Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome pop up at startup (extendedunlimited.com)


  • This topic is locked This topic is locked
8 replies to this topic

#1 Boubie

Boubie

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 01 July 2014 - 04:39 PM

Hey everyone,

 

It appears that I have recently acquired a sort of adware... Since not too long ago, every time I turn my computer, before anything on my desktop loads, command prompt pops up and Google Chrome pops up on the website "extendedunlimited.org" The language on this website appears to be Russian, and a lot of ads are on it.

 

I have tried a very small amount of "fixes" but to no avail, it still pops up every time I turn my PC on. 

I have tried running Avast!, , Malwarebytes, AdwCleaner but it's still here :(

Thank you for your time and your help.

Boubie

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16921  BrowserJavaVersion: 10.60.2
Run by Shiv at 23:41:32 on 2014-07-01
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.33.1033.18.8190.5413 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Jeux\_Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Shiv\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Jeux\Marvel Heroes Game\MarvelHeroesLauncher.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 218.213.104.17:8080
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Jeux\_Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "C:\Users\Shiv\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
uRun: [MusicManager] "C:\Users\Shiv\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Shiv\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shiv\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xporter vers Microsoft Excel - F:\MICROS~1\Office14\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{43DD9A4B-2951-4F36-A6BF-09ED56B7B749} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F32FAFFE-9813-4F1F-8589-4A3517E78413} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ExplorerWatcher Class: {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll
x64-Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shiv\AppData\Roaming\Mozilla\Firefox\Profiles\5rv07yj9.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\Shiv\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Shiv\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Shiv\AppData\Roaming\ACEStream\player\npace_plugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: F:\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: F:\MICROS~1\Office14\NPSPWRAP.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-5 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-5 208416]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-5 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-5 423240]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2013-6-12 87472]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-7-29 96896]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-5 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-5 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-5 50344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-18 5037888]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2013-6-12 32688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-7-29 1342064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-10-20 121416]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2013-6-12 32688]
S3 NVFLASH;NVFLASH;C:\Windows\System32\drivers\nvflash.sys [2012-10-27 15168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-11-24 31800]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-10-27 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-27 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\System32\drivers\CM10864.sys [2012-7-29 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 lxdx_device;lxdx_device;C:\Windows\System32\lxdxcoms.exe -service --> C:\Windows\System32\lxdxcoms.exe -service [?]
.
=============== Created Last 30 ================
.
2014-07-01 16:11:09 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42D5BE57-0D96-4636-B7EA-5F5A2D7CBFD8}\mpengine.dll
2014-06-30 16:12:28 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-29 01:40:49 76152 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-06-28 10:58:36 -------- d-----w- C:\Program Files\iPod
2014-06-28 10:58:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-28 10:58:35 -------- d-----w- C:\Program Files\iTunes
2014-06-28 10:58:35 -------- d-----w- C:\Program Files (x86)\iTunes
2014-06-28 10:56:20 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-06-28 10:56:19 822384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-06-28 10:56:19 1022576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-06-28 10:33:38 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-26 22:11:29 -------- d-----w- C:\ProgramData\Sophos
2014-06-26 22:11:28 73728 ----a-r- C:\Users\Shiv\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-06-26 22:11:28 73728 ----a-r- C:\Users\Shiv\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-06-26 22:11:28 73728 ----a-r- C:\Users\Shiv\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-06-26 22:11:23 -------- d-----w- C:\Program Files (x86)\Sophos
2014-06-26 21:44:59 -------- d-----w- C:\AdwCleaner
2014-06-26 02:21:10 -------- d-----w- C:\Windows\pss
2014-06-24 01:13:33 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F178244C-AED0-4EF7-B346-0F9C66E70F9E}\gapaengine.dll
2014-06-22 01:16:30 -------- d-----w- C:\Program Files (x86)\Popcorn Time
2014-06-16 15:38:45 -------- d-----w- C:\Users\Shiv\AppData\Local\d2mp
2014-06-10 23:52:26 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-03 01:16:47 8144 ----a-w- C:\Users\Shiv\AppData\Roaming\TheHunterSettings_live.bin
2014-06-03 01:15:56 -------- d-----w- C:\Users\Shiv\AppData\Roaming\theHunter
2014-06-03 01:15:56 -------- d-----w- C:\Users\Shiv\AppData\Local\theHunter
2014-06-03 01:13:25 -------- d-----w- C:\Users\Shiv\AppData\Roaming\theHunterSteam
2014-06-03 01:13:25 -------- d-----w- C:\ProgramData\Hunter
.
==================== Find3M  ====================
.
2014-06-30 01:31:48 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-06-29 01:40:11 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-06-28 21:37:12 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-06-28 10:30:40 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-28 10:30:40 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-17 21:57:03 107040 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-24 02:47:54 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-05-24 02:46:15 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-24 02:46:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-24 02:46:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-05-24 02:45:26 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-24 01:26:54 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-24 01:25:52 2862080 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-24 01:25:49 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-24 01:25:49 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-24 01:03:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-24 00:13:44 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-05-24 00:06:55 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-05-20 22:53:31 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-15 14:03:48 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-12 05:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 05:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-05 14:03:40 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-05 14:03:40 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-05 14:03:40 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-05 14:03:40 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-05 14:03:39 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-26 21:46:54 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 23:41:49,08 ===============
 

