Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://us.yhs4.search.yahoo.com yahoo redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 cutesydani

cutesydani

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 07 December 2014 - 06:46 PM

I have literally done and downlaoded everfything to remove this virus and it will not go away!!!

I tried:

Malwarebytes, FRST, tsskiller, rkill, hitman pro, adwcleaner, junkware removal tool

I have deleted the extentions of all of the internet programs

cleared the caches

reset all 3 internet programs

 

Please help!!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 11 December 2014 - 09:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 cutesydani

cutesydani
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 13 December 2014 - 05:50 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Dani (administrator) on MYPC on 13-12-2014 17:46:39
Running from C:\Users\Dani\Desktop
Loaded Profile: Dani (Available profiles: Dani & Administrator)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
( ) C:\Windows\System32\lxcfcoms.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Farbar) C:\Users\Dani\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Clarus Drive Manager] => C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe [8135744 2013-12-18] (Clarus, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\RunOnce: [Adobe Speed Launcher] => 1418505551
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\MountPoints2: {bd439808-5c8b-11dc-b4ec-001aa08c2957} - Autorun.exe /run
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\MountPoints2: {e7478bd7-5f3e-11df-9780-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKLM -> DefaultScope {9B75C179-9C14-4DF3-A94A-C6FA75D3BBBD} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2362492244-592162793-2811047119-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 14 December 2014 - 09:04 AM

Your FRST log is not complete.

Please post one more time.

