Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome infected - cannot remove


  • This topic is locked This topic is locked
4 replies to this topic

#1 DedChrome

DedChrome

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 26 October 2014 - 12:56 PM

I recently been having a problem with Google Chrome that says Chrome has stopped responding...  I tried to uninstall Chrome and reinstall from the official site, but the problem persisted.  I need help removing and cleaning my computer.
 
I deleted Chrome, ran Kapersky Internet Security (Trial, Full version downloaded 10/25/2014).  Bogus Chrome still existed.  I went into the Registry (regedit) and deleted all instances of Google under the "Software" subfolders (Chrome, GoogleEarth, entire Chrome folder in regedit, Software subfolders).
 
Each time I restart the computer, Chrome comes back in the Registry.  Kapersky did not find any virus.
 
I downloaded and ran Malwarebytes Anti-Malware (Trial, 2.0.3.1025) - it found one item, quarantined:
 
Trojan.FakeAlert, C:\ProgramData\WildTangent\0a954c33-8fd3-45ec-bcf6-e734efe73d2f-extr.exe, , [72d7a8713e3e37ff4a67824b6b9527d9],
 
** I have the Malwarebytes log file (.txt, .xml) and can post if needed.
 
Problem with Bogus Chrome still exists as it keeps coming back in the Registry after system reboot.
 
I downloaded (10/26/2014, from Bleepingcomputer.com) and ran FarBar Recovery Scan Tool (FRST).  I have the log file and will post below.
 
System Overview:
MS Windows Vista, Home Basic 2007, Service Pack 2.  32-bit OS.
Norton 360 - expired before problem occured :(
Kapersky Internet Security (full Trial version, 29 days left, from Kapersky.com)
Malwarebytes Anti-Malware (Trial 2.0.3.1025 from CNET's download site)
Ad-Aware 2007 (ran and detected 11 cookies, tracking issues - deleted those issues.)
 