Attached Files


Edited by Boubie, 01 July 2014 - 04:42 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:56 PM

Posted 01 July 2014 - 11:50 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#3 Boubie

Boubie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 02 July 2014 - 07:10 AM

Hello Georgi and thank you for you help.

Here is what you requested ;
FRST.txt :
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Shiv (administrator) on SHIV-PC on 02-07-2014 14:07:43
Running from F:\
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) C:\Jeux\_Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Shiv\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Popcorn Time\Popcorn-Time.exe
() C:\Program Files (x86)\Popcorn Time\Popcorn-Time.exe
() C:\Program Files (x86)\Popcorn Time\Popcorn-Time.exe
(BitTorrent Inc.) C:\Users\Shiv\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Cm108Sound] => C:\Windows\Syswow64\cm108.dll [8757248 2010-10-13] (C-Media Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-05] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Run: [Steam] => C:\Jeux\_Steam\steam.exe [1753280 2014-06-30] (Valve Corporation)
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17416880 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Run: [uTorrent] => C:\Users\Shiv\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-01] (BitTorrent Inc.)
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2915968 2013-10-10] (Locktime Software)
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Run: [MusicManager] => C:\Users\Shiv\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Run: [Google Update] => C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-29] (Google Inc.)
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shiv\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  0Cloudfogger -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2143.dll No File
ShellIconOverlayIdentifiers:  1Cloudfogger -> {14A3EC74-D852-416A-9691-AC3096EE1953} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2143.dll No File
ShellIconOverlayIdentifiers:  2Cloudfogger -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2143.dll No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32:  0Cloudfogger -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll No File
ShellIconOverlayIdentifiers-x32:  1Cloudfogger -> {14A3EC74-D852-416A-9691-AC3096EE1953} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll No File
ShellIconOverlayIdentifiers-x32:  2Cloudfogger -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => F:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => F:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => F:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => F:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => F:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 218.213.104.17:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5C33715B62C1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Shiv\AppData\Roaming\Mozilla\Firefox\Profiles\5rv07yj9.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - F:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - F:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.1.5.3 - C:\Users\Shiv\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Shiv\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Shiv\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shiv\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Adblock Plus - C:\Users\Shiv\AppData\Roaming\Mozilla\Firefox\Profiles\5rv07yj9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-18]
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Shiv\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Shiv\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Shiv\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Users\Shiv\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (UndoCloseTab) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoafanmgjplfjeiabopkembipjbpnac [2012-07-29]
CHR Extension: (Angry Birds) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-07-29]
CHR Extension: (WOT) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2012-07-29]
CHR Extension: (YouTube) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-29]
CHR Extension: (Adblock Plus) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-14]
CHR Extension: (Recherche Google) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-29]
CHR Extension: (Right Inbox for Gmail™) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpkagjioagefjghnmfcfdcdedmjmonl [2012-11-12]
