Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware causing redirects/link creation on posts. Pop ups as well


  • This topic is locked This topic is locked
10 replies to this topic

#1 colt45

colt45

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 04 February 2015 - 03:31 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Colton (administrator) on COLTON-PC on 04-02-2015 13:21:05
Running from C:\Users\Colton\Desktop
Loaded Profiles: Colton (Available profiles: Colton)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKU\S-1-5-21-984496139-4104290956-2516001670-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-09-06] (TrueCrypt Foundation)
HKU\S-1-5-21-984496139-4104290956-2516001670-1000\...\Run: [GoogleChromeAutoLaunch_B465567FA2D47CA077CD21AFC17B3554] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-21-984496139-4104290956-2516001670-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\..\Interfaces\{D6A43EF5-3E38-412D-8E73-4BD40BD94700}: [NameServer] 75.75.75.75,75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (ChromeAccess) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeoigbhkilbllfomkmmilbfochhlgdmh [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Google Drive) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (Turn Off the Lights) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-01-18]
CHR Extension: (WOT) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Facebook Photo Zoom) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfflnfaiajlpmgjmlnoaacmdcedoajdf [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (PanicButton) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-01-16]
CHR Extension: (Google Sheets) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (AdBlock) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-16]
CHR Extension: (Google Play) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-01-16]
CHR Extension: (Turn Off the Lights) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2015-01-16]
CHR Extension: (BugMeNot Lite) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2015-01-16]
CHR Extension: (Tab Sugar (alpha version)) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\libokbfffpaopdjmeofdfpmlanaenaje [2015-01-16]
CHR Extension: (Google Mail Checker) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Hover Zoom) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-01-16]
CHR Extension: (Video Download Manager) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcgjnifdiefhdmgignhfmecbpjbpplmj [2015-02-01]
CHR Extension: (Lockerz PLAY Accelerated) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhdkpcjgcifmkbmmineggpbeahgohj [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
CHR Extension: (Fabulous for Facebook) - C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pndblpepikdomdncmoccjdccbfecikae [2015-01-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-15] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-15] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed]
S2 TrueCryptSystemFavorites; C:\Windows\SysWOW64\TrueCrypt.exe [1516496 2014-09-06] (TrueCrypt Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-12] ()
S3 cpuz137; \??\C:\Users\Colton\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 GPU-Z; \??\C:\Users\Colton\AppData\Local\Temp\GPU-ZPortableTemp\GPU-Z.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 13:21 - 2015-02-04 13:21 - 00014221 _____ () C:\Users\Colton\Desktop\FRST.txt
2015-02-04 13:20 - 2015-02-04 13:21 - 00000000 ____D () C:\FRST
2015-02-04 13:19 - 2015-02-04 13:19 - 02131968 _____ (Farbar) C:\Users\Colton\Desktop\FRST64.exe
2015-02-02 02:46 - 2015-02-02 02:46 - 00014599 _____ () C:\Users\Colton\Desktop\eset.txt
2015-02-01 19:44 - 2015-02-01 19:44 - 02347384 _____ (ESET) C:\Users\Colton\Desktop\esetsmartinstaller_enu.exe
2015-02-01 19:44 - 2015-02-01 19:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-01 19:41 - 2015-02-01 19:41 - 00000630 _____ () C:\Users\Colton\Desktop\JRT.txt
2015-02-01 19:39 - 2015-02-01 19:39 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 19:36 - 2015-02-01 19:36 - 01707939 _____ (Thisisu) C:\Users\Colton\Desktop\JRT.exe
2015-02-01 19:33 - 2015-02-04 13:09 - 00000504 _____ () C:\Windows\setupact.log
2015-02-01 19:33 - 2015-02-04 13:08 - 00000862 _____ () C:\Windows\PFRO.log
2015-02-01 19:33 - 2015-02-01 19:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-01 19:31 - 2015-02-01 19:31 - 00004562 _____ () C:\Users\Colton\Desktop\AdwCleaner[R0].txt
2015-02-01 19:28 - 2015-02-04 13:07 - 00000000 ____D () C:\AdwCleaner
2015-02-01 19:27 - 2015-02-01 19:27 - 02194432 _____ () C:\Users\Colton\Desktop\AdwCleaner.exe
2015-02-01 19:10 - 2015-02-01 19:10 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-01 19:10 - 2015-02-01 19:10 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-01 19:10 - 2015-02-01 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-01 19:10 - 2015-02-01 19:10 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-01 18:49 - 2015-02-01 19:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 18:49 - 2015-02-01 18:49 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-01 18:49 - 2015-02-01 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 18:49 - 2015-02-01 18:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 18:49 - 2015-02-01 18:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 18:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 18:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 18:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 18:46 - 2015-02-01 18:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Colton\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-01 16:02 - 2015-02-01 16:03 - 00000000 ____D () C:\Program Files (x86)\Video Download Manager
2015-02-01 16:01 - 2015-02-04 12:58 - 00000020 _____ () C:\Users\Colton\AppData\Roaming\appdataFr3.bin
2015-01-30 15:53 - 2015-01-30 15:53 - 00000000 ____D () C:\Windows\pss
2015-01-30 15:18 - 2015-01-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Tab Resize split screen layouts
