYY.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-839805107-3258317376-40612473-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-839805107-3258317376-40612473-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-839805107-3258317376-40612473-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-839805107-3258317376-40612473-1000\...\Run: [Joxi] - C:\Program Files (x86)\Joxi\joxi.exe [3011072 2013-12-19] (Joxi)
Startup: C:\Users\Niflor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4610 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 4610 series.lnk -> C:\Program Files\HP\HP Deskjet 4610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchsun.info/?pid=724&r=2014/03/16&hid=2438626409925340333&lg=EN&cc=RO
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x940B892971D6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchsun.info/?pid=724&r=2014/03/16&hid=2438626409925340333&lg=EN&cc=RO
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/16&hid=2438626409925340333&lg=EN&cc=RO
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/16&hid=2438626409925340333&lg=EN&cc=RO
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/16&hid=2438626409925340333&lg=EN&cc=RO
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/16&hid=2438626409925340333&lg=EN&cc=RO
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.ro/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (Google Docs) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-31]
CHR Extension: (Disc Google) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-31]
CHR Extension: (YouTube) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-31]
CHR Extension: (Adblock Plus) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-01]
CHR Extension: (căutare Google) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-31]
CHR Extension: (Speed Dial) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2013-11-01]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2013-11-01]
CHR Extension: (safeuweB) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipajdpbbgafjjjhaopclpfdbepicdeo [2014-03-16]
CHR Extension: (YoutubeAdblocker) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jojfgepdpjkphgigjmakgmkihpallbcl [2014-03-16]
CHR Extension: (Shareaholic for Google Chrome) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2014-03-16]
CHR Extension: (Google Wallet) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Gmail) - C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-31]
 
