Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware and Adware issues help needed


  • This topic is locked This topic is locked
13 replies to this topic

#1 willyman18

willyman18

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 29 September 2014 - 05:44 PM

i have recently been noticing ads popping up in my google chrome browser.

some are by dynamic pricer and when i use anti-malware programs they can never find the problem.

i have tried programs like malware-bytes but it detects nothing.

please advise me.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:24 PM

Posted 03 October 2014 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 03 October 2014 - 10:06 AM

# AdwCleaner v3.311 - Report created 03/10/2014 at 15:49:42
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n3ksf79.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [24200 octets] - [18/09/2014 20:17:18]
AdwCleaner[R1].txt - [1468 octets] - [19/09/2014 18:44:51]
AdwCleaner[R2].txt - [1071 octets] - [19/09/2014 18:57:46]
AdwCleaner[R3].txt - [1066 octets] - [19/09/2014 19:11:54]
AdwCleaner[R4].txt - [2319 octets] - [29/09/2014 23:01:58]
AdwCleaner[R5].txt - [1860 octets] - [01/10/2014 19:45:09]
AdwCleaner[R6].txt - [1913 octets] - [02/10/2014 21:03:37]
AdwCleaner[R7].txt - [1537 octets] - [03/10/2014 15:49:42]
AdwCleaner[S0].txt - [23035 octets] - [18/09/2014 20:19:31]
AdwCleaner[S1].txt - [2197 octets] - [19/09/2014 18:45:42]
AdwCleaner[S2].txt - [1133 octets] - [19/09/2014 18:58:41]
AdwCleaner[S3].txt - [1128 octets] - [19/09/2014 19:13:07]
AdwCleaner[S4].txt - [2396 octets] - [29/09/2014 23:04:17]
AdwCleaner[S5].txt - [1927 octets] - [01/10/2014 19:56:31]
AdwCleaner[S6].txt - [2045 octets] - [02/10/2014 21:37:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [2018 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Owner (administrator) on OWNER-PC on 03-10-2014 15:52:03
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Thorvald Natvig) C:\Program Files (x86)\Mumble\mumble.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Users\Owner\Desktop\adwcleaner_3.311.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-24] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1323007780-3890308126-38582508-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BB90B31D-DBC4-4353-9747-8CA485BEB5A7}: [NameServer] 81.218.119.15,199.203.35.75
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n3ksf79.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-30]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-30]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-30]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-30]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-30]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-24] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-08-28] (Hi-Rez Studios) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-01] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-24] (BlueStack Systems)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] (Realtek Semiconductor Corporation                           )
S3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz130; \??\C:\Users\Owner\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 15:52 - 2014-10-03 15:52 - 00016917 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-10-03 15:51 - 2014-10-03 15:52 - 00000000 ____D () C:\FRST
2014-10-03 15:48 - 2014-10-03 15:48 - 02109440 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-10-03 11:05 - 2014-10-03 11:14 - 00023074 _____ () C:\Users\Owner\Desktop\dds.txt
2014-10-03 11:05 - 2014-10-03 11:14 - 00010901 _____ () C:\Users\Owner\Desktop\attach.txt
2014-10-03 10:54 - 2014-10-03 10:54 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-10-01 22:15 - 2014-10-01 22:15 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2014-10-01 22:15 - 2014-10-01 22:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-01 21:52 - 2014-10-01 21:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 21:43 - 2014-10-01 21:43 - 01701878 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-10-01 21:43 - 2014-10-01 21:43 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-01 21:43 - 2014-10-01 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-01 21:43 - 2014-10-01 21:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-01 21:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 21:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 21:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 21:37 - 2014-10-01 21:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-01 21:31 - 2014-10-01 21:31 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2014-10-01 21:31 - 2014-10-01 21:31 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe
2014-10-01 19:44 - 2014-10-01 19:44 - 01375089 _____ () C:\Users\Owner\Desktop\adwcleaner_3.311.exe
2014-09-30 21:17 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 21:17 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 22:49 - 2014-09-29 22:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\QuickScan
2014-09-29 19:43 - 2014-09-29 19:43 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-26 19:00 - 2014-09-26 19:00 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-09-26 19:00 - 2014-09-26 19:00 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-09-26 18:58 - 2014-09-26 19:14 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-09-26 18:58 - 2014-09-26 18:58 - 13315232 _____ (BlueStack Systems Inc.) C:\Users\Owner\Downloads\BlueStacks-SplitInstaller_native_c.exe
2014-09-26 18:58 - 2014-09-26 18:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\Bluestacks
2014-09-26 18:55 - 2014-10-03 15:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 18:55 - 2014-09-26 18:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-26 18:55 - 2014-09-26 18:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 18:55 - 2014-09-26 18:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-26 18:07 - 2014-09-26 18:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 19:24 - 2014-09-25 19:24 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 19:24 - 2014-09-25 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-25 19:23 - 2014-10-03 15:28 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 19:23 - 2014-10-03 07:44 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 19:23 - 2014-09-25 19:23 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-25 19:23 - 2014-09-25 19:23 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-25 19:06 - 2014-09-25 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG
2014-09-25 19:06 - 2014-09-25 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg
2014-09-25 19:04 - 2014-09-25 19:06 - 00000000 ____D () C:\ProgramData\AVG
2014-09-25 18:53 - 2014-09-25 18:53 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-25 18:53 - 2014-09-25 18:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG2015
2014-09-25 18:53 - 2014-09-25 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-25 18:52 - 2014-09-25 18:53 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-25 18:52 - 2014-09-25 18:52 - 00000000 ___HD () C:\$AVG
2014-09-25 18:51 - 2014-09-25 19:05 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-25 18:49 - 2014-09-25 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg2015
2014-09-25 18:28 - 2014-09-25 18:28 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-25 18:26 - 2014-09-25 18:26 - 00289358 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-25 18:26 - 2014-09-25 18:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-25 18:25 - 2014-09-25 18:26 - 00290984 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-25 18:23 - 2014-09-25 18:23 - 00001258 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-09-25 18:23 - 2014-09-25 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-25 17:59 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 17:59 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-25 14:26 - 2014-09-25 14:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-25 14:26 - 2014-09-25 14:26 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-25 14:26 - 2014-09-25 14:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-25 14:26 - 2014-09-25 14:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-25 14:25 - 2014-09-29 12:53 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-25 13:58 - 2014-09-25 13:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Norton Utilities
2014-09-25 13:46 - 2014-10-03 15:44 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{33E0E603-0C7D-45AE-A69E-A9E47B47FB1D}
2014-09-25 13:45 - 2010-11-30 02:24 - 00108800 _____ (Symantec Corporation) C:\Windows\SysWOW64\Drivers\SymSpeedDisk.sys
2014-09-25 13:45 - 2010-11-30 02:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2014-09-25 13:45 - 2010-11-30 02:23 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2014-09-21 18:40 - 2014-09-21 18:40 - 00895120 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2014-09-20 16:42 - 2014-09-20 16:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-09-20 16:41 - 2014-09-20 16:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-09-20 16:41 - 2014-09-20 16:41 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-19 18:52 - 2014-09-19 18:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 18:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-18 20:39 - 2014-09-18 20:39 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2014-09-18 20:16 - 2014-10-03 15:50 - 00000000 ____D () C:\AdwCleaner
2014-09-18 08:48 - 2014-09-18 09:00 - 00000000 ____D () C:\Users\Owner\Doctor Web
2014-09-18 08:48 - 2014-09-18 08:49 - 19331048 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-09-18 08:41 - 2014-09-18 08:48 - 155175520 _____ () C:\Users\Owner\Downloads\fdgdykvu.exe
2014-09-17 11:53 - 2014-09-17 11:53 - 07284416 _____ () C:\Users\Owner\Downloads\spybotsd_includes.exe
2014-09-16 20:00 - 2014-09-16 20:00 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-09-16 20:00 - 2014-09-16 20:00 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-09-16 15:29 - 2014-09-26 18:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-09-14 20:19 - 2014-09-14 20:19 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:19 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-14 20:18 - 2014-09-14 20:18 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 10:02 - 2014-09-11 10:02 - 00000000 ____D () C:\Users\Owner\Downloads\Jason Mraz - I Wont Give Up 2012
2014-09-10 23:59 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:59 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:59 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:59 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:59 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:59 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:59 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:59 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:59 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:59 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:59 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:59 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:59 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:59 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:59 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:59 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:59 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:59 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:59 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:59 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:59 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:59 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:59 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:59 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:59 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:59 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:59 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:59 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:59 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:59 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:59 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:59 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:59 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:59 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:59 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:59 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:59 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:59 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:59 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:59 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:59 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:59 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:59 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:59 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:59 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:59 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:59 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:59 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:59 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:59 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:59 