Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NOD32 shows that it blocks a website frequently, but I cannot find the problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 Keso

Keso

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 30 November 2014 - 10:21 AM

Hello,

 

I am not sure if I am doing this right, but I just stumbled upon this website and I have a slight problem with malware which I can't seem to get rid of.

So lately I have been getting some weird pop ups, I am using ESET NOD32, but it didn't find anything. I eventually found a weird extension in Chrome which I got rid of and a strange program in my list of installed program, which I also deleted. Then I followed the advice of the friend who built my PC couple years back (I'm not that tech savvy) and I ran Hitman Pro and Malware bytes, both found some things and I deleted/quarantained them. The only thing that is still noticable is the slow (in comparison to couple weeks back) internet connection and the neverending stream of warnings from NOD32 that a website got blocked. I have added images as an attachment of two examples (Attached File  nod32 1.png   17.03KB   0 downloads and Attached File  nod32 2.png   26.91KB   0 downloads). The links differ and the IP address changes between two alternatives. 
When I run NOD32, Malware Bytes or Hitman pro, everything comes up OK, so I don't know what other options I have. I hope someone here can help me figure this out.

Any help is much appreciated!

 

Keso

 

I believe I am supposed to put this DDS log in here:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.25.2
Run by Keso at 16:08:35 on 2014-11-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.8175.5592 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
F:\Programma's\D-link USB adapter\WlanWpsSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Keso\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Keso\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
F:\Programma's\D-link USB adapter\wirelesscm.exe
C:\Users\Keso\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Users\Keso\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.nl/
uWindow Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ASRockXTU] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
StartupFolder: C:\Users\Keso\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Keso\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Keso\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Keso\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - F:\Programma's\D-link USB adapter\wirelesscm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0ADB1F88-ED26-4943-A34A-A3D1195A7040} : DHCPNameServer = 192.168.0.120
TCP: Interfaces\{1EE997FC-1199-47B0-AF93-8890B48C495D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1EE997FC-1199-47B0-AF93-8890B48C495D}\03153413 : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{1EE997FC-1199-47B0-AF93-8890B48C495D}\44D2C496E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1EE997FC-1199-47B0-AF93-8890B48C495D}\75966496D225560756164756278223E2437492 : DHCPNameServer = 192.168.0.120
TCP: Interfaces\{1EE997FC-1199-47B0-AF93-8890B48C495D}\84F6C6962757 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1EE997FC-1199-47B0-AF93-8890B48C495D}\A5967676F65363636383 : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{1EE997FC-1199-47B0-AF93-8890B48C495D}\E44435 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{403B5506-5738-49CE-A347-DD37BDB037BC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{403B5506-5738-49CE-A347-DD37BDB037BC}\4456E637A69656 : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{403B5506-5738-49CE-A347-DD37BDB037BC}\E45647775627B6A5F6E6465627B4162656C637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9858C7A9-2977-4212-9BAE-E493042CA4CC} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-4-28 15368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-1-25 283064]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-4-28 15936]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-10-22 2443960]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-28 13336]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-12 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-12 18956064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-12 411936]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-11-26 5405456]