CHR Extension: (Session Buddy) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-06-11]
CHR Extension: (Gmail hors connexion) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2012-07-29]
CHR Extension: (HTTPS Everywhere) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-08-09]
CHR Extension: (FoxyProxy Standard) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-10-30]
CHR Extension: (AdBlock) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-29]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2012-07-29]
CHR Extension: (Google Play Music) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2012-12-14]
CHR Extension: (CouponsHelper) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpeepoceboiddajjkgdccddjkmmiigdh [2014-05-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-10-01]
CHR Extension: (Tracking Token Stripper) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpnkledgcbobhkgimpbmejgockkplob [2012-07-29]
CHR Extension: (TweetDeck Launcher) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2012-07-29]
CHR Extension: (Visual Hashing) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkoelcpcjjehbjcchcbddggjmphfaiie [2012-07-29]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-04-05]
CHR Extension: (Ghostery) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-21]
CHR Extension: (Google Play Books) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2012-07-29]
CHR Extension: (Project Naptha) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2014-04-23]
CHR Extension: (Save to Pocket) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-05-12]
CHR Extension: (Google Wallet) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Hover Zoom) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2012-07-29]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2012-07-29]
CHR Extension: (Battlefield Play4Free) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-04-18]
CHR Extension: (YTshowRating) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\olohkebleofongajeodnhideeiapohgi [2012-07-29]
CHR Extension: (Gmail) - C:\Users\Shiv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-29]
CHR StartMenuInternet: Google Chrome - C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-05] (AVAST Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107040 2014-06-17] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( ) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; F:\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1851008 2013-10-10] (Locktime Software)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-29] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-28] ()
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-05] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [87472 2013-06-12] (Locktime Software)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 EIO64; system32\DRIVERS\EIO64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-02 14:07 - 2014-07-02 14:07 - 00000000 ____D () C:\FRST
2014-07-01 23:41 - 2014-07-01 23:41 - 00020212 _____ () C:\Users\Shiv\Desktop\dds.txt
2014-07-01 23:41 - 2014-07-01 23:41 - 00009983 _____ () C:\Users\Shiv\Desktop\attach.txt
2014-06-30 14:51 - 2014-06-30 14:51 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-30 14:50 - 2014-06-30 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvel Heroes Game
2014-06-29 03:40 - 2014-06-29 03:40 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-29 03:28 - 2014-06-29 03:32 - 00000000 ____D () C:\Users\Shiv\Documents\Battlefield 4 CTE
2014-06-28 13:31 - 2014-06-28 13:31 - 02247680 _____ () C:\Users\Shiv\Desktop\battlelog-web-plugins_2.4.0_144.exe
2014-06-28 12:59 - 2014-06-28 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-28 12:58 - 2014-06-28 12:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-28 12:58 - 2014-06-28 12:58 - 00000000 ____D () C:\Program Files\iTunes
2014-06-28 12:58 - 2014-06-28 12:58 - 00000000 ____D () C:\Program Files\iPod
2014-06-28 12:58 - 2014-06-28 12:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-28 12:33 - 2014-06-28 12:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 12:33 - 2014-06-28 12:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 12:33 - 2014-06-28 12:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 12:33 - 2014-06-28 12:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 12:33 - 2014-06-28 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 12:31 - 2014-06-28 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-28 12:31 - 2014-06-28 12:31 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-27 00:11 - 2014-06-27 00:11 - 00003201 _____ () C:\Users\Shiv\Desktop\Sophos Virus Removal Tool.lnk