==================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2010-07-22] (ABBYY)
R2 AMPPALR3; C:\Program Files\Wlan\BluetoothHS\BTHSAmpPalService.exe [659472 2012-07-18] (Intel Corporation)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 BTHSSecurityMgr; C:\Program Files\Wlan\BluetoothHS\BTHSSecurityMgr.exe [135984 2012-08-23] (Intel® Corporation)
R2 EvtEng; C:\Program Files\Wlan\WiFi\bin\EvtEng.exe [629040 2012-08-23] (Intel® Corporation)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-15] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Wlan\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [135168 2012-06-29] (Nalpeiron Ltd.)
S2 NewServiceInstall1; C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [11264 2007-04-23] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-16] (Nitro PDF Software)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 ZeroConfigService; C:\Program Files\Wlan\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2013-10-31] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-05 12:40 - 2014-04-05 12:40 - 00018809 _____ () C:\Users\Niflor\Desktop\FRST.txt
2014-04-05 12:39 - 2014-04-05 12:40 - 00000000 ____D () C:\FRST
2014-04-05 12:38 - 2014-04-05 12:38 - 02157056 _____ (Farbar) C:\Users\Niflor\Desktop\FRST64.exe
2014-04-04 23:33 - 2014-04-04 23:33 - 00025363 _____ () C:\ComboFix.txt
2014-04-04 23:24 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-04 23:24 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-04 23:24 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-04 23:24 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-04 23:24 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-04 23:24 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-04 23:24 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-04 23:24 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-04 23:21 - 2014-04-04 23:33 - 00000000 ____D () C:\Qoobox
2014-04-04 23:21 - 2014-04-04 23:31 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 23:04 - 2014-04-04 23:05 - 05193944 ____R (Swearware) C:\Users\Niflor\Desktop\ComboFix.exe
2014-04-04 17:05 - 2014-04-04 17:45 - 07398028 _____ () C:\Users\Niflor\Desktop\Presentation1.pptx
2014-04-03 16:34 - 2014-04-04 10:51 - 00000000 ____D () C:\Users\Niflor\Desktop\Aspena, Amagram online 05.14  125528, tr, en-ro, 03.04
2014-04-01 17:15 - 2014-04-01 17:17 - 00000000 ____D () C:\Users\Niflor\Desktop\Medicare, tr, en-ro,31.03
2014-03-25 14:32 - 2014-03-25 14:32 - 00000000 ____D () C:\saved
2014-03-20 12:10 - 2014-03-20 12:10 - 01831750 _____ () C:\Users\Niflor\Documents\Setup.Xbench.2.9.474.zip
2014-03-18 19:58 - 2014-03-18 19:58 - 00000000 ____D () C:\Users\Niflor\AppData\Local\AvMap
2014-03-18 19:32 - 2014-03-18 19:32 - 00000000 ____D () C:\Program Files (x86)\Av-Map
2014-03-16 17:11 - 2014-03-16 17:11 - 00000842 _____ () C:\Users\Niflor\Desktop\TRADUCAT..lnk
2014-03-16 13:10 - 2014-03-16 13:16 - 00000000 ____D () C:\ProgramData\NextCoup
2014-03-16 13:10 - 2014-03-16 13:15 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-03-16 13:10 - 2014-03-16 13:10 - 01614344 _____ () C:\Windows\SysWOW64\setup.exe
2014-03-16 11:00 - 2014-03-16 11:00 - 00000000 ____D () C:\Users\Niflor\Documents\Optimizer Pro
2014-03-16 10:46 - 2014-03-16 13:12 - 00000000 ____D () C:\ProgramData\Search-eNEWTab
2014-03-16 10:46 - 2014-03-16 13:09 - 00000000 ____D () C:\Program Files (x86)\Search-eNEWTab
2014-03-16 10:45 - 2014-03-16 10:46 - 00000000 ____D () C:\ProgramData\SnowApp
2014-03-16 10:45 - 2014-03-16 10:45 - 00002688 _____ () C:\Windows\System32\Tasks\SW-Booster-S-5121721648
2014-03-16 10:44 - 2014-03-18 10:52 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-03-16 10:44 - 2014-03-17 11:28 - 00000000 ____D () C:\ProgramData\d0e30666f75b84e3
2014-03-16 10:44 - 2014-03-16 13:12 - 00000000 ____D () C:\ProgramData\safewebb
2014-03-16 10:44 - 2014-03-16 13:10 - 00000000 ____D () C:\Program Files (x86)\safewebb
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Torch
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Packages
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Comodo
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Guest
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Administrator
2014-03-16 10:43 - 2014-03-16 10:45 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-16 10:21 - 2014-03-16 10:21 - 00000000 ____D () C:\Users\Niflor\AppData\Roaming\dvdcss
2014-03-14 10:14 - 2014-03-17 13:29 - 00004096 ____H () C:\Users\Niflor\AppData\Local\keyfile3.drm
2014-03-12 12:36 - 2014-03-12 12:36 - 00000000 ____D () C:\Users\Niflor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Text United
2014-03-12 12:36 - 2014-03-12 12:36 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Text_United_GmbH
2014-03-12 12:36 - 2014-03-12 12:36 - 00000000 ____D () C:\Program Files (x86)\Text United GmbH
2014-03-12 12:35 - 2014-03-12 12:35 - 13115392 _____ () C:\Users\Niflor\Documents\TextUnitedAppSetup.msi
2014-03-10 10:40 - 2014-03-24 19:03 - 00021642 _____ () C:\Users\Niflor\Desktop\trad GE_RO.xlsx
2014-03-07 20:46 - 2014-04-01 00:13 - 00000000 ____D () C:\Users\Niflor\Desktop\dai
 