Output of FRST.txt follows - Thank you for the help!
----------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014
Ran by SuperUser (administrator) on SUPERUSER-HP on 26-10-2014 11:09:05
Running from C:\Users\SuperUser\Downloads
Loaded Profile: SuperUser (Available profiles: SuperUser)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-11] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-370200221-1239948252-840502268-1000\...\Run: [AdobeUpdater] => "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
HKU\S-1-5-21-370200221-1239948252-840502268-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-370200221-1239948252-840502268-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-370200221-1239948252-840502268-1000\...\MountPoints2: {ef00b8cf-34b9-11e2-a966-001d727de959} - F:\TLBootstrap_WPP.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=up97&ocid=up97dhp&dt=060913
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
SearchScopes: HKLM - DefaultScope {233BFCA1-48B2-43A0-83B4-A48F40CC227B} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKLM - {233BFCA1-48B2-43A0-83B4-A48F40CC227B} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKLM - {64F50309-1716-456D-9041-D69C13F83C60} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - 0B5F6DC4E1D946F2A226923DE584EB2D URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - {64F50309-1716-456D-9041-D69C13F83C60} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\sevtilxy.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=060913
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=060913&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 -> C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\SuperUser\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.7.0 -> C:\Users\SuperUser\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\sevtilxy.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\sevtilxy.default\searchplugins\bingp.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\sevtilxy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-17]
FF Extension: DownloadHelper - C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\sevtilxy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-23]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\sevtilxy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-28]
FF Extension: Easy YouTube Video Downloader - C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\sevtilxy.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-05-31]
FF Extension: QuickJava - C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\sevtilxy.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-06-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-31]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-31]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-08-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-08]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2014-10-26]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-25]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-25]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-25]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-25]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-25]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2014-10-25] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2014-10-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 OA004Ufd; C:\Windows\System32\DRIVERS\OA004Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA004Vid; C:\Windows\System32\DRIVERS\OA004Vid.sys [269760 2008-07-17] (Creative Technology Ltd.)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
S3 zteusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [104320 2008-09-01] (ZTEMT Incorporated)
U1 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\System32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\System32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\System32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\System32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\System32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\System32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\System32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\System32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\System32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\athr.sys 600EFE56F37ADBD65A0FB076B50D1B8D
C:\Windows\System32\DRIVERS\bcmwl6.sys CF6A67C90951E3E763D2135DEDE44B85
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys 56C2811FD0D7B727808A69407B5BFAE0
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\System32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\drivers\CHDRT32.sys DDA0CB141150FEF87419926790CD26C8