2014-06-27 00:11 - 2014-06-27 00:11 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-06-27 00:11 - 2014-06-27 00:11 - 00000000 ____D () C:\ProgramData\Sophos
2014-06-27 00:11 - 2014-06-27 00:11 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-06-27 00:06 - 2014-06-27 00:07 - 02953520 _____ (AVAST Software) C:\Users\Shiv\Desktop\avast-browser-cleanup.exe
2014-06-27 00:05 - 2014-06-27 00:10 - 90736032 _____ (Sophos Limited) C:\Users\Shiv\Desktop\Sophos Virus Removal Tool.exe
2014-06-26 23:48 - 2014-05-21 00:33 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140626-234859.backup
2014-06-26 23:44 - 2014-06-26 23:51 - 00000000 ____D () C:\AdwCleaner
2014-06-26 23:44 - 2014-06-26 23:44 - 01342659 _____ () C:\Users\Shiv\Desktop\adwcleaner_3.213.exe
2014-06-26 04:21 - 2014-06-26 04:21 - 00000000 ____D () C:\Windows\pss
2014-06-22 03:16 - 2014-06-22 03:16 - 00001994 _____ () C:\Users\Shiv\Desktop\Popcorn Time.lnk
2014-06-22 03:16 - 2014-06-22 03:16 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-06-22 03:16 - 2014-06-22 03:16 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-06-18 19:54 - 2014-06-18 19:58 - 00000000 ____D () C:\Users\Shiv\Documents\BFH.Beta
2014-06-16 17:38 - 2014-06-16 17:38 - 00000000 ____D () C:\Users\Shiv\AppData\Local\d2mp
2014-06-11 19:21 - 2014-07-01 23:31 - 00006606 _____ () C:\Windows\PFRO.log
2014-06-11 01:53 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 01:53 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 01:53 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 01:53 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 01:53 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 01:53 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 01:53 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 01:53 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 01:53 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 01:53 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 01:53 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 01:53 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 01:53 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 01:53 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 01:53 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 01:53 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 01:53 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 01:53 - 2014-05-24 02:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-11 01:53 - 2014-05-24 02:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-11 01:52 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 01:52 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 01:52 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 01:52 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 01:52 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 01:52 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 01:52 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 01:52 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 01:52 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 01:52 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 01:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 01:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 01:52 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 01:52 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 01:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 01:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 00:39 - 2014-07-02 00:36 - 00000000 ____D () C:\Users\Shiv\Desktop\PRONOS CDM 2014
2014-06-03 03:37 - 2014-06-03 03:37 - 00000099 _____ () C:\Users\Shiv\AppData\Roaming\LauncherSettings_live.cfg
2014-06-03 03:16 - 2014-06-03 03:16 - 00008144 _____ () C:\Users\Shiv\AppData\Roaming\TheHunterSettings_live.bin
2014-06-03 03:16 - 2014-06-03 03:16 - 00000000 ____D () C:\Users\Shiv\Documents\theHunter
2014-06-03 03:15 - 2014-06-03 03:15 - 00000040 _____ () C:\Users\Shiv\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-06-03 03:15 - 2014-06-03 03:15 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\theHunter
2014-06-03 03:15 - 2014-06-03 03:15 - 00000000 ____D () C:\Users\Shiv\AppData\Local\theHunter
2014-06-03 03:13 - 2014-06-03 03:13 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\theHunterSteam
2014-06-03 03:13 - 2014-06-03 03:13 - 00000000 ____D () C:\ProgramData\Hunter
 