R2 WlanWpsSvc;WlanWpsSvc;F:\Programma's\D-link USB adapter\WlanWpsSvc.exe [2013-4-6 167936]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;C:\Windows\System32\drivers\wlndis50.sys [2008-1-28 35840]
R3 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]
R3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-4-29 31808]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-12 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-12 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-28 344680]
R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;C:\Windows\System32\drivers\rtwlanu.sys [2013-4-6 986728]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-9-18 112640]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-4-28 79360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-11-24 127752]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-4-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-4-28 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-4-29 135584]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-4-28 20992]
S3 RTL8187B;Linksys WUSB54GC Compact Wireless-G USB Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2012-4-28 341504]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-29 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-28 1255736]
.
=============== Created Last 30 ================
.
2014-11-29 18:49:20 -------- d-----w- C:\Users\Keso\AppData\Local\{DCD12B07-ACAA-4738-AD74-B4D4DC53F437}
2014-11-29 12:56:08 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-29 12:55:50 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-29 12:55:50 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-29 12:55:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-29 12:55:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-28 15:58:27 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96F04297-1293-4390-A546-2EE460AB044C}\mpengine.dll
2014-11-23 19:09:21 -------- d-----w- C:\Program Files\HitmanPro
2014-11-19 14:16:57 -------- d-sh--w- C:\Users\Keso\AppData\Local\EmieBrowserModeList
2014-11-19 07:42:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 07:42:35 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 07:42:35 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 07:42:35 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-17 21:51:12 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-11-17 21:48:34 -------- d-----w- C:\ProgramData\HitmanPro
2014-11-15 12:32:18 -------- d-----w- C:\Users\Keso\AppData\Local\{005A4E17-4167-40A3-884D-513B3E393C52}
2014-11-12 08:13:24 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-12 08:13:24 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-12 08:13:24 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-12 08:12:34 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-12 08:12:34 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-12 08:12:34 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-12 08:12:34 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 08:12:34 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-12 08:12:33 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-12 08:12:33 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-12 08:12:33 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-12 08:12:33 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-12 08:05:57 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 08:05:57 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 08:05:55 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 08:05:52 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 08:05:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 08:05:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 08:05:49 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-10 19:32:01 -------- d-----w- C:\Users\Keso\AppData\Roaming\BitTorrent
2014-11-07 15:13:54 4 ----a-w- C:\Users\Keso\AppData\Roaming\appdataFr2.bin
2014-11-04 10:33:19 -------- d-----w- C:\Users\Keso\AppData\Local\{C7DEC43D-7111-4856-80DE-957DD84050E0}
2014-11-03 10:53:39 -------- d-----w- C:\Users\Keso\AppData\Local\{EB83385F-BAEC-4862-AF4F-3B8164F8047C}
2014-11-03 07:52:32 -------- d-----w- C:\Users\Keso\AppData\Local\ESET
2014-11-03 07:52:32 -------- d-----w- C:\ProgramData\gimmishop
2014-11-03 07:52:24 -------- d-----w- C:\ProgramData\94682547954de6c