==================== One Month Modified Files and Folders =======
 
2014-04-05 12:40 - 2014-04-05 12:40 - 00018809 _____ () C:\Users\Niflor\Desktop\FRST.txt
2014-04-05 12:40 - 2014-04-05 12:39 - 00000000 ____D () C:\FRST
2014-04-05 12:38 - 2014-04-05 12:38 - 02157056 _____ (Farbar) C:\Users\Niflor\Desktop\FRST64.exe
2014-04-05 12:29 - 2013-11-01 05:54 - 01171661 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 12:29 - 2013-10-31 22:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 12:27 - 2013-10-31 22:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 10:25 - 2009-07-14 08:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 00:25 - 2009-07-14 07:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 00:25 - 2009-07-14 07:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 00:20 - 2012-09-26 10:53 - 00000967 _____ () C:\Windows\SysWOW64\bscs.ini
2014-04-05 00:17 - 2014-02-09 14:33 - 00000000 ____D () C:\Users\Niflor\Joxi
2014-04-05 00:17 - 2013-11-01 02:51 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-04-05 00:17 - 2013-11-01 02:51 - 00000061 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-04-05 00:17 - 2013-10-31 22:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 00:17 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 00:16 - 2010-11-21 06:47 - 00161800 _____ () C:\Windows\PFRO.log
2014-04-05 00:16 - 2009-07-14 07:51 - 00055762 _____ () C:\Windows\setupact.log
2014-04-04 23:33 - 2014-04-04 23:33 - 00025363 _____ () C:\ComboFix.txt
2014-04-04 23:33 - 2014-04-04 23:21 - 00000000 ____D () C:\Qoobox
2014-04-04 23:31 - 2014-04-04 23:21 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 23:31 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-04 23:08 - 2013-10-31 23:05 - 00000000 ____D () C:\Users\Niflor\AppData\Roaming\Skype
2014-04-04 23:05 - 2014-04-04 23:04 - 05193944 ____R (Swearware) C:\Users\Niflor\Desktop\ComboFix.exe
2014-04-04 17:45 - 2014-04-04 17:05 - 07398028 _____ () C:\Users\Niflor\Desktop\Presentation1.pptx
2014-04-04 10:51 - 2014-04-03 16:34 - 00000000 ____D () C:\Users\Niflor\Desktop\Aspena, Amagram online 05.14  125528, tr, en-ro, 03.04
2014-04-02 17:56 - 2014-02-26 17:21 - 00012955 _____ () C:\Users\Niflor\Desktop\Trados grid ALKEMIST.xlsx
2014-04-01 17:17 - 2014-04-01 17:15 - 00000000 ____D () C:\Users\Niflor\Desktop\Medicare, tr, en-ro,31.03
2014-04-01 00:13 - 2014-03-07 20:46 - 00000000 ____D () C:\Users\Niflor\Desktop\dai
2014-03-31 22:35 - 2014-02-21 19:22 - 00000000 ____D () C:\Users\Niflor\Desktop\daiy-schite scanate
2014-03-31 15:04 - 2013-11-03 21:44 - 00000000 ____D () C:\Users\Niflor\AppData\Roaming\Nitro PDF
2014-03-31 12:42 - 2013-11-01 22:10 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Microsoft Help
2014-03-28 12:30 - 2014-02-27 17:13 - 00000000 ____D () C:\Users\Niflor\Desktop\Alkemist, 24-2-14_11-2-14_Product range translation - part2, tr, ge-ro, 27.02
2014-03-27 22:24 - 2013-10-31 22:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 22:24 - 2013-10-31 22:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 14:36 - 2014-01-28 21:59 - 00000000 ____D () C:\censhare
2014-03-25 14:32 - 2014-03-25 14:32 - 00000000 ____D () C:\saved
2014-03-25 12:45 - 2014-02-03 12:04 - 00210432 _____ () C:\Users\Niflor\Desktop\oldEvidenta 2014.xls
2014-03-24 19:03 - 2014-03-10 10:40 - 00021642 _____ () C:\Users\Niflor\Desktop\trad GE_RO.xlsx
2014-03-20 12:10 - 2014-03-20 12:10 - 01831750 _____ () C:\Users\Niflor\Documents\Setup.Xbench.2.9.474.zip
2014-03-18 19:58 - 2014-03-18 19:58 - 00000000 ____D () C:\Users\Niflor\AppData\Local\AvMap
2014-03-18 19:32 - 2014-03-18 19:32 - 00000000 ____D () C:\Program Files (x86)\Av-Map
2014-03-18 10:52 - 2014-03-16 10:44 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-03-17 13:29 - 2014-03-14 10:14 - 00004096 ____H () C:\Users\Niflor\AppData\Local\keyfile3.drm
2014-03-17 11:28 - 2014-03-16 10:44 - 00000000 ____D () C:\ProgramData\d0e30666f75b84e3
2014-03-17 10:10 - 2014-02-18 19:05 - 00000000 ____D () C:\Users\Niflor\Desktop\Traducatori Ge-RO
2014-03-16 17:11 - 2014-03-16 17:11 - 00000842 _____ () C:\Users\Niflor\Desktop\TRADUCAT..lnk
2014-03-16 13:19 - 2013-10-31 23:01 - 00000000 ____D () C:\Users\Niflor\AppData\Roaming\uTorrent
2014-03-16 13:16 - 2014-03-16 13:10 - 00000000 ____D () C:\ProgramData\NextCoup
2014-03-16 13:15 - 2014-03-16 13:10 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-03-16 13:12 - 2014-03-16 10:46 - 00000000 ____D () C:\ProgramData\Search-eNEWTab
2014-03-16 13:12 - 2014-03-16 10:44 - 00000000 ____D () C:\ProgramData\safewebb
2014-03-16 13:10 - 2014-03-16 13:10 - 01614344 _____ () C:\Windows\SysWOW64\setup.exe
2014-03-16 13:10 - 2014-03-16 10:44 - 00000000 ____D () C:\Program Files (x86)\safewebb
2014-03-16 13:09 - 2014-03-16 10:46 - 00000000 ____D () C:\Program Files (x86)\Search-eNEWTab
2014-03-16 11:00 - 2014-03-16 11:00 - 00000000 ____D () C:\Users\Niflor\Documents\Optimizer Pro
2014-03-16 10:46 - 2014-03-16 10:45 - 00000000 ____D () C:\ProgramData\SnowApp
2014-03-16 10:45 - 2014-03-16 10:45 - 00002688 _____ () C:\Windows\System32\Tasks\SW-Booster-S-5121721648
2014-03-16 10:45 - 2014-03-16 10:43 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Torch
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Packages
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Comodo
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Guest
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-03-16 10:44 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\Administrator
2014-03-16 10:44 - 2013-10-31 22:51 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Google
2014-03-16 10:21 - 2014-03-16 10:21 - 00000000 ____D () C:\Users\Niflor\AppData\Roaming\dvdcss
2014-03-16 10:21 - 2013-11-01 19:38 - 00000000 ____D () C:\Users\Niflor\AppData\Roaming\vlc
2014-03-16 10:19 - 2013-10-31 22:00 - 00088848 _____ () C:\Users\Niflor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-16 10:19 - 2009-07-14 07:45 - 05173536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 12:36 - 2014-03-12 12:36 - 00000000 ____D () C:\Users\Niflor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Text United
2014-03-12 12:36 - 2014-03-12 12:36 - 00000000 ____D () C:\Users\Niflor\AppData\Local\Text_United_GmbH
2014-03-12 12:36 - 2014-03-12 12:36 - 00000000 ____D () C:\Program Files (x86)\Text United GmbH
2014-03-12 12:35 - 2014-03-12 12:35 - 13115392 _____ () C:\Users\Niflor\Documents\TextUnitedAppSetup.msi
2014-03-12 00:27 - 2013-10-31 22:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 00:27 - 2013-10-31 22:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 00:27 - 2013-10-31 22:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:33 - 2009-07-14 08:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-31 19:10
 
