Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

extendedunlimited.org/gameharbor.org redirect on startup


  • This topic is locked This topic is locked
8 replies to this topic

#1 otherblog

otherblog

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 11 September 2014 - 10:32 AM

Hi, can someone help me with my problem? I think I may have downloaded something with some adware in it which is causing my computer to boot up chrome and immediately bring me to a webpage called either extendudunlimited.org and/or gameharbor.org. It's driving me nuts. How do I get rid of it? I've seen about 2 other posts here relating to my topic, though I followed the instructions, they did not help much. Here is my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Gwen (administrator) on GWEN-PC on 11-09-2014 23:29:41
Running from C:\Users\Gwen\Desktop\FRST
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\Gwen\AppData\Roaming\uTorrent\uTorrent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Google Inc.) C:\Users\Gwen\AppData\Local\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) D:\AVG Free\avgui.exe
(Google Inc.) C:\Users\Gwen\AppData\Local\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) D:\AVG Free\avgwdsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Users\Gwen\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Gwen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gwen\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => D:\AVG Free\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1210683931-3486519319-3182221191-1000\...\Run: [Google Update] => C:\Users\Gwen\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-30] (Google Inc.)
HKU\S-1-5-21-1210683931-3486519319-3182221191-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-1210683931-3486519319-3182221191-1000\...\Run: [uTorrent] => C:\Users\Gwen\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-09-03] (BitTorrent Inc.)
HKU\S-1-5-21-1210683931-3486519319-3182221191-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1210683931-3486519319-3182221191-1000\...\MountPoints2: F - F:\AUTOSTUB.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x909153C7226ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gwen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gwen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gwen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> DEDF18B6404D446DDE12DBCA4616D2EF97C5ECDC03AC3BCA03B610A7652194EE
CHR DefaultSearchURL: Default -> 3E4D6BEEA066BBF02FDCCB18F321AEC5D9826B912D115EDE8BEF20476BF11501
CHR Profile: C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-30]
CHR Extension: (Google Search) - C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-30]
CHR Extension: (Google Wallet) - C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; D:\AVG Free\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\AVG Free\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-11] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-30] (Duplex Secure Ltd.)
U3 a78ix554; C:\Windows\System32\Drivers\a78ix554.sys [0 ] (Advanced Micro Devices)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 23:09 - 2014-09-11 23:29 - 00000000 ____D () C:\Users\Gwen\Desktop\FRST
2014-09-11 22:58 - 2014-09-11 23:29 - 00000000 ____D () C:\FRST
2014-09-11 22:36 - 2014-09-11 23:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 22:36 - 2014-09-11 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 22:36 - 2014-09-11 22:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 22:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-11 22:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-11 22:36 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 22:08 - 2014-09-11 22:20 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-11 13:34 - 2014-09-11 13:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 20:08 - 2014-09-10 20:10 - 00000000 ____D () C:\Users\Gwen\Desktop\Master Listing