#5 cutesydani

cutesydani
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 14 December 2014 - 11:28 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Dani (administrator) on MYPC on 13-12-2014 17:46:39
Running from C:\Users\Dani\Desktop
Loaded Profile: Dani (Available profiles: Dani & Administrator)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
( ) C:\Windows\System32\lxcfcoms.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Farbar) C:\Users\Dani\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Clarus Drive Manager] => C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe [8135744 2013-12-18] (Clarus, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\RunOnce: [Adobe Speed Launcher] => 1418505551
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\MountPoints2: {bd439808-5c8b-11dc-b4ec-001aa08c2957} - Autorun.exe /run
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\MountPoints2: {e7478bd7-5f3e-11df-9780-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKLM -> DefaultScope {9B75C179-9C14-4DF3-A94A-C6FA75D3BBBD} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2362492244-592162793-2811047119-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{164C7ECF-BDD3-4AC0-BDBA-B46D354B5605}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{1B066624-5272-4A52-A18A-C9ED5B651E0E}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{38203169-D04D-497F-9033-5C843479B5B2}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{660CF3F8-FD15-4328-8EC4-D241745EFD5F}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{7851DAE3-B79E-41CA-9F43-7E1074749FA3}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{7B2DFF6B-F035-4D5D-B29F-A7B6F786595D}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{9061B813-6FDE-4BF1-B699-B3CF6A5D08C1}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{9C914188-66CD-4BAC-9862-9F9BE6414259}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{B0B6E425-69EF-4E46-9A0A-465E9EE1E0B6}: [NameServer] 208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\thq3f042.default-1414466442601
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-07]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR Profile: C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AdBlock) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-18]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dani\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-11]
CHR HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\Dani\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [104960 2008-02-22] (ArcSoft Inc.)
S3 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-10-10] (Flexera Software, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-16] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-11-23] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 lxcf_device; C:\Windows\system32\lxcfcoms.exe [537520 2007-02-23] ( )
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-03-25] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-03-01] ()
S3 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [580976 2012-03-21] (SMART Technologies)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121464 2011-12-04] (SlySoft, Inc.)
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-25] (DT Soft Ltd)
R3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2013-01-05] (RIF) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-10-19] (Symantec Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [47249 2006-05-18] (FTDI Ltd.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [7296 2006-09-06] (GARMIN Corp.) [File not signed]
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R0 pepbus; C:\Windows\System32\DRIVERS\pepbus.sys [16624 2007-11-20] (Pepstyle International Limited.)
S3 pepscsi; C:\Windows\System32\DRIVERS\pepscsi.sys [101192 2007-11-20] (Pepstyle International Limited.)
R0 PEP_HKA; C:\Windows\System32\Drivers\PEP_HKA.SYS [15040 2007-11-12] (Pepstyle International Limited.)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2012-03-21] (SMART Technologies ULC)
S3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2012-03-21] (SMART Technologies ULC)
S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2012-03-21] (SMART Technologies ULC)
S3 WinRing0_1_2_0; C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [14416 2012-11-13] (OpenLibSys.org)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 mdf16; \??\C:\Users\Dani\AppData\Local\Temp\mdf16.sys [X]
S3 mvd23; \??\C:\Users\Dani\AppData\Local\Temp\mvd23.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 szkg5; system32\DRIVERS\szkg.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 17:46 - 2014-12-13 17:47 - 00022731 _____ () C:\Users\Dani\Desktop\FRST.txt
2014-12-13 17:45 - 2014-12-13 17:45 - 01111552 _____ (Farbar) C:\Users\Dani\Desktop\FRST(1).exe
2014-12-13 17:44 - 2014-12-13 17:44 - 01111552 _____ (Farbar) C:\Users\Dani\Downloads\FRST.exe
2014-12-13 17:05 - 2014-12-13 17:06 - 15697529 _____ () C:\Users\Dani\Downloads\Control Panel.wma
2014-12-11 03:27 - 2014-12-11 03:27 - 00160808 _____ () C:\Windows\Minidump\Mini121114-01.dmp
2014-12-11 03:25 - 2014-12-11 03:25 - 319328865 _____ () C:\Windows\MEMORY.DMP
2014-12-11 03:25 - 2014-12-11 03:25 - 00000352 _____ () C:\Windows\PFRO.log
2014-12-10 22:45 - 2014-12-10 22:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 23:25 - 2014-12-09 23:25 - 00000000 ____D () C:\Users\Dani\AppData\Local\Clarus
2014-12-09 20:26 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 20:25 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 20:05 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 13:41 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 13:41 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 13:41 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 13:41 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 13:41 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 13:41 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 13:41 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 13:41 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 13:41 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 13:41 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 13:41 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 13:41 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 13:41 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 13:41 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 13:41 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 13:41 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 13:41 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 13:41 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 13:41 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 13:41 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 13:41 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 13:41 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-07 20:25 - 2014-12-07 20:25 - 00696783 _____ () C:\Users\Dani\Downloads\argumentative writing.pdf.part
2014-12-06 19:43 - 2014-12-06 19:43 - 00000000 ____D () C:\Users\Dani\AppData\Local\{A3ABC5D3-8DFD-4825-927E-2BE0C0EC80B6}
2014-12-06 19:26 - 2014-12-06 19:27 - 00000000 ____D () C:\Users\Dani\AppData\Local\{0CD46023-F59A-4C2C-B69D-EAC22948466E}
2014-12-06 14:41 - 2014-12-13 17:46 - 00000000 ____D () C:\FRST
2014-12-06 14:36 - 2014-12-06 14:36 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-06 14:36 - 2014-12-06 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-06 14:32 - 2014-12-06 14:32 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-06 14:32 - 2014-12-06 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-06 14:31 - 2014-12-06 14:31 - 00000000 ____D () C:\Program Files\iPod
2014-12-06 14:30 - 2014-12-06 14:32 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-06 14:30 - 2014-12-06 14:32 - 00000000 ____D () C:\Program Files\iTunes