==================== One Month Modified Files and Folders =======
 
2014-07-02 14:07 - 2014-07-02 14:07 - 00000000 ____D () C:\FRST
2014-07-02 14:06 - 2012-07-29 20:08 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\uTorrent
2014-07-02 14:02 - 2012-07-29 20:58 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Skype
2014-07-02 13:20 - 2012-10-14 22:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 13:09 - 2012-07-29 19:58 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790634764-1033600921-3248676659-1000UA.job
2014-07-02 02:16 - 2014-03-01 14:00 - 00000000 ____D () C:\Users\Shiv\AppData\Local\Popcorn-Time
2014-07-02 01:58 - 2012-07-29 19:09 - 01363725 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 00:36 - 2014-06-10 00:39 - 00000000 ____D () C:\Users\Shiv\Desktop\PRONOS CDM 2014
2014-07-02 00:09 - 2012-07-29 19:58 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790634764-1033600921-3248676659-1000Core.job
2014-07-01 23:41 - 2014-07-01 23:41 - 00020212 _____ () C:\Users\Shiv\Desktop\dds.txt
2014-07-01 23:41 - 2014-07-01 23:41 - 00009983 _____ () C:\Users\Shiv\Desktop\attach.txt
2014-07-01 23:37 - 2012-07-29 20:57 - 00745780 _____ () C:\Windows\system32\perfh00C.dat
2014-07-01 23:37 - 2012-07-29 20:57 - 00149704 _____ () C:\Windows\system32\perfc00C.dat
2014-07-01 23:37 - 2009-07-14 07:13 - 01669656 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-01 23:37 - 2009-07-14 06:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-01 23:37 - 2009-07-14 06:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-01 23:32 - 2013-10-05 02:32 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-01 23:32 - 2012-07-29 20:09 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Dropbox
2014-07-01 23:31 - 2014-06-11 19:21 - 00006606 _____ () C:\Windows\PFRO.log
2014-07-01 23:31 - 2014-05-25 01:00 - 00000336 _____ () C:\Windows\setupact.log
2014-07-01 23:31 - 2014-05-05 16:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-01 23:31 - 2014-01-24 08:12 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\DropboxMaster
2014-07-01 23:31 - 2013-04-29 18:17 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-07-01 23:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-01 23:24 - 2013-12-07 03:30 - 00000000 ____D () C:\Users\Shiv\AppData\Local\Battle.net
2014-07-01 21:12 - 2013-10-30 14:40 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\foobar2000
2014-07-01 03:35 - 2012-07-29 20:15 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\SPlayer
2014-07-01 03:35 - 2012-07-29 20:15 - 00000000 ____D () C:\Program Files (x86)\SPlayer
2014-06-30 14:51 - 2014-06-30 14:51 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-30 14:51 - 2012-07-29 20:36 - 00000000 ____D () C:\Users\Shiv\Documents\My Games
2014-06-30 14:50 - 2014-06-30 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvel Heroes Game
2014-06-30 14:50 - 2014-05-24 19:52 - 00057382 _____ () C:\Windows\DirectX.log
2014-06-30 03:31 - 2012-12-13 20:14 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-30 03:30 - 2012-11-02 03:38 - 00000000 ____D () C:\ProgramData\Origin
2014-06-30 03:30 - 2012-11-02 03:38 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-29 13:51 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 04:43 - 2012-08-21 22:33 - 00007596 _____ () C:\Users\Shiv\AppData\Local\Resmon.ResmonCfg
2014-06-29 03:40 - 2014-06-29 03:40 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-29 03:40 - 2012-12-13 20:14 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-29 03:32 - 2014-06-29 03:28 - 00000000 ____D () C:\Users\Shiv\Documents\Battlefield 4 CTE
2014-06-28 23:37 - 2012-12-13 20:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-28 13:31 - 2014-06-28 13:31 - 02247680 _____ () C:\Users\Shiv\Desktop\battlelog-web-plugins_2.4.0_144.exe
2014-06-28 13:31 - 2013-10-29 20:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-28 12:59 - 2014-06-28 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-28 12:58 - 2014-06-28 12:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-28 12:58 - 2014-06-28 12:58 - 00000000 ____D () C:\Program Files\iTunes
2014-06-28 12:58 - 2014-06-28 12:58 - 00000000 ____D () C:\Program Files\iPod
2014-06-28 12:58 - 2014-06-28 12:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-28 12:56 - 2014-04-18 16:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-28 12:33 - 2014-06-28 12:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 12:33 - 2014-06-28 12:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 12:33 - 2014-06-28 12:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 12:33 - 2014-06-28 12:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 12:33 - 2014-06-28 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 12:31 - 2014-06-28 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-28 12:31 - 2014-06-28 12:31 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-28 12:30 - 2012-10-14 22:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-28 12:30 - 2012-07-29 20:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 12:30 - 2012-07-29 20:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-27 00:11 - 2014-06-27 00:11 - 00003201 _____ () C:\Users\Shiv\Desktop\Sophos Virus Removal Tool.lnk