2014-09-10 20:05 - 2014-09-10 20:07 - 00000000 ____D () C:\Users\Gwen\Desktop\Esah Listings
2014-09-10 19:48 - 2014-09-10 19:51 - 00000000 ____D () C:\Users\Gwen\Desktop\2 Hampshire 3321sf 3r4b 2 car Daniyar
2014-09-10 19:45 - 2014-09-10 19:51 - 00000000 ____D () C:\Users\Gwen\Desktop\Fairlane 926sf FF RM5.5 Thamesa
2014-09-10 19:41 - 2014-09-10 19:51 - 00000000 ____D () C:\Users\Gwen\Desktop\2 Hampshire  13a-2 2356sf 900 psf  Thamesa
2014-09-10 19:29 - 2014-09-10 19:30 - 00000000 ____D () C:\Users\Gwen\Desktop\PAVILION PROPERTY
2014-09-10 16:13 - 2014-09-10 16:14 - 00000000 ____D () C:\Users\Gwen\Desktop\20 Trees - Riezman 1.3M
2014-09-09 21:58 - 2014-09-09 21:58 - 00000000 ____D () C:\Users\Gwen\Desktop\Villa Putri
2014-09-09 20:18 - 2014-09-09 20:18 - 00000000 ____D () C:\Users\Gwen\New folder
2014-09-08 15:04 - 2014-09-08 15:05 - 00000000 ____D () C:\Users\Gwen\Desktop\Sri Putramas Royal Regent
2014-09-08 00:53 - 2014-09-08 00:54 - 00000222 _____ () C:\Users\Gwen\BullseyeCoverageError.txt
2014-09-08 00:53 - 2014-09-08 00:53 - 00000000 ____D () C:\Users\Gwen\AppData\Local\Unity
2014-09-07 00:41 - 2014-09-07 00:42 - 00000000 ____D () C:\Users\Gwen\AppData\Local\paint.net
2014-09-07 00:41 - 2014-09-07 00:41 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-09-07 00:40 - 2014-09-07 00:41 - 00000000 ____D () C:\Paint.net (DDS Editor)
2014-09-07 00:38 - 2014-09-07 00:38 - 00770088 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-07 00:29 - 2014-09-07 00:29 - 00000040 ____H () C:\EA3D695D021F
2014-09-06 02:19 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-09-06 02:19 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-09-06 02:19 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-09-06 02:19 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-09-06 02:19 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-09-06 02:19 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-09-06 02:19 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-09-06 02:19 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-09-06 02:19 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-09-06 02:19 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-09-06 02:19 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-09-06 02:17 - 2014-09-07 00:20 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll
2014-09-06 02:17 - 2014-09-07 00:20 - 00061440 _____ () C:\Windows\SysWOW64\nvPhotoshopUtil.dll
2014-09-06 02:17 - 2014-09-07 00:20 - 00040960 _____ () C:\Windows\SysWOW64\nvISWOW64.dll
2014-09-06 02:07 - 2014-09-06 02:12 - 00000000 ____D () C:\Users\Gwen\.gimp-2.8
2014-09-06 02:07 - 2014-09-06 02:07 - 00000000 ____D () C:\Users\Gwen\AppData\Local\gegl-0.2
2014-09-05 04:49 - 2014-09-05 05:22 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\Origin
2014-09-05 04:49 - 2014-09-05 04:49 - 00000000 ____D () C:\Users\Gwen\AppData\Local\Origin
2014-09-05 04:48 - 2014-09-05 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-05 04:48 - 2014-09-05 04:48 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-05 04:45 - 2014-09-11 13:53 - 00000000 ____D () C:\ProgramData\Origin
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ___HD () C:\$AVG
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\TuneUp Software
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\AVG2014