2014-12-06 14:20 - 2014-12-06 14:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-11-30 21:17 - 2014-11-30 21:18 - 00001388 _____ () C:\Users\HitmanPro.lic
2014-11-30 19:25 - 2014-11-30 19:25 - 00000218 _____ () C:\Users\Dani\AppData\Local\recently-used.xbel
2014-11-30 17:18 - 2014-11-30 17:18 - 00001617 _____ () C:\Users\Dani\Desktop\Samsung Drive Manager.lnk
2014-11-30 17:18 - 2014-11-30 17:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-30 17:18 - 2014-11-30 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-11-30 17:18 - 2014-11-30 17:18 - 00000000 ____D () C:\Program Files\Clarus
2014-11-23 22:29 - 2014-11-23 22:53 - 00000000 ____D () C:\AdwCleaner
2014-11-23 18:30 - 2014-11-23 18:30 - 02080456 _____ (Coupons.com Incorporated) C:\Users\Dani\Downloads\CouponPrinter.exe
2014-11-23 17:45 - 2014-11-23 17:45 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-11-23 17:23 - 2014-11-30 21:30 - 00001694 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-23 17:23 - 2014-11-30 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-23 17:23 - 2014-11-30 21:29 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-23 16:49 - 2014-11-23 17:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-23 16:44 - 2014-11-23 16:45 - 10284408 _____ (SurfRight B.V.) C:\Users\Dani\Downloads\HitmanPro.exe
2014-11-23 15:35 - 2014-11-23 15:36 - 00050094 _____ () C:\Users\Dani\Downloads\Addition.txt
2014-11-23 15:09 - 2014-12-06 15:10 - 00000966 _____ () C:\Users\Dani\Desktop\Rkill.txt
2014-11-23 15:02 - 2014-11-23 15:02 - 00000000 ____D () C:\Windows\ERUNT
2014-11-18 22:51 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-17 22:35 - 2014-10-30 06:24 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-17 21:19 - 2014-11-17 21:20 - 00000000 ____D () C:\Users\Dani\AppData\Local\{6C97963A-7CF9-4C86-9B58-6AD745F69E2E}
2014-11-16 22:02 - 2014-12-13 16:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-16 21:38 - 2014-11-16 21:38 - 00000050 _____ () C:\lxcf.log
2014-11-13 02:27 - 2014-11-03 19:05 - 24557376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-11-13 02:27 - 2014-11-03 19:05 - 18514080 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-11-13 02:27 - 2014-11-03 19:05 - 17259848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-13 02:27 - 2014-11-03 19:05 - 11397208 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-13 02:27 - 2014-11-03 19:05 - 11335408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-13 02:27 - 2014-11-03 19:05 - 10904208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-13 02:27 - 2014-11-03 19:05 - 04010824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-13 02:27 - 2014-11-03 19:05 - 01043264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234465.dll
2014-11-13 02:27 - 2014-11-03 19:05 - 00907592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234465.dll
2014-11-13 02:27 - 2014-11-03 19:05 - 00022200 _____ () C:\Windows\system32\nvinfo.pb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 17:44 - 2012-04-09 21:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 17:43 - 2011-12-24 17:07 - 00000000 ____D () C:\Users\Dani\AppData\Local\CrashDumps
2014-12-13 17:27 - 2011-03-05 19:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 17:09 - 2013-10-12 10:22 - 00000000 ____D () C:\Users\Dani\Documents\Mystery shops
2014-12-13 17:06 - 2012-01-21 21:42 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2362492244-592162793-2811047119-1000UA.job
2014-12-13 16:35 - 2007-08-09 05:16 - 01988132 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 16:22 - 2006-11-02 05:33 - 00006950 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 16:20 - 2012-04-25 23:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-13 16:15 - 2014-11-11 21:26 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-13 16:15 - 2014-07-10 13:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 16:15 - 2006-11-02 07:47 - 00005120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-13 16:15 - 2006-11-02 07:47 - 00005120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-13 16:14 - 2011-03-05 19:42 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-13 16:14 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 00:32 - 2006-11-02 08:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-11 22:44 - 2012-04-09 21:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 22:44 - 2011-05-15 12:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 12:05 - 2012-01-21 21:42 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2362492244-592162793-2811047119-1000Core.job
2014-12-11 03:27 - 2009-04-07 20:31 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 23:46 - 2014-10-18 13:59 - 43249664 _____ () C:\Windows\system32\config\components.iobit
2014-12-10 23:46 - 2014-10-18 13:59 - 04124672 _____ () C:\Windows\system32\config\default.iobit
2014-12-10 23:46 - 2014-10-18 13:59 - 00065536 _____ () C:\Windows\system32\config\sam.iobit
2014-12-10 23:46 - 2014-10-18 13:58 - 80396288 _____ () C:\Windows\system32\config\software.iobit
2014-12-10 23:46 - 2014-10-18 13:58 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-12-10 23:46 - 2007-08-19 20:47 - 00000000 ____D () C:\Users\Dani
2014-12-09 21:06 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-09 20:47 - 2008-06-24 18:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-09 20:32 - 2014-11-02 16:19 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-09 20:32 - 2007-08-09 05:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-09 20:30 - 2014-11-12 21:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 20:19 - 2013-07-13 05:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 20:08 - 2006-11-02 05:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 20:04 - 2010-06-06 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-07 20:32 - 2011-11-05 23:16 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Nitro PDF
2014-12-07 18:18 - 2014-07-10 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 18:18 - 2014-07-10 13:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-07 18:18 - 2012-02-18 15:36 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-07 11:29 - 2014-07-17 12:44 - 00000000 ____D () C:\Users\Dani\Documents\Capella
2014-12-06 22:29 - 2013-10-26 14:20 - 00001755 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-12-06 14:36 - 2011-02-03 10:57 - 00000000 ____D () C:\Program Files\QuickTime
2014-12-06 14:30 - 2014-04-19 12:21 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-06 14:30 - 2011-12-19 14:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-30 17:40 - 2012-11-10 19:36 - 00000000 ____D () C:\Users\Dani\AppData\Local\gtk-2.0
2014-11-30 17:28 - 2014-11-08 19:28 - 00152400 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 17:26 - 2006-11-02 07:47 - 03852544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 23:14 - 2014-10-26 16:33 - 00001889 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-11-23 18:32 - 2013-06-16 16:24 - 00000000 ____D () C:\Program Files\Coupons
2014-11-23 18:31 - 2013-06-16 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-11-22 12:11 - 2014-10-27 21:19 - 00002039 _____ () C:\Users\Dani\Desktop\Google Chrome.lnk
2014-11-22 04:49 - 2014-06-16 21:59 - 00000000 ____D () C:\Users\Dani\AppData\Local\Firestorm
2014-11-22 02:48 - 2014-08-23 01:00 - 00000000 ____D () C:\Users\Dani\AppData\Local\Adobe
2014-11-21 06:14 - 2014-07-10 13:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-07-10 13:01 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2009-09-28 13:36 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 20:57 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-11-16 22:09 - 2014-11-02 00:34 - 00002587 _____ () C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
2014-11-16 18:23 - 2014-07-06 15:37 - 00000000 ____D () C:\Users\Dani\AppData\Local\Windows Live
2014-11-13 02:32 - 2012-04-20 17:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-13 02:32 - 2008-01-20 23:24 - 00000000 ____D () C:\Temp