2014-06-27 00:11 - 2014-06-27 00:11 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-06-27 00:11 - 2014-06-27 00:11 - 00000000 ____D () C:\ProgramData\Sophos
2014-06-27 00:11 - 2014-06-27 00:11 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-06-27 00:10 - 2014-06-27 00:05 - 90736032 _____ (Sophos Limited) C:\Users\Shiv\Desktop\Sophos Virus Removal Tool.exe
2014-06-27 00:07 - 2014-06-27 00:06 - 02953520 _____ (AVAST Software) C:\Users\Shiv\Desktop\avast-browser-cleanup.exe
2014-06-26 23:51 - 2014-06-26 23:44 - 00000000 ____D () C:\AdwCleaner
2014-06-26 23:45 - 2014-03-30 00:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-26 23:44 - 2014-06-26 23:44 - 01342659 _____ () C:\Users\Shiv\Desktop\adwcleaner_3.213.exe
2014-06-26 22:46 - 2013-12-18 13:57 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-26 22:46 - 2013-12-18 13:57 - 00001093 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-26 04:21 - 2014-06-26 04:21 - 00000000 ____D () C:\Windows\pss
2014-06-26 04:02 - 2012-07-30 19:48 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Mumble
2014-06-26 04:00 - 2012-09-20 19:35 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-06-23 00:04 - 2012-07-29 19:58 - 00004046 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1790634764-1033600921-3248676659-1000UA
2014-06-23 00:04 - 2012-07-29 19:58 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1790634764-1033600921-3248676659-1000Core
2014-06-22 18:48 - 2012-10-28 14:35 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\VistaAudio
2014-06-22 03:16 - 2014-06-22 03:16 - 00001994 _____ () C:\Users\Shiv\Desktop\Popcorn Time.lnk
2014-06-22 03:16 - 2014-06-22 03:16 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-06-22 03:16 - 2014-06-22 03:16 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-06-19 17:24 - 2012-12-09 16:34 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\TS3Client
2014-06-19 15:05 - 2012-12-09 16:33 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-19 04:24 - 2013-06-08 14:51 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Cloudfogger
2014-06-18 19:58 - 2014-06-18 19:54 - 00000000 ____D () C:\Users\Shiv\Documents\BFH.Beta
2014-06-18 16:38 - 2014-03-01 14:00 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Popcorn Time
2014-06-18 16:33 - 2012-12-04 22:05 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
2014-06-18 16:33 - 2012-12-04 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2014-06-18 16:31 - 2013-04-09 21:06 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-18 16:30 - 2013-03-03 22:47 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-06-18 16:29 - 2012-07-29 21:37 - 00000000 ____D () C:\Program Files (x86)\adslTV
2014-06-17 23:57 - 2014-05-19 19:42 - 00107040 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-06-16 17:38 - 2014-06-16 17:38 - 00000000 ____D () C:\Users\Shiv\AppData\Local\d2mp
2014-06-16 17:38 - 2014-05-26 00:50 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\D2MP
2014-06-12 00:18 - 2013-10-06 12:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-11 19:21 - 2012-07-30 05:05 - 00000000 ____D () C:\Windows\Panther
2014-06-11 19:20 - 2014-04-23 03:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 02:00 - 2013-10-30 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 01:58 - 2012-07-29 20:18 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 01:56 - 2012-11-26 19:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-08 11:13 - 2014-06-11 01:52 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 01:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 22:00 - 2014-05-30 23:05 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\Nidhogg
2014-06-03 03:37 - 2014-06-03 03:37 - 00000099 _____ () C:\Users\Shiv\AppData\Roaming\LauncherSettings_live.cfg
2014-06-03 03:16 - 2014-06-03 03:16 - 00008144 _____ () C:\Users\Shiv\AppData\Roaming\TheHunterSettings_live.bin
2014-06-03 03:16 - 2014-06-03 03:16 - 00000000 ____D () C:\Users\Shiv\Documents\theHunter
2014-06-03 03:15 - 2014-06-03 03:15 - 00000040 _____ () C:\Users\Shiv\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-06-03 03:15 - 2014-06-03 03:15 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\theHunter
2014-06-03 03:15 - 2014-06-03 03:15 - 00000000 ____D () C:\Users\Shiv\AppData\Local\theHunter
2014-06-03 03:13 - 2014-06-03 03:13 - 00000000 ____D () C:\Users\Shiv\AppData\Roaming\theHunterSteam
2014-06-03 03:13 - 2014-06-03 03:13 - 00000000 ____D () C:\ProgramData\Hunter
 