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-05 04:40 - 2014-09-11 18:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-05 04:40 - 2014-09-05 04:45 - 00000000 ____D () C:\Users\Gwen\AppData\Local\Avg2014
2014-09-05 04:40 - 2014-09-05 04:40 - 00000000 ____D () C:\Users\Gwen\AppData\Local\MFAData
2014-09-04 19:34 - 2014-09-04 19:35 - 00000000 ____D () C:\Users\Gwen\Desktop\Ukay Heights No. 25 Bungalow Mr Ho
2014-09-03 18:59 - 2014-09-03 19:08 - 00000000 ____D () C:\Users\Gwen\Desktop\Thamesa Properties
2014-09-03 17:47 - 2014-09-03 17:47 - 00000812 _____ () C:\Users\Gwen\Desktop\µTorrent.lnk
2014-09-03 17:47 - 2014-09-03 17:47 - 00000792 _____ () C:\Users\Gwen\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-03 15:54 - 2014-09-09 21:12 - 00000000 ____D () C:\Users\Gwen\Desktop\FSBO
2014-09-03 12:53 - 2014-09-03 12:54 - 00000000 ____D () C:\Users\Gwen\Desktop\Hampshire Condo - Daniyah
2014-09-02 19:28 - 2014-09-02 19:28 - 00000000 ____D () C:\Users\Gwen\Desktop\Brickfields LH 17 Jan 2111  2.3 Acres - Jordan
2014-08-28 16:44 - 2014-09-02 19:57 - 00001975 _____ () C:\Users\Gwen\Desktop\McAfee Security Scan Plus.lnk
2014-08-28 16:44 - 2014-09-02 19:57 - 00001848 _____ () C:\Users\Gwen\Desktop\Canon My Printer.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000947 _____ () C:\Users\Gwen\Desktop\Ninite Java Installer - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000783 _____ () C:\Users\Gwen\Desktop\KL Metro Group - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000747 _____ () C:\Users\Gwen\Desktop\DIGI Bills - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000714 _____ () C:\Users\Gwen\Desktop\KRISTOF - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000565 _____ () C:\Users\Gwen\Desktop\Pelabuhan Tanjung Pelepas Sdn Bhd. - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000359 _____ () C:\Users\Gwen\Desktop\Recycle Bin - Shortcut.lnk
2014-08-24 22:27 - 2014-08-24 22:27 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\3909
2014-08-24 22:27 - 2014-08-24 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-08-24 22:27 - 2014-08-24 22:27 - 00000000 ____D () C:\GOG Games
2014-08-24 21:46 - 2014-09-11 22:38 - 00000000 ____D () C:\Users\Gwen\Downloads\Gameforge Live
2014-08-24 21:46 - 2014-09-09 08:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-08-24 21:46 - 2014-08-24 21:46 - 00000000 ____D () C:\Users\Gwen\AppData\Local\Gameforge4d
2014-08-22 12:27 - 2014-08-22 12:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
2014-08-22 12:27 - 2014-08-22 12:27 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\WTablet
2014-08-22 12:27 - 2014-08-22 12:27 - 00000000 ____D () C:\Program Files\Tablet
2014-08-22 12:27 - 2014-08-22 12:27 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-08-22 12:27 - 2010-10-21 09:38 - 00756592 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.dll
2014-08-22 12:27 - 2010-10-21 09:38 - 00749936 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Touch_Tablet.dll
2014-08-22 12:27 - 2010-10-21 09:38 - 00650096 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Pen_Tablet.dll
2014-08-22 12:27 - 2010-10-21 09:38 - 00642928 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Pen_Touch_Tablet.dll
2014-08-22 12:27 - 2010-10-21 09:38 - 00600432 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2014-08-22 12:27 - 2010-10-21 09:38 - 00506736 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2014-08-22 12:27 - 2010-10-05 13:26 - 00018288 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacmoumonitor.sys
2014-08-22 12:27 - 2010-10-05 13:26 - 00016168 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomvhid.sys