Files to move or delete:
====================
C:\ProgramData\unrar.exe


Some content of TEMP:
====================
C:\Users\Dani\AppData\Local\Temp\HPPSdr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 14 December 2014 - 02:16 PM

Using the Add/Remove programs applet remove this application.
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Extension: (Google Wallet) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\Dani\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 mdf16; \??\C:\Users\Dani\AppData\Local\Temp\mdf16.sys [X]
S3 mvd23; \??\C:\Users\Dani\AppData\Local\Temp\mvd23.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 szkg5; system32\DRIVERS\szkg.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
C:\Users\Dani\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx 

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 cutesydani

cutesydani
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 14 December 2014 - 03:46 PM

what about when I want to print coupons again and it needs me to download it again? can I do that?



#8 cutesydani

cutesydani
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 14 December 2014 - 05:05 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014
Ran by Dani at 2014-12-14 15:54:22 Run:1
Running from C:\Users\Dani\Desktop
Loaded Profile: Dani (Available profiles: Dani & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2362492244-592162793-2811047119-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Extension: (Google Wallet) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR HKU\S-1-5-21-2362492244-592162793-2811047119-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\Dani\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-11-21]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 mdf16; \??\C:\Users\Dani\AppData\Local\Temp\mdf16.sys [X]
S3 mvd23; \??\C:\Users\Dani\AppData\Local\Temp\mvd23.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 szkg5; system32\DRIVERS\szkg.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
C:\Users\Dani\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx

End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2362492244-592162793-2811047119-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKU\S-1-5-21-2362492244-592162793-2811047119-1000\SOFTWARE\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj" => Key deleted successfully.
C:\Users\Dani\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx => Moved successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
is3srv => Service deleted successfully.
Lbd => Service deleted successfully.
mdf16 => Service deleted successfully.
mvd23 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
szkg5 => Service deleted successfully.
szkgfs => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
vmci => Service deleted successfully.
VMnetAdapter => Service deleted successfully.
vpnva => Service deleted successfully.
"C:\Users\Dani\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====



#9 cutesydani

cutesydani
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 14 December 2014 - 05:43 PM

 Results of screen317's Security Check version 0.99.93  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 5 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 71  
 Java 8 Update 25  
 Adobe Flash Player     16.0.0.235  
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (34.0.5)
 Google Chrome 38.0.2125.111 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#10 cutesydani

cutesydani
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 14 December 2014 - 07:14 PM

site still comes up :(



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 15 December 2014 - 09:11 AM

What about when I want to print coupons again and it needs me to download it again? can I do that?


When all is well you can re-install it.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.12 Adobe Reader out of Date!

<<<>>>

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

How is the computer now?

#12 cutesydani

cutesydani
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 15 December 2014 - 10:45 PM

still redirects :(



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 16 December 2014 - 09:35 AM

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Reset your router if you are using one. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html

Keep me posted.

#14 cutesydani

cutesydani
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 16 December 2014 - 07:42 PM

I think it may be fixed.......



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 17 December 2014 - 09:44 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users