Some content of TEMP:
====================
C:\Users\Shiv\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9t_i58.dll
C:\Users\Shiv\AppData\Local\Temp\sonarinst.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-28 00:16
 
==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:56 PM

Posted 02 July 2014 - 07:33 AM

Hi Boubie, :)

 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Let me know how are things after the fix.

 
Regards,
Georgi


cXfZ4wS.png


#5 Boubie

Boubie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 02 July 2014 - 07:39 AM

Hello again Georgi,

here's the FIX log :
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by Shiv at 2014-07-02 14:37:49 Run:1
Running from C:\Users\Shiv\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
ProxyServer: 218.213.104.17:8080
SearchScopes: HKLM-x32 - DefaultScope value is missing.
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\Users\Shiv\Desktop\AI.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Shiv\Desktop\AI.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Shiv\Desktop\CI1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Shiv\Desktop\CI1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Shiv\Desktop\CI2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Shiv\Desktop\CI2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Shiv\Desktop\eau.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Shiv\Desktop\eau.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Shiv\Desktop\livret famille.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Shiv\Desktop\livret famille.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Shiv\Desktop\RIB.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Shiv\Desktop\RIB.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
end
*****************
 
HKU\S-1-5-21-1790634764-1033600921-3248676659-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
catchme => Service deleted successfully.
C:\Users\Shiv\Desktop\AI.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Shiv\Desktop\AI.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Shiv\Desktop\CI1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Shiv\Desktop\CI1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Shiv\Desktop\CI2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Shiv\Desktop\CI2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Shiv\Desktop\eau.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Shiv\Desktop\eau.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Shiv\Desktop\livret famille.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Shiv\Desktop\livret famille.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Shiv\Desktop\RIB.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Shiv\Desktop\RIB.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
 
==== End of Fixlog ====


I can't reboot right now to see if it worked, but i'll do it in a couple of hours max, and i'll come by to tell you if it worked or not !
Thank you !


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:56 PM

Posted 02 July 2014 - 07:42 AM

Ok Boubie, please keep me updated when possible. :thumbup2:

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Boubie

Boubie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 02 July 2014 - 08:28 AM

Hey, it worked!
No more popup at the startup.

Thanks a lot for your quick and effective help !
Cheers.



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:56 PM

Posted 02 July 2014 - 08:39 AM

Hi Boubie,

 

You're more than welcome! :)

I am glad I could help.

Take care!
 

 

Regards,

Georgi


cXfZ4wS.png


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:56 PM

Posted 04 July 2014 - 12:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users