2014-08-22 12:27 - 2010-10-05 13:26 - 00012848 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacommousefilter.sys
2014-08-22 12:22 - 2014-08-22 12:22 - 00000941 _____ () C:\Users\Gwen\Desktop\Adobe Photoshop CS6.lnk
2014-08-20 17:25 - 2014-08-20 17:25 - 00000000 ____D () C:\Users\Gwen\Desktop\Gurney Condo
2014-08-14 18:37 - 2014-09-02 19:30 - 00000000 ____D () C:\Users\Gwen\Desktop\Jordan Listing
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 23:29 - 2014-09-11 23:09 - 00000000 ____D () C:\Users\Gwen\Desktop\FRST
2014-09-11 23:29 - 2014-09-11 22:58 - 00000000 ____D () C:\FRST
2014-09-11 23:27 - 2012-09-30 15:37 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\uTorrent
2014-09-11 23:24 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 23:24 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 23:23 - 2014-09-11 22:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 23:17 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 23:16 - 2012-09-30 15:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 23:16 - 2009-07-14 12:51 - 00107157 _____ () C:\Windows\setupact.log
2014-09-11 23:12 - 2010-11-21 11:47 - 00360158 _____ () C:\Windows\PFRO.log
2014-09-11 23:11 - 2012-09-30 14:48 - 02073029 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 22:53 - 2012-09-30 15:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210683931-3486519319-3182221191-1000UA.job
2014-09-11 22:38 - 2014-08-24 21:46 - 00000000 ____D () C:\Users\Gwen\Downloads\Gameforge Live
2014-09-11 22:36 - 2014-09-11 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 22:36 - 2014-09-11 22:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 22:20 - 2014-09-11 22:08 - 00000000 ____D () C:\AdwCleaner
2014-09-11 18:29 - 2014-09-05 04:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 15:57 - 2014-04-11 08:05 - 00000000 ____D () C:\Users\Gwen\Desktop\KARMEN
2014-09-11 13:53 - 2014-09-05 04:45 - 00000000 ____D () C:\ProgramData\Origin
2014-09-11 13:35 - 2014-09-11 13:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 09:53 - 2012-09-30 15:34 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210683931-3486519319-3182221191-1000Core.job
2014-09-10 20:11 - 2013-09-16 10:25 - 00000000 ____D () C:\Users\Gwen\Desktop\JANN DOCS
2014-09-10 20:10 - 2014-09-10 20:08 - 00000000 ____D () C:\Users\Gwen\Desktop\Master Listing
2014-09-10 20:09 - 2014-06-13 14:29 - 00000000 ____D () C:\Users\Gwen\Desktop\Projects
2014-09-10 20:08 - 2014-05-14 12:34 - 00000000 ____D () C:\Users\Gwen\Desktop\Gwen Land Listings
2014-09-10 20:07 - 2014-09-10 20:05 - 00000000 ____D () C:\Users\Gwen\Desktop\Esah Listings
2014-09-10 20:07 - 2012-10-02 17:24 - 00000000 ____D () C:\Users\Gwen\Desktop\Condos
2014-09-10 20:06 - 2013-05-15 19:06 - 00000000 ____D () C:\Users\Gwen\Desktop\Vincent Land
2014-09-10 20:05 - 2014-06-13 14:34 - 00000000 ____D () C:\Users\Gwen\Desktop\Developers
2014-09-10 20:05 - 2012-10-02 17:38 - 00000000 ____D () C:\Users\Gwen\Desktop\House
2014-09-10 20:04 - 2014-02-20 10:55 - 00000000 ____D () C:\Users\Gwen\Desktop\Kenneth Listings
2014-09-10 20:03 - 2013-12-02 00:21 - 00000000 ____D () C:\Users\Gwen\Desktop\Office Building and Space
2014-09-10 20:01 - 2013-05-23 19:07 - 00000000 ____D () C:\Users\Gwen\Desktop\James Land Listing
2014-09-10 19:57 - 2014-07-27 08:44 - 00000000 ____D () C:\Users\Gwen\Desktop\St Regis Residence
2014-09-10 19:53 - 2012-10-02 17:45 - 00000000 ____D () C:\Users\Gwen\Desktop\Shell Docs
2014-09-10 19:51 - 2014-09-10 19:48 - 00000000 ____D () C:\Users\Gwen\Desktop\2 Hampshire 3321sf 3r4b 2 car Daniyar
2014-09-10 19:51 - 2014-09-10 19:45 - 00000000 ____D () C:\Users\Gwen\Desktop\Fairlane 926sf FF RM5.5 Thamesa