2014-11-02 16:27:03 -------- d-----w- C:\Users\Keso\AppData\Local\{6BEA552D-6C53-49FF-8FA4-1A7C92C04342}
.
==================== Find3M  ====================
.
2014-11-26 09:11:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 09:11:05 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-04 13:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2011-12-08 06:01:01 1245184 ----a-w- C:\Program Files (x86)\eav.msi
2011-09-22 11:12:00 375056 ----a-w- C:\Program Files (x86)\updater.dll
2011-09-22 11:11:58 561480 ----a-w- C:\Program Files (x86)\eguiUpdate.dll
2011-09-22 11:11:10 1694992 ----a-w- C:\Program Files (x86)\SysRescue.exe
2011-09-22 11:10:48 1877272 ----a-w- C:\Program Files (x86)\SysInspector.exe
2011-09-22 11:10:20 196848 ----a-w- C:\Program Files (x86)\shellExt.dll
2011-09-22 11:09:54 380200 ----a-w- C:\Program Files (x86)\eplgOutlook.dll
2011-09-22 11:09:52 403384 ----a-w- C:\Program Files (x86)\eplgOE.dll
2011-09-22 11:09:52 11976 ----a-w- C:\Program Files (x86)\eplgHooks.dll
2011-09-22 11:09:50 107768 ----a-w- C:\Program Files (x86)\eguiMailPlugins.dll
2011-09-22 11:07:32 136120 ----a-w- C:\Program Files (x86)\http_dll.dll
2011-09-22 11:07:30 36192 ----a-w- C:\Program Files (x86)\EHttpSrv.exe
2011-09-22 11:07:28 246288 ----a-w- C:\Program Files (x86)\eguiHips.dll
2011-09-22 11:05:24 556848 ----a-w- C:\Program Files (x86)\eguiScan.dll
2011-09-22 11:04:44 1648672 ----a-w- C:\Program Files (x86)\eguiEpfw.dll
2011-09-22 11:03:06 25904 ----a-w- C:\Program Files (x86)\eh64.exe
2011-09-22 11:03:04 4035152 ----a-w- C:\Program Files (x86)\egui.exe
2011-09-22 11:03:00 909024 ----a-w- C:\Program Files (x86)\eguiProductRcd.dll
2011-09-22 11:02:56 913144 ----a-w- C:\Program Files (x86)\eguiProduct.dll
2011-09-22 11:02:34 254016 ----a-w- C:\Program Files (x86)\eplgOEEmon.dll
2011-09-22 11:02:34 234952 ----a-w- C:\Program Files (x86)\eplgOutlookEmon.dll
2011-09-22 11:02:32 120128 ----a-w- C:\Program Files (x86)\eguiEmon.dll
2011-09-22 11:01:58 43408 ----a-w- C:\Program Files (x86)\eeclnt.exe
2011-09-22 11:01:58 115008 ----a-w- C:\Program Files (x86)\eguiDmon.dll
2011-09-22 11:01:56 167472 ----a-w- C:\Program Files (x86)\DMON.dll
2011-09-22 11:01:24 46480 ----a-w- C:\Program Files (x86)\ecmd.exe
2011-09-22 11:01:08 278664 ----a-w- C:\Program Files (x86)\ecls.exe
2011-09-22 11:00:52 346728 ----a-w- C:\Program Files (x86)\eguiAmon.dll
2011-09-22 11:00:36 70176 ----a-w- C:\Program Files (x86)\callmsi.exe
2011-09-21 18:09:25 369686 ----a-w- C:\Program Files (x86)\EAV64NL.exe
2010-08-24 12:46:04 0 ----a-w- C:\Program Files (x86)\ekrnHipsLang.dll
2010-08-24 12:46:04 0 ----a-w- C:\Program Files (x86)\eguiHipsLang.dll
2009-08-11 12:37:30 1655296 ----a-w- C:\Program Files (x86)\mfc80u.dll
2009-08-11 12:37:28 802640 ----a-w- C:\Program Files (x86)\msvcr80.dll
2009-08-11 12:37:28 1068368 ----a-w- C:\Program Files (x86)\msvcp80.dll
2008-09-12 13:42:52 0 ----a-w- C:\Program Files (x86)\SysRescueLang.dll
2008-07-14 08:10:18 0 ----a-w- C:\Program Files (x86)\eplgTbLang.dll
2008-05-19 13:47:56 0 ----a-w- C:\Program Files (x86)\SysInspectorLang.dll
2008-04-23 11:44:38 0 ----a-w- C:\Program Files (x86)\ekrnDmonLang.dll
2008-04-23 11:44:38 0 ----a-w- C:\Program Files (x86)\eguiDmonLang.dll
2007-09-12 08:45:10 0 ----a-w- C:\Program Files (x86)\eclsLang.dll
2007-08-07 07:13:08 0 ----a-w- C:\Program Files (x86)\ekrnMailPluginsLang.dll
2007-08-07 07:13:08 0 ----a-w- C:\Program Files (x86)\eguiMailPluginsLang.dll
2007-07-12 14:12:12 0 ----a-w- C:\Program Files (x86)\eplgOELang.dll
.
============= FINISH: 16:08:47,65 ===============
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 PM

Posted 05 December 2014 - 08:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 Keso

Keso
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 06 December 2014 - 09:32 AM

Hello!

Thanks for your help, but a friend of mine recommended to try and reset my Chrome browser to standard settings, because it seemed the pop ups only happened when I was in Chrome, not on Firefox and not on IE. So I tried that and the pop ups seem to be gone and Chrome seems to be running smoothly.

Still thank you for taking the time to try and help me out, much appreciated :)

 

Keso



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 PM

Posted 06 December 2014 - 10:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users