==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 05 April 2014 - 05:13 AM



Hello Pufu

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Pufu

Pufu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 05 April 2014 - 05:57 AM

Hi!

Until now i did not have any problems discribed in the first post (no pop-us, no false redirecting to oder unedeed sites). I hope that my computer is clean :)

 

I run the 2 tools and below you can find the first log from AdwCleaner named AdwCleaner[S0].txt:

 

# AdwCleaner v3.023 - Report created 05/04/2014 at 13:22:30
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Niflor - NIFLOR-PC
# Running from : C:\Users\Niflor\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\Search-eNEWTab
Folder Deleted : C:\Program Files (x86)\Search-eNEWTab
Folder Deleted : C:\Users\Niflor\AppData\Local\torch
Folder Deleted : C:\Users\Niflor\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Niflor\Documents\Optimizer Pro
Folder Deleted : C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v33.0.1750.154
 
Also below you can find the log from Junkware Removal Tool named JRT.txt:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by Niflor on Sat 04/05/2014 at 13:28:20.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/05/2014 at 13:33:15.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
[ File : C:\Users\Niflor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3040 octets] - [05/04/2014 13:21:39]
AdwCleaner[S0].txt - [2576 octets] - [05/04/2014 13:22:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2636 octets] ##########


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 05 April 2014 - 06:55 AM


Hello Pufu

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Pufu

Pufu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 05 April 2014 - 09:08 AM

I finished the last scan with ComboFix. Here is the Log:

 

The problem with the redirection is still apearing while i try to open for the first/second time (for example a link from Gmail). After the 3rd time, the link is openning to the page that it should be.