2014-09-10 19:51 - 2014-09-10 19:41 - 00000000 ____D () C:\Users\Gwen\Desktop\2 Hampshire  13a-2 2356sf 900 psf  Thamesa
2014-09-10 19:30 - 2014-09-10 19:29 - 00000000 ____D () C:\Users\Gwen\Desktop\PAVILION PROPERTY
2014-09-10 16:14 - 2014-09-10 16:13 - 00000000 ____D () C:\Users\Gwen\Desktop\20 Trees - Riezman 1.3M
2014-09-09 21:58 - 2014-09-09 21:58 - 00000000 ____D () C:\Users\Gwen\Desktop\Villa Putri
2014-09-09 21:13 - 2013-12-02 01:15 - 00000000 ____D () C:\Users\Gwen\Desktop\Clients Name Card
2014-09-09 21:12 - 2014-09-03 15:54 - 00000000 ____D () C:\Users\Gwen\Desktop\FSBO
2014-09-09 20:18 - 2014-09-09 20:18 - 00000000 ____D () C:\Users\Gwen\New folder
2014-09-09 20:18 - 2012-09-30 14:47 - 00000000 ____D () C:\Users\Gwen
2014-09-09 08:00 - 2014-08-24 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-09-08 15:06 - 2014-03-17 15:13 - 00000000 ____D () C:\Users\Gwen\Desktop\Lim Family Photos
2014-09-08 15:06 - 2014-03-17 14:58 - 00000000 ____D () C:\Users\Gwen\Desktop\Cousin Photos
2014-09-08 15:05 - 2014-09-08 15:04 - 00000000 ____D () C:\Users\Gwen\Desktop\Sri Putramas Royal Regent
2014-09-08 00:54 - 2014-09-08 00:53 - 00000222 _____ () C:\Users\Gwen\BullseyeCoverageError.txt
2014-09-08 00:53 - 2014-09-08 00:53 - 00000000 ____D () C:\Users\Gwen\AppData\Local\Unity
2014-09-07 00:42 - 2014-09-07 00:41 - 00000000 ____D () C:\Users\Gwen\AppData\Local\paint.net
2014-09-07 00:41 - 2014-09-07 00:41 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-09-07 00:41 - 2014-09-07 00:40 - 00000000 ____D () C:\Paint.net (DDS Editor)
2014-09-07 00:38 - 2014-09-07 00:38 - 00770088 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-07 00:38 - 2009-07-14 13:13 - 00794600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-07 00:29 - 2014-09-07 00:29 - 00000040 ____H () C:\EA3D695D021F
2014-09-07 00:22 - 2012-09-30 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-07 00:22 - 2012-09-30 15:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-07 00:20 - 2014-09-06 02:17 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll
2014-09-07 00:20 - 2014-09-06 02:17 - 00061440 _____ () C:\Windows\SysWOW64\nvPhotoshopUtil.dll
2014-09-07 00:20 - 2014-09-06 02:17 - 00040960 _____ () C:\Windows\SysWOW64\nvISWOW64.dll
2014-09-07 00:17 - 2013-05-20 23:23 - 00000000 ____D () C:\Program Files\Picture Resize
2014-09-06 02:18 - 2012-09-30 14:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-06 02:12 - 2014-09-06 02:07 - 00000000 ____D () C:\Users\Gwen\.gimp-2.8
2014-09-06 02:07 - 2014-09-06 02:07 - 00000000 ____D () C:\Users\Gwen\AppData\Local\gegl-0.2
2014-09-05 05:22 - 2014-09-05 04:49 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\Origin
2014-09-05 04:49 - 2014-09-05 04:49 - 00000000 ____D () C:\Users\Gwen\AppData\Local\Origin
2014-09-05 04:48 - 2014-09-05 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-05 04:48 - 2014-09-05 04:48 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-05 04:45 - 2014-09-05 04:40 - 00000000 ____D () C:\Users\Gwen\AppData\Local\Avg2014
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ___HD () C:\$AVG
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\TuneUp Software
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\AVG2014
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 04:42 - 2014-09-05 04:42 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-05 04:40 - 2014-09-05 04:40 - 00000000 ____D () C:\Users\Gwen\AppData\Local\MFAData
2014-09-05 04:28 - 2012-09-30 17:29 - 00394107 _____ () C:\Windows\AutoKMS.log
2014-09-04 19:37 - 2012-10-02 17:32 - 00000000 ____D () C:\Users\Gwen\Desktop\Gwen MISC
2014-09-04 19:35 - 2014-09-04 19:34 - 00000000 ____D () C:\Users\Gwen\Desktop\Ukay Heights No. 25 Bungalow Mr Ho