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:59 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:59 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:59 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:59 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:59 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 23:53 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 23:53 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 21:36 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 21:36 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 21:36 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 21:36 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 21:36 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 21:36 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 21:36 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 21:36 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 21:36 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 19:32 - 2014-09-10 19:33 - 16995328 _____ () C:\Users\Owner\Downloads\mumble-1.2.8.msi
2014-09-10 12:19 - 2014-09-10 12:20 - 25239492 _____ () C:\Users\Owner\Downloads\Sphax PureBDcraft 128x MC18.zip
2014-09-10 00:43 - 2014-09-10 00:43 - 00000000 ____D () C:\Users\Owner\Downloads\aldnoah
2014-09-10 00:42 - 2014-09-10 00:42 - 104337930 _____ () C:\Users\Owner\Downloads\[140910]TVアニメ『アルドノア・ゼロ』ED「A/Z」(期間生産限定アニメ盤)/SawanoHiroyuki[nZk][320K+BK].rar
2014-09-10 00:25 - 2014-09-10 00:26 - 00000000 ____D () C:\Users\Owner\Downloads\Aldnoah.zero
2014-09-09 23:37 - 2014-09-10 00:21 - 187567297 _____ () C:\Users\Owner\Downloads\Hiroyuki Sawano - Aldnoah Zero Original Soundtrack [2014.09.10][320kbps].zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 15:36 - 2011-12-13 13:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-03 11:20 - 2012-08-01 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mumble
2014-10-03 11:17 - 2011-12-25 18:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-03 09:57 - 2011-12-13 12:54 - 01471837 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 07:53 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 07:53 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 07:44 - 2014-08-06 12:02 - 00063957 _____ () C:\Windows\setupact.log
2014-10-03 07:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 21:38 - 2014-08-15 19:22 - 00174740 _____ () C:\Windows\PFRO.log
2014-10-01 20:02 - 2012-03-31 15:43 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.1
2014-10-01 17:23 - 2013-08-01 21:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-09-29 19:47 - 2009-07-14 06:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-27 00:17 - 2014-01-18 18:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net
2014-09-26 23:33 - 2014-01-18 18:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-26 19:00 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-26 18:46 - 2011-12-13 14:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-26 18:09 - 2011-12-25 19:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-25 19:24 - 2012-02-02 17:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-25 19:24 - 2011-12-25 12:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-25 19:23 - 2011-12-25 12:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-25 19:20 - 2012-06-03 18:15 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2014-09-25 19:20 - 2012-01-02 16:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-09-25 19:20 - 2011-12-29 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-09-25 19:20 - 2011-12-25 19:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-09-25 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-25 18:23 - 2011-12-13 14:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-25 14:08 - 2014-03-16 13:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-25 14:05 - 2013-10-20 09:26 - 00000000 ____D () C:\Windows\pss
2014-09-25 13:33 - 2013-10-06 06:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-25 13:33 - 2012-03-18 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 12:38 - 2012-01-14 22:56 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-09-22 07:42 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 17:33 - 2013-04-27 18:58 - 00000000 ____D () C:\Users\Owner\Documents\pokemmo
2014-09-20 16:41 - 2012-01-14 14:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-09-20 16:30 - 2012-08-10 10:33 - 00000000 ____D () C:\Users\Owner\Documents\pokemon game's
2014-09-20 08:19 - 2012-01-14 14:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-09-18 20:20 - 2011-12-13 12:53 - 00000000 ____D () C:\Users\Owner
2014-09-18 18:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-18 08:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-09-17 19:57 - 2014-06-14 19:43 - 00000083 _____ () C:\Users\Owner\.atl.properties
2014-09-16 20:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2014-09-16 20:03 - 2011-12-13 14:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-16 19:43 - 2012-01-02 15:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-09-16 16:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-09-13 16:23 - 2014-01-18 18:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-11 12:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 23:59 - 2011-12-29 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 23:58 - 2012-01-02 20:17 - 00770488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:57 - 2013-07-24 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 23:53 - 2011-12-13 13:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 19:45 - 2012-08-01 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-09-10 19:45 - 2012-08-01 20:43 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-09-06 16:36 - 2012-01-09 13:26 - 00000044 _____ () C:\Users\Owner\jagex_cl_runescape_LIVE.dat
2014-09-06 16:36 - 2012-01-09 13:26 - 00000024 _____ () C:\Users\Owner\random.dat
2014-09-03 12:18 - 2011-12-25 18:48 - 00000000 ____D () C:\ProgramData\Origin
2014-09-03 10:48 - 2011-12-25 18:47 - 00000000 ____D () C:\Program Files (x86)\Origin
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Owner\jagex_cl_loginapplet_LIVE.dat
C:\Users\Owner\jagex_cl_oldschool_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
C:\Users\Owner\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Owner\jagex_cl_runescape_LIVE_BETA1.dat
C:\Users\Owner\random.dat
C:\Users\Owner\vlc-1.1.11-win32.exe
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Owner\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Owner\AppData\Local\Temp\SDShelEx-x64.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 10:57
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:24 PM