 

ComboFix 14-04-03.01 - Niflor 04/04/2014  23:25:39.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3975.1866 [GMT 3:00]
Running from: c:\users\Niflor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 2 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\YoutubeAdblocker
c:\programdata\Roaming
c:\users\Niflor\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-04 to 2014-04-04  )))))))))))))))))))))))))))))))
.
.
2014-04-04 20:31 . 2014-04-04 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-04 19:49 . 2014-04-04 19:49 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF82ACA5-2F50-43EE-AAD6-7895F69A5A9B}\offreg.dll
2014-04-04 07:12 . 2014-02-20 19:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D39AB5C0-35A2-4CE7-A877-479C16A4A8B4}\gapaengine.dll
2014-04-04 07:11 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF82ACA5-2F50-43EE-AAD6-7895F69A5A9B}\mpengine.dll
2014-04-02 17:10 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-25 11:32 . 2014-03-25 11:32 -------- d-----w- C:\saved
2014-03-18 16:58 . 2014-03-18 16:58 -------- d-----w- c:\users\Niflor\AppData\Local\AvMap
2014-03-18 16:32 . 2014-03-18 16:32 -------- d-----w- c:\program files (x86)\Av-Map
2014-03-16 10:10 . 2014-03-16 10:16 -------- d-----w- c:\programdata\NextCoup
2014-03-16 10:10 . 2014-03-16 10:15 -------- d-----w- c:\program files (x86)\NextCoup
2014-03-16 10:10 . 2014-03-16 10:10 1614344 ----a-w- c:\windows\SysWow64\setup.exe
2014-03-16 07:46 . 2014-03-16 10:12 -------- d-----w- c:\programdata\Search-eNEWTab
2014-03-16 07:46 . 2014-03-16 10:09 -------- d-----w- c:\program files (x86)\Search-eNEWTab
2014-03-16 07:45 . 2014-03-16 07:46 -------- d-----w- c:\programdata\SnowApp
2014-03-16 07:44 . 2014-03-18 07:52 -------- d-----w- c:\programdata\YoutubeAdblocker
2014-03-16 07:44 . 2014-03-16 10:12 -------- d-----w- c:\programdata\safewebb
2014-03-16 07:44 . 2014-03-16 07:44 -------- d-----w- c:\users\Niflor\AppData\Local\Packages
2014-03-16 07:44 . 2014-03-16 10:10 -------- d-----w- c:\program files (x86)\safewebb
2014-03-16 07:44 . 2014-03-17 08:28 -------- d-----w- c:\programdata\d0e30666f75b84e3
2014-03-16 07:44 . 2014-03-16 07:44 -------- d-----w- c:\users\Niflor\AppData\Local\Torch
2014-03-16 07:44 . 2014-03-16 07:44 -------- d-----w- c:\users\Niflor\AppData\Local\Comodo
2014-03-16 07:44 . 2014-03-16 07:44 -------- d-----w- c:\users\HomeGroupUser$
2014-03-16 07:44 . 2014-03-16 07:44 -------- d-----w- c:\users\Guest
2014-03-16 07:44 . 2014-03-16 07:44 -------- d-----w- c:\users\Administrator
2014-03-16 07:43 . 2014-03-16 07:45 -------- d-----w- c:\programdata\InstallMate
2014-03-16 07:21 . 2014-03-16 07:21 -------- d-----w- c:\users\Niflor\AppData\Roaming\dvdcss
2014-03-12 09:36 . 2014-03-12 09:36 -------- d-----w- c:\users\Niflor\AppData\Local\Text_United_GmbH
2014-03-12 09:36 . 2014-03-12 09:36 -------- d-----w- c:\program files (x86)\Text United GmbH
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 21:27 . 2013-10-31 19:50 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 21:27 . 2013-10-31 19:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 19:50 . 2013-11-06 15:56 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-16 07:31 . 2014-01-30 18:38 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-06 12:16 . 2014-02-16 07:23 23170048 ----a-w- c:\windows\system32\mshtml.dll
2014-02-06 11:30 . 2014-02-16 07:23 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 11:30 . 2014-02-16 07:23 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 . 2014-02-16 07:23 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-02-06 11:07 . 2014-02-16 07:23 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 11:06 . 2014-02-16 07:23 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 . 2014-02-16 07:23 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-02-06 10:56 . 2014-02-16 07:23 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-02-06 10:52 . 2014-02-16 07:23 574976 ----a-w- c:\windows\system32\ieui.dll
2014-02-06 10:49 . 2014-02-16 07:23 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 10:48 . 2014-02-16 07:23 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 10:48 . 2014-02-16 07:23 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 10:32 . 2014-02-16 07:23 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-02-06 10:20 . 2014-02-16 07:23 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-06 10:17 . 2014-02-16 07:23 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-06 10:11 . 2014-02-16 07:23 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 10:01 . 2014-02-16 07:23 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-02-06 10:00 . 2014-02-16 07:23 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:57 . 2014-02-16 07:23 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-02-06 09:50 . 2014-02-16 07:23 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 09:47 . 2014-02-16 07:23 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46 . 2014-02-16 07:23 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25 . 2014-02-16 07:23 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-02-06 09:24 . 2014-02-16 07:23 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-02-06 09:22 . 2014-02-16 07:23 13051392 ----a-w- c:\windows\system32\ieframe.dll
