Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gameharbour.org pop up on startup, can't remove it


  • This topic is locked This topic is locked
6 replies to this topic

#1 harrietfriend

harrietfriend

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 12 September 2014 - 03:17 AM

Everytime I startup my computer my internet browser (mozilla firefox) starts up and loads the website 'www.gameharbour.org'. I have tried scanning with AVG/Malware Bytes and even tried to restore my computer to a different point and it still pops up, I can't get rid of it.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Harriet at 9:08:18 on 2014-09-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3948.1858 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Harriet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
uRun: [Spotify Web Helper] "C:\Users\Harriet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A8B5FCA8-A7E2-4E3D-8BDE-FD89954CC5B9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A8B5FCA8-A7E2-4E3D-8BDE-FD89954CC5B9}\230237F6574786669656C64637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A8B5FCA8-A7E2-4E3D-8BDE-FD89954CC5B9}\25F69716C602F416B602D2027457563747 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A8B5FCA8-A7E2-4E3D-8BDE-FD89954CC5B9}\35B4959383446373 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A8B5FCA8-A7E2-4E3D-8BDE-FD89954CC5B9}\45275676F6E6765656675637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A8B5FCA8-A7E2-4E3D-8BDE-FD89954CC5B9}\7475E454456363 : DHCPNameServer = 192.168.88.1
TCP: Interfaces\{A8B5FCA8-A7E2-4E3D-8BDE-FD89954CC5B9}\8416272796564702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{A8B5FCA8-A7E2-4E3D-8BDE-FD89954CC5B9}\F42377962756C6563737333463531444 : DHCPNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\p24hd4gj.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-1-29 50976]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-13 317440]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-1-14 74840]
.
=============== Created Last 30 ================
.
2014-09-12 07:59:45    --------    d-----w-    C:\Users\Harriet\AppData\Roaming\AVG2015
2014-09-12 07:58:29    --------    d-----w-    C:\Users\Harriet\AppData\Local\Avg2014
2014-09-12 07:57:08    --------    d-----w-    C:\ProgramData\AVG2015
2014-09-12 07:53:32    --------    d-----w-    C:\Users\Harriet\AppData\Local\Avg2015
2014-09-11 12:09:51    --------    d-----w-    C:\ProgramData\EA Core
2014-09-11 10:09:14    --------    d-----w-    C:\Users\Harriet\AppData\Local\Adobe
2014-09-11 09:35:08    --------    d-----w-    C:\Users\Harriet\AppData\Local\VS Revo Group
2014-09-11 09:34:47    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-09-11 09:34:44    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2014-09-11 09:34:40    --------    d-----w-    C:\Program Files\VS Revo Group
2014-09-11 09:22:23    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-11 09:21:25    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-11 09:21:25    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-09-11 09:21:25    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-11 08:10:26    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 08:10:26    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 08:07:53    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 08:07:53    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-11 08:07:26    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-11 08:07:25    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 08:05:00    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-11 08:05:00    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-11 08:05:00    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-11 08:05:00    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-11 08:05:00    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-11 07:58:29    3977496    ----a-w-    C:\Windows\System32\d3dx9_31.dll
2014-09-11 07:58:29    2414360    ----a-w-    C:\Windows\SysWow64\d3dx9_31.dll
2014-09-10 11:32:52    --------    d-----w-    C:\Program Files (x86)\Microsoft WSE
2014-09-10 10:03:26    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-09-10 10:03:26    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 19:21:42    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2014-09-05 19:21:41    447752    ----a-w-    C:\Windows\SysWow64\vp6vfw.dll
2014-09-04 22:07:15    --------    d-----w-    C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-04 21:44:49    --------    d-----w-    C:\Program Files (x86)\Origin Games
2014-09-04 21:42:16    4178264    ----a-w-    C:\Windows\SysWow64\D3DX9_41.dll
2014-09-04 21:42:15    22360    ----a-w-    C:\Windows\SysWow64\X3DAudio1_6.dll
2014-09-04 21:42:14    81768    ----a-w-    C:\Windows\SysWow64\xinput1_3.dll
2014-09-04 21:32:56    --------    d-----w-    C:\Users\Harriet\AppData\Roaming\Origin
2014-09-04 21:32:54    --------    d-----w-    C:\Users\Harriet\AppData\Local\Origin
2014-09-04 21:30:48    --------    d-----w-    C:\ProgramData\Origin
2014-09-04 21:30:47    --------    d-----w-    C:\ProgramData\Electronic Arts
2014-09-04 21:30:44    --------    d-----w-    C:\Program Files (x86)\Origin
2014-09-02 12:02:47    40248    ----a-w-    C:\Windows\System32\TURegOpt.exe
2014-09-02 12:02:43    29496    ----a-w-    C:\Windows\System32\authuitu.dll
2014-09-02 12:02:43    25400    ----a-w-    C:\Windows\SysWow64\authuitu.dll
2014-09-02 12:01:54    --------    d-----w-    C:\Users\Harriet\AppData\Roaming\AVG
2014-09-02 12:01:54    --------    d-----w-    C:\Users\Harriet\AppData\Local\AVG
2014-09-02 12:00:12    --------    d-sh--w-    C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-09-02 12:00:00    --------    d-----w-    C:\ProgramData\AVG
2014-08-28 12:33:55    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-28 12:33:55    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-28 12:33:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-25 10:48:05    --------    d-----w-    C:\Program Files (x86)\AVG Security Toolbar
2014-08-25 10:48:01    --------    d-----w-    C:\ProgramData\Avg_Update_0814tb
2014-08-20 20:45:10    243480    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-08-15 23:43:52    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-15 23:43:52    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-15 23:43:52    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-15 23:43:52    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-15 23:43:50    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-15 23:43:50    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-15 23:43:07    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 23:43:07    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-15 12:02:01    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-08-15 12:02:01    2363392    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-08-15 12:02:00    1941504    ----a-w-    C:\Windows\System32\authui.dll
2014-08-15 12:00:33    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 12:00:33    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
.
==================== Find3M  ====================
.
2014-09-11 08:16:07    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-11 08:16:07    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-11 08:15:37    17328816    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-15 11:43:04    50976    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-08-06 20:39:52    123672    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-07-25 01:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 13:06:36    247576    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-18 14:53:26    313624    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 08:58:24    270616    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-06-18 20:03:34    190744    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-06-18 20:03:34    153368    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-06-18 20:03:20    31512    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH:  9:10:13.46 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 12 September 2014 - 05:12 AM

Hi,

please run FRST:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 harrietfriend

harrietfriend
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 12 September 2014 - 05:21 AM

Thank you, here we go :)

 

Attached Files



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 12 September 2014 - 05:28 AM

Hi,

does this fix solve the problem?


Please download this attached Attached File  fixlist.txt   149bytes   36 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 harrietfriend

harrietfriend
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 12 September 2014 - 05:37 AM

Yes it worked, thank you so much!! Here is the contents of the Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Harriet at 2014-09-12 11:30:06 Run:1
Running from C:\Users\Harriet\Documents
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-51717229-2726581575-2246079163-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************

HKU\S-1-5-21-51717229-2726581575-2246079163-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 1.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 12 September 2014 - 05:43 AM

Great. Update Adobe Reader and that's it.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 19 September 2014 - 03:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users