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\System32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\System32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\DRIVERS\HpqKbFiltr.sys 35956140E686D53BF676CF0C778880FC
C:\Windows\System32\DRIVERS\HpqRemHid.sys 115C0933B3ED51DFBEC4449348C8065B
C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785
C:\Windows\System32\DRIVERS\HSX_DPV.sys CC267848CB3508E72762BE65734E764D
C:\Windows\System32\DRIVERS\HSXHWAZL.sys A2882945CC4B6E3E4E9E825590438888
C:\Windows\System32\drivers\HTTP.sys 0EEECA26C8D4BDE2A4664DB058A81937
C:\Windows\System32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\System32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\System32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\System32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\DRIVERS\kl1.sys 6022F174CEB149650DCB5BE445A0E72A
C:\Windows\System32\DRIVERS\klflt.sys 3EAA179537FF9A3C9071E868C07275FA
C:\Windows\System32\DRIVERS\klhk.sys C02EC9EEE4E3CFEF82478B9C345F94FE
C:\Windows\System32\DRIVERS\klif.sys 894A09BF826E79C1971ADE0121F2B607
C:\Windows\System32\DRIVERS\klim6.sys D1FC14342F8CAD20A0764305AD62483D
C:\Windows\System32\DRIVERS\klkbdflt.sys 9C7132A2E609E0BACF2A54AC13C9BDCB
C:\Windows\System32\DRIVERS\klmouflt.sys 035724BA6D5676B76FD3AFB66AB4F1E3
C:\Windows\System32\DRIVERS\klpd.sys EB0D72D2844C57F5F146D7A15B04FBF9
C:\Windows\System32\DRIVERS\kltdi.sys 3EA7D183499C7C5824AA13DA1A7CDA26
C:\Windows\System32\DRIVERS\kneps.sys E111A2947A4D26CC4A30D2BF2E7A8D69
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\System32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\System32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\System32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\mbam.sys D2DED3C333A5D9CB3F4C244B0F0DD877
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8E2E9CCD873ABF180F48BCAEEEBE347D
C:\Windows\system32\drivers\mwac.sys F341782DC4C0DC1261DFCC0CBA40962C
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\System32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\System32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\System32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\System32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\System32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvmfdx32.sys D958A2B5F6AD5C3B8CCDC4D7DA62466C
C:\Windows\System32\drivers\nvhda32v.sys A82534D453425F5FEE4B6A583FDCF3EB
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9DAC05D828E56801FD6CE5FDFCED64AF
C:\Windows\System32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\System32\DRIVERS\nvsmu.sys 0FB6BF3AB170FC5BD403D25E134EAFDE
C:\Windows\System32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\System32\DRIVERS\OA004Ufd.sys A015DD2BA6009C8BDD00A6C431302D06
C:\Windows\System32\DRIVERS\OA004Vid.sys 12A4366FF51BEFBDF018F654FF8B22B8
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\PalmUSBD.sys DC450992EBA6F914080C1F7FBEEED72C
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\System32\DRIVERS\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\System32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\drivers\RTSTOR.SYS D1FB9A678BD6C2B1129FCB09D5FEB6DD
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\System32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\System32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\sscdbus.sys D5DFFEAA1E15D4EFFABB9D9A3068AC5B
C:\Windows\System32\DRIVERS\sscdmdfl.sys 8A1BE0C347814F482F493AEA619D57F6
C:\Windows\System32\DRIVERS\sscdmdm.sys 5AB0B1987F682A59B15B78F84C6AD7D0
C:\Windows\System32\DRIVERS\sscdserd.sys 751E66EB32EFA80633B80F5D7FF0A1D8
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\System32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\System32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 00B19F27858F56181EDB58B71A7C67A0
C:\Windows\System32\drivers\tcpip.sys 74E2D020C47BB2B2FCCBA29A518A7EB4
C:\Windows\System32\DRIVERS\tcpip.sys 74E2D020C47BB2B2FCCBA29A518A7EB4
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\System32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\System32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\System32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys EC1C23779BB41A8B2AB2AA6FCE308BDE
C:\Windows\System32\drivers\usbaudio.sys 32DB9517628FF0D070682AAB61E688F0
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\System32\DRIVERS\usbohci.sys CE697FEE0D479290D89BEC80DFE793B7
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\System32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\System32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 0ACD399F5DB3DF1B58903CF4949AB5A8
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B
C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys 6C8BEB4E89BCF08B544AFD3F91C24EE8