2014-09-04 19:28 - 2014-03-17 15:33 - 00000000 ____D () C:\Users\Gwen\Desktop\Pesoga
2014-09-03 19:08 - 2014-09-03 18:59 - 00000000 ____D () C:\Users\Gwen\Desktop\Thamesa Properties
2014-09-03 17:47 - 2014-09-03 17:47 - 00000812 _____ () C:\Users\Gwen\Desktop\µTorrent.lnk
2014-09-03 17:47 - 2014-09-03 17:47 - 00000792 _____ () C:\Users\Gwen\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-03 15:29 - 2012-10-12 20:49 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-09-03 15:29 - 2012-10-12 17:16 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-03 12:54 - 2014-09-03 12:53 - 00000000 ____D () C:\Users\Gwen\Desktop\Hampshire Condo - Daniyah
2014-09-02 19:57 - 2014-08-28 16:44 - 00001975 _____ () C:\Users\Gwen\Desktop\McAfee Security Scan Plus.lnk
2014-09-02 19:57 - 2014-08-28 16:44 - 00001848 _____ () C:\Users\Gwen\Desktop\Canon My Printer.lnk
2014-09-02 19:57 - 2014-01-17 16:19 - 00000000 ____D () C:\Users\Gwen\Desktop\Gwen - Jann Properties
2014-09-02 19:30 - 2014-08-14 18:37 - 00000000 ____D () C:\Users\Gwen\Desktop\Jordan Listing
2014-09-02 19:28 - 2014-09-02 19:28 - 00000000 ____D () C:\Users\Gwen\Desktop\Brickfields LH 17 Jan 2111  2.3 Acres - Jordan
2014-08-29 13:53 - 2014-08-11 12:13 - 00000000 ____D () C:\Users\Gwen\Desktop\Class 77 Reunion
2014-08-28 17:46 - 2013-12-02 00:57 - 00000000 ____D () C:\Users\Gwen\Desktop\Sample TA 2014
2014-08-28 16:44 - 2014-08-28 16:44 - 00000947 _____ () C:\Users\Gwen\Desktop\Ninite Java Installer - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000783 _____ () C:\Users\Gwen\Desktop\KL Metro Group - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000747 _____ () C:\Users\Gwen\Desktop\DIGI Bills - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000714 _____ () C:\Users\Gwen\Desktop\KRISTOF - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000565 _____ () C:\Users\Gwen\Desktop\Pelabuhan Tanjung Pelepas Sdn Bhd. - Shortcut.lnk
2014-08-28 16:44 - 2014-08-28 16:44 - 00000359 _____ () C:\Users\Gwen\Desktop\Recycle Bin - Shortcut.lnk
2014-08-27 11:45 - 2012-10-02 17:46 - 00000000 ____D () C:\Users\Gwen\Desktop\Warehouse
2014-08-25 09:50 - 2014-06-24 23:32 - 00000000 ____D () C:\Users\Gwen\Desktop\DIGI Bills
2014-08-24 22:27 - 2014-08-24 22:27 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\3909
2014-08-24 22:27 - 2014-08-24 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-08-24 22:27 - 2014-08-24 22:27 - 00000000 ____D () C:\GOG Games
2014-08-24 22:27 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-24 21:46 - 2014-08-24 21:46 - 00000000 ____D () C:\Users\Gwen\AppData\Local\Gameforge4d
2014-08-22 12:27 - 2014-08-22 12:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
2014-08-22 12:27 - 2014-08-22 12:27 - 00000000 ____D () C:\Users\Gwen\AppData\Roaming\WTablet
2014-08-22 12:27 - 2014-08-22 12:27 - 00000000 ____D () C:\Program Files\Tablet
2014-08-22 12:27 - 2014-08-22 12:27 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-08-22 12:23 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-22 12:22 - 2014-08-22 12:22 - 00000941 _____ () C:\Users\Gwen\Desktop\Adobe Photoshop CS6.lnk
2014-08-20 20:04 - 2014-07-18 18:44 - 00000000 ____D () C:\Users\Gwen\Desktop\Tan & Tan Developments Bhd
2014-08-20 17:25 - 2014-08-20 17:25 - 00000000 ____D () C:\Users\Gwen\Desktop\Gurney Condo
2014-08-18 17:41 - 2014-01-19 12:13 - 00000000 ____D () C:\Users\Gwen\Desktop\KRISTOF
2014-08-18 10:37 - 2014-02-26 14:45 - 00000000 ____D () C:\Users\Gwen\Desktop\Sushi Train Matters
2014-08-14 19:11 - 2014-03-17 15:16 - 00000000 ____D () C:\Users\Gwen\Desktop\Clients Photos
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-08 12:45
 