2014-02-06 09:09 . 2014-02-16 07:23 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:55 . 2014-02-16 07:23 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-02-06 08:41 . 2014-02-16 07:23 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-02-06 08:40 . 2014-02-16 07:23 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Joxi"="c:\program files (x86)\Joxi\joxi.exe" [2013-12-19 3011072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-24 290688]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-29 636032]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2013-07-31 337184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2006-10-26 59184]
"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 32560]
"Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-12-29 941320]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\Niflor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 4610 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 4610 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN321240T205TK;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NewServiceInstall1;NewServiceInstall1;c:\program files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng;c:\program files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Wlan\WiFi\bin\PanDhcpDns.exe;c:\program files\Wlan\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Wlan\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Wlan\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Wlan\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Wlan\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe;c:\windows\SysWOW64\nalserv.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Wlan\WiFi\bin\ZeroConfigService.exe;c:\program files\Wlan\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 10:25 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31 21:27]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31 19:50]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31 19:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-12 1664000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 439064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2006-10-26 107824]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 60208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.searchsun.info/?pid=724&r=2014/03/16&hid=2438626409925340333&lg=EN&cc=RO
mStart Page = hxxp://websearch.searchsun.info/?pid=724&r=2014/03/16&hid=2438626409925340333&lg=EN&cc=RO
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-LiveSupport - c:\program files (x86)\LiveSupport\LiveSupport.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NewServiceInstall1]
"ImagePath"="\"c:\program files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839805107-3258317376-40612473-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-839805107-3258317376-40612473-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-839805107-3258317376-40612473-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-04  23:33:40
ComboFix-quarantined-files.txt  2014-04-04 20:33
.
Pre-Run: 149,940,826,112 bytes free
Post-Run: 150,089,416,704 bytes free
.
- - End Of File - - 3D704620F4CBFD9A1033ABD0F18B1AF9
A36C5E4F47E84449FF07ED3517B43A31


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 05 April 2014 - 12:24 PM


Hello Pufu

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 08 April 2014 - 08:05 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 11 April 2014 - 08:05 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Pufu

Pufu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 11 April 2014 - 01:41 PM

Hi!
 

Sorry for the late reply. I was very busy this week and i did not had time, even to write a post :(. I want to give you a BIG THANK YOU for helping me. I followed all the steps that you told me to do, and indeed, after 6 days in a row (using the laptop more that 12 hours per day), i can tell you i did not have any pop up window, i do not have any bad link redirections. The laptop is working like before starting having this problems.

 

So, thank you again! You helped a lot!  :bananas:



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 11 April 2014 - 07:57 PM


Hello Pufu

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 15 April 2014 - 07:39 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 18 April 2014 - 07:33 AM


Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 PM

Posted 23 April 2014 - 07:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users