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 11:07 - 2014-10-26 11:08 - 00028650 _____ () C:\Users\SuperUser\Downloads\Addition.txt
2014-10-26 11:05 - 2014-10-26 11:09 - 00041207 _____ () C:\Users\SuperUser\Downloads\FRST.txt
2014-10-26 11:04 - 2014-10-26 11:09 - 00000000 ____D () C:\FRST
2014-10-26 11:02 - 2014-10-26 11:03 - 01104896 _____ (Farbar) C:\Users\SuperUser\Downloads\FRST.exe
2014-10-25 19:38 - 2014-10-25 19:37 - 00002902 _____ () C:\Users\SuperUser\Documents\Malwarebytes-AMTrial_2014-10-25_193700.xml
2014-10-25 19:37 - 2014-10-25 19:37 - 00001200 _____ () C:\Users\SuperUser\Documents\Malwarebytes-AMTrial_2014-10-25_193700.txt
2014-10-25 19:19 - 2014-10-26 10:50 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 19:18 - 2014-10-26 10:19 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-25 19:18 - 2014-10-25 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-25 19:18 - 2014-10-25 19:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-25 19:18 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-25 19:18 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-25 19:14 - 2014-10-25 19:14 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\SuperUser\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-25 17:15 - 2014-10-25 17:15 - 00000268 _____ () C:\Users\SuperUser\Documents\Ad-Aware 2007_2014-10-15_171500.txt
2014-10-25 09:33 - 2014-10-25 09:33 - 00002111 _____ () C:\Users\SuperUser\Desktop\Safe Money.lnk
2014-10-25 09:31 - 2014-10-25 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-10-25 09:31 - 2014-10-25 09:30 - 00001065 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-10-25 09:26 - 2014-10-26 10:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-25 09:26 - 2014-10-25 09:26 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-10-25 09:24 - 2014-10-25 09:50 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-10-25 09:24 - 2014-10-25 09:50 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-10-25 09:24 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-10-25 09:14 - 2014-10-25 09:14 - 00002195 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2014-10-25 09:13 - 2014-10-25 09:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-10-25 09:13 - 2014-10-25 09:13 - 00000000 ____D () C:\Windows\system32\Drivers\NST
2014-10-25 09:13 - 2014-10-25 09:13 - 00000000 ____D () C:\Program Files\Norton Identity Safe
2014-10-25 08:48 - 2014-10-25 08:48 - 00364640 _____ (Kaspersky Lab) C:\Users\SuperUser\Downloads\kss12.0.1.808_6398_6399.exe
2014-10-05 08:25 - 2014-10-05 08:35 - 00000000 ____D () C:\Users\SuperUser\Downloads\Netts Baby Pics
2014-10-05 08:13 - 2014-10-05 08:35 - 00000000 ____D () C:\Users\SuperUser\Downloads\Netts Random Pics
2014-10-02 21:13 - 2014-10-02 21:13 - 00400896 _____ () C:\Users\SuperUser\Downloads\cv_and_os_tips_dccoa_sep2013.ppt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 11:06 - 2008-10-13 06:59 - 01261192 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 10:53 - 2013-08-30 19:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-26 10:36 - 2014-03-27 18:36 - 00000586 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-370200221-1239948252-840502268-1000.job
2014-10-26 10:19 - 2009-12-12 12:03 - 00204977 _____ () C:\ProgramData\nvModes.dat
2014-10-26 10:19 - 2009-12-12 12:03 - 00204977 _____ () C:\ProgramData\nvModes.001
2014-10-26 09:44 - 2006-11-02 06:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 09:44 - 2006-11-02 06:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 08:22 - 2010-08-05 07:57 - 00000000 ____D () C:\Users\SuperUser\AppData\Roaming\Skype
2014-10-26 07:46 - 2008-10-13 07:44 - 00000246 _____ () C:\Users\Public\Documents\hpqp.ini
2014-10-26 07:44 - 2006-11-02 06:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 22:38 - 2006-11-02 06:58 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-25 20:25 - 2008-01-20 21:02 - 00982990 _____ () C:\Windows\PFRO.log
2014-10-25 20:17 - 2008-12-24 20:39 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-10-25 19:38 - 2008-08-11 06:23 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-25 19:10 - 2012-05-08 16:55 - 00000000 ____D () C:\Users\SuperUser\AppData\Local\CrashDumps
2014-10-25 12:10 - 2008-12-24 10:55 - 00000000 ____D () C:\Program Files\Google
2014-10-25 12:08 - 2008-12-24 10:57 - 00000000 ____D () C:\Users\SuperUser\AppData\Local\Google
2014-10-25 11:56 - 2006-11-02 04:33 - 00721710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-25 10:01 - 2013-06-09 13:35 - 00002487 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-25 10:01 - 2013-06-09 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-25 10:01 - 2010-08-05 07:49 - 00000000 ____D () C:\ProgramData\Skype
2014-10-25 09:20 - 2009-12-12 21:05 - 00000000 ____D () C:\ProgramData\Norton
2014-10-25 09:16 - 2008-08-11 05:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-05 07:50 - 2008-12-24 11:01 - 00054784 _____ () C:\Users\SuperUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-02 15:53 - 2009-10-04 08:48 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\SuperUser\AppData\Local\Temp\~idle56520069.dll
C:\Users\SuperUser\AppData\Local\Temp\~idle77721101.dll
C:\Users\SuperUser\AppData\Local\Temp\~min77086515.dll
C:\Users\SuperUser\AppData\Local\Temp\~registryhlp93498668.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {6f6f49f3-d60c-11dc-94ab-0016d3016530}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {6f6f49f3-d60c-11dc-94ab-0016d3016530}
nx                      OptIn
bootlog                 No

Resume from Hibernate
---------------------
identifier              {6f6f49f3-d60c-11dc-94ab-0016d3016530}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi



LastRegBack: 2014-10-26 07:49

==================== End Of Log ============================

Edited by Queen-Evie, 26 October 2014 - 10:20 PM.
moved from Am I Infected to Malware Removal Logs. FRST logs are allowed only in MRL.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 31 October 2014 - 01:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553409 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 05 November 2014 - 04:33 PM

Greetings DedChrome
and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. We are going to hit this hard right out of the gate. Please run the following for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
U1 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\SuperUser\AppData\Local\Temp\~idle56520069.dll
C:\Users\SuperUser\AppData\Local\Temp\~idle77721101.dll
C:\Users\SuperUser\AppData\Local\Temp\~min77086515.dll
C:\Users\SuperUser\AppData\Local\Temp\~registryhlp93498668.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Adwcleaner log
  • Junkware log
  • TDSSKiller log
  • aswMBR report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 08 November 2014 - 03:45 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 10 November 2014 - 02:52 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users