==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:23 PM

Posted 11 September 2014 - 10:47 AM

Hello,

 

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

I will post back a fix later today (since I am at work right now). :)

 

 

Regards,

Georgi


cXfZ4wS.png


#3 otherblog

otherblog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 11 September 2014 - 11:02 AM

Thank you very much for your time, Georgi.



#4 otherblog

otherblog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 12 September 2014 - 12:10 AM

If it helps, I believe it was from me attempting to torrent the sims 4 earlier yesterday. 



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:23 PM

Posted 12 September 2014 - 03:18 AM

Hello,

 

I am sorry about the delay. Busy day at the office. :)
 
Please download the following file => [attachment=154518:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#6 otherblog

otherblog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 12 September 2014 - 05:53 AM

Hello again,
 
Here are the contents of the fixlog.txt
 
Thank you! 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Gwen at 2014-09-12 18:49:19 Run:4
Running from C:\Users\Gwen\Desktop\KARMEN\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
Closeprocesses:
HKU\S-1-5-21-1210683931-3486519319-3182221191-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
File: C:\EA3D695D021F
Folder: C:\Users\Gwen\AppData\Roaming\3909
emptytemp:
end
*****************
 
Processes closed successfully.
HKU\S-1-5-21-1210683931-3486519319-3182221191-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
 
========================= File: C:\EA3D695D021F ========================
 
MD5: 7F27F64861FEDABBCB02C03B2C7F04AE
Creation and modification date: 2014-09-07 00:29 - 2014-09-07 00:29
Size: 0000040
Attributes: ---AH
Company Name: 
Internal Name: 
Original Name: 
Product Name: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End Of File: ======
 
 
========================= Folder: C:\Users\Gwen\AppData\Roaming\3909 ========================
 