Posted 03 October 2014 - 01:22 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

In Windows 7 and 8.
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad
 
start

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz130; \??\C:\Users\Owner\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\Users\Owner\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Owner\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Owner\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Owner\AppData\Local\Temp\SDShelEx-x64.dll

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

====

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 03 October 2014 - 01:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Owner at 2014-10-03 19:27:26 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz130; \??\C:\Users\Owner\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\Users\Owner\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Owner\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Owner\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Owner\AppData\Local\Temp\SDShelEx-x64.dll
 
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner" => Key not found.
"HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
ALSysIO => Service deleted successfully.
cpuz130 => Service deleted successfully.
DIRECTIO => Service deleted successfully.
massfilter => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va015 => Service deleted successfully.
ZTEusbmdm6k => Service deleted successfully.
ZTEusbnmea => Service deleted successfully.
ZTEusbser6k => Service deleted successfully.
C:\Users\Owner\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
 
==== End of Fixlog ====
 
 
how long should the security check take


#6 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 03 October 2014 - 01:54 PM

Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
AVG AntiVirus 2015              
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 65  
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#7 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 03 October 2014 - 02:10 PM

http://gyazo.com/6e869b2c292e589d60e7aa448a582506

i am still getting this on most websites and when i hover over it i get ads pop up.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:24 PM

Posted 04 October 2014 - 08:08 AM


Using the Add/Remove programs delete this old version of Java.
Java 7 Update 65

===

Gayzo
https://chrome.google.com/webstore/detail/gyazo-shot/giibnnakpjjpclbkakhlojnmblfdbcpb/details?hl=en

Description

The extension for take browser screen shot and set it to Gyazo server.

Gyazo Shot is an extension for taking current tab's screen shot (visible area only) and send it to Gyazo server by just one-click! The image url is automatically copy to clipboard, so you can paste it easily.

You can also change "Gyazo Server URL" in options page, so you can use your own private Gyazo server.

Gyazo Shot is developed as a Open Source Software.
Any issues and contributions are welcome.


I do not see any Chrome extension on your log that refers to this.
===

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers if they are all intected.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Let me know if the problem persists in in which browser.

#9 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 04 October 2014 - 11:54 AM

i am still getting the blue underlined text and a few pop up redirects.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:24 PM

Posted 04 October 2014 - 01:20 PM

Is this happening with all the browsers or just one?

#11 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 04 October 2014 - 01:24 PM

it seems to just be chrome



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:24 PM

Posted 04 October 2014 - 01:41 PM

I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:24 PM

Posted 10 October 2014 - 08:57 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:24 PM

Posted 18 October 2014 - 09:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users