2014-08-24 22:27 - 2014-08-28 00:51 - 0000000 ____D () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease
2014-08-24 22:35 - 2014-08-28 00:23 - 0006632 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\headers.sav
2014-08-24 22:59 - 2014-08-28 00:51 - 0000072 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\names.sav
2014-08-27 23:22 - 2014-08-27 23:22 - 0006176 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_1HGU8MHTV5DV4DNTXSQVK0D913B2W19B.sav
2014-08-27 22:32 - 2014-08-27 22:32 - 0004848 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_1PREGJ8M2LXDNKP1BC4C8GW3UEJJ4TIM.sav
2014-08-27 21:43 - 2014-08-27 21:43 - 0004088 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_1ZY5Q2NC7G4L10H2V5F8JRF8PFL1PYJC.sav
2014-08-27 22:27 - 2014-08-27 22:27 - 0004736 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_32WEJ7UELLM4RZSCSLQO6FEE6OAKLGJF.sav
2014-08-24 22:39 - 2014-08-24 22:39 - 0001824 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_5ZT9RWWUSWF3DKWD90PI2J1MNL222W4R.sav
2014-08-27 21:12 - 2014-08-27 21:12 - 0003080 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_72A8TXC8RMREN2ZYEOMTS3E9CVZXGGDU.sav
2014-08-26 23:05 - 2014-08-26 23:05 - 0002672 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_7C001J18OPDUSR0QY4BX6M5FJQ5RAVHB.sav
2014-08-27 23:04 - 2014-08-27 23:04 - 0005976 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_8FSD6810JAEU7BEBVBC4M9JAIJHER6K6.sav
2014-08-27 22:42 - 2014-08-27 22:42 - 0004992 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_A3ZVSB12UVDGT3T6DIHAU2HQ6LXHXIWR.sav
2014-08-24 22:45 - 2014-08-24 22:45 - 0001832 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_BHRP7WXZDHQXH7FVULUN1O4ZXYYCSUMU.sav
2014-08-27 23:37 - 2014-08-27 23:37 - 0006504 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_BNTT4YQSEJ9VSGS9MOVINXZTXRK0X0DC.sav
2014-08-27 21:53 - 2014-08-27 21:53 - 0004208 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_BO0RQH7CYWFJL5KYWJD67NUFSRCVXROV.sav
2014-08-27 21:37 - 2014-08-27 21:37 - 0003808 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_C4V0FMLU59BQX2D37BRX0SROO4W92Q6L.sav
2014-08-27 22:01 - 2014-08-27 22:01 - 0004384 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_DF6YK5CP4QYXCHYMBY0MNOSPK8SMFJBO.sav
2014-08-27 22:55 - 2014-08-27 22:55 - 0005808 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_F0C8HWSX6YGUWX56HSJG7J6Y5526PTBX.sav
2014-08-28 00:04 - 2014-08-28 00:04 - 0007136 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_I8CT61GBXHB08ZEBRWMWCYV88TXBK4IQ.sav
2014-08-27 23:32 - 2014-08-27 23:32 - 0006352 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_IQFHLWQUPG8EKGJ9W2D9GRLO5PJ7F7L7.sav
2014-08-26 23:00 - 2014-08-26 23:00 - 0002576 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_KFRANYA75YKWABF37ACNVDRRK8ELAW1A.sav
2014-08-27 22:12 - 2014-08-27 22:12 - 0004400 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_ON7TF8QM31QN6BSCUWST1DZJGE9B5BPL.sav
2014-08-24 22:58 - 2014-08-24 22:58 - 0002200 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_Q8ND1CVB1INHTJ41R3JITK7MWTG9QG5X.sav
2014-08-27 23:53 - 2014-08-27 23:53 - 0006984 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_QIEKB6FHEYQ00XULZMQO277NH5A5G79I.sav
2014-08-27 23:12 - 2014-08-27 23:12 - 0006104 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_QN958BSJUHJWVT4RSGA5MTUKQY8FRTYH.sav
2014-08-27 22:18 - 2014-08-27 22:18 - 0004520 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_QRQ683OJRGF7U7JDF63LJVGGWX7V8R79.sav
2014-08-27 21:22 - 2014-08-27 21:22 - 0003456 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_QV47UEBDPD48I84JYGDL1QH3B9WZDEFQ.sav
2014-08-27 22:48 - 2014-08-27 22:48 - 0005520 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_SRDMUHIPVQ12V1SOJHP98HB61ROO3P29.sav
2014-08-26 23:14 - 2014-08-26 23:14 - 0002672 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_U6SY85TD0X0URQ6WM40L2NNF32AEHFBN.sav
2014-08-26 23:33 - 2014-08-26 23:33 - 0002832 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_UCG5EBRJK1VPEMPFTWXBAYZHKZVEY6L9.sav
2014-08-28 00:14 - 2014-08-28 00:14 - 0007136 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_V1T113CQTJZ3F91JT6FPFVS4UB13214X.sav
2014-08-24 22:35 - 2014-08-24 22:35 - 0001584 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_XVKE0MZHWJ0H5O2LCQ91D89P38LI4Z5M.sav
2014-08-27 23:47 - 2014-08-27 23:47 - 0006776 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_ZU3LJI3REYPS7LEZPPFLH4SZ2SFS7WLS.sav
2014-08-28 00:23 - 2014-08-28 00:23 - 0007464 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\save_ZVZ371KOHO9N4FDHACRO17XPX0U8I2HP.sav
2014-08-24 22:27 - 2014-08-28 00:51 - 0000656 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\settings.sav
2014-08-24 22:28 - 2014-08-28 00:51 - 0001088 _____ () C:\Users\Gwen\AppData\Roaming\3909\PapersPlease\stats.sav
 
====== End of Folder: ======
 
EmptyTemp: => Removed 104.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#7 otherblog

otherblog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 12 September 2014 - 06:04 AM

I rebooted my system again and the problem appears to be fixed. (ie: My Google Chrome browser is no longer redirecting itself to the aforementioned website.) though I am unsure if the problem will resurface. Let me know once you see the fixlog, thank you!



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:23 PM

Posted 12 September 2014 - 06:21 AM

Hi,

 

Yes. We removed the malicious entry.

 

Before I let you free I'd like us to scan your machine with ESET OnlineScan to be completely sure your pc is malware free.

 

STEP 1

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 2

 

 

Also let's check for outdated and vulnerable software on your pc:

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe to run it.
  • A notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:23 PM

Posted 09 October 2014 - 04:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users