2015-01-24 20:29 - 2015-01-24 20:29 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-24 20:28 - 2015-01-09 15:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-24 20:26 - 2015-01-12 21:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-24 20:26 - 2015-01-10 01:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-24 20:26 - 2015-01-10 01:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-24 19:30 - 2015-01-24 19:30 - 00000000 ____D () C:\Windows\Sun
2015-01-19 15:27 - 2015-01-19 15:27 - 00000000 ____D () C:\Users\Colton\Desktop\Portable
2015-01-16 20:44 - 2015-01-16 20:44 - 00007605 _____ () C:\Users\Colton\AppData\Local\Resmon.ResmonCfg
2015-01-16 20:41 - 2015-01-16 20:41 - 00015370 _____ () C:\Users\Colton\Desktop\SysTrayMeter.zip
2015-01-16 20:41 - 2015-01-16 20:41 - 00000000 ____D () C:\Users\Colton\Desktop\SysTrayMeter
2015-01-16 01:14 - 2015-01-16 01:14 - 00002299 _____ () C:\Users\Colton\Desktop\Chrome App Launcher.lnk
2015-01-16 01:14 - 2015-01-16 01:14 - 00000000 ____D () C:\Users\Colton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 01:07 - 2015-01-16 01:09 - 00001398 __RSH () C:\ProgramData\ntuser.pol
2015-01-16 01:02 - 2015-01-16 01:02 - 00262232 _____ () C:\Users\Colton\Desktop\GoogleUpdate.adm
2015-01-16 00:19 - 2015-01-16 00:19 - 00000000 __SHD () C:\Users\Colton\AppData\Local\EmieBrowserModeList
2015-01-15 20:33 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 20:33 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 20:33 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 20:33 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 20:33 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 20:33 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 20:33 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 20:32 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 20:32 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 20:32 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 20:32 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 20:32 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 20:32 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 20:20 - 2015-02-01 19:01 - 00000000 ____D () C:\Program Files (x86)\Diablo III Server Status
2015-01-15 20:12 - 2015-02-01 19:01 - 00000000 ____D () C:\ProgramData\{fb96ae73-addf-c32b-fb96-6ae73addb9ce}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 13:20 - 2014-09-06 13:04 - 01053368 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 13:16 - 2009-07-13 21:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 13:16 - 2009-07-13 21:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 13:09 - 2014-09-06 12:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 13:09 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 13:08 - 2014-09-05 23:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-02 01:56 - 2014-09-06 12:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 23:37 - 2014-09-08 17:28 - 00000000 ____D () C:\Users\Colton\AppData\Roaming\vlc
2015-02-01 23:37 - 2014-09-08 16:19 - 00000000 ____D () C:\Users\Colton\AppData\Roaming\uTorrent
2015-02-01 21:09 - 2014-09-06 12:58 - 00000000 ____D () C:\Users\Colton\AppData\Roaming\Everything
2015-02-01 19:13 - 2014-09-06 12:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-01 19:12 - 2014-09-07 10:48 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 19:12 - 2014-09-06 14:46 - 00000000 ____D () C:\Windows\Panther
2015-02-01 19:04 - 2010-11-21 00:16 - 00000000 ____D () C:\Windows\CSC
2015-01-24 20:29 - 2014-09-23 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-24 20:29 - 2014-09-05 23:48 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-24 19:28 - 2014-10-19 22:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 19:24 - 2014-10-19 22:33 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 19:23 - 2014-09-06 12:58 - 00000000 ____D () C:\Program Files\Java
2015-01-24 19:22 - 2014-09-06 12:58 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-24 19:22 - 2014-09-06 12:58 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-24 19:22 - 2014-09-06 12:58 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-24 19:22 - 2014-09-06 12:58 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-24 19:21 - 2014-10-19 22:34 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 19:21 - 2014-10-19 22:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 19:21 - 2014-10-19 22:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 19:21 - 2014-10-19 22:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-16 18:56 - 2014-09-05 23:22 - 00064472 _____ () C:\Users\Colton\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-16 18:56 - 2009-07-13 21:45 - 00292552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-16 18:14 - 2014-09-06 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-01-16 01:10 - 2014-09-06 12:57 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 01:10 - 2014-09-06 12:57 - 00000000 ____D () C:\Users\Colton\AppData\Local\Google
2015-01-16 01:04 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-15 23:41 - 2014-09-23 11:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-15 23:41 - 2014-09-23 11:41 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-15 23:41 - 2014-09-23 11:41 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-15 23:41 - 2014-09-23 11:41 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-15 21:02 - 2014-09-06 00:34 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 21:02 - 2009-07-13 22:13 - 00773536 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 21:00 - 2014-09-06 00:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 20:56 - 2014-09-06 00:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 01:07 - 2014-12-24 18:55 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 01:07 - 2014-11-13 18:51 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-10 01:07 - 2014-10-22 22:25 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-10 01:07 - 2014-08-19 21:14 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 01:07 - 2014-08-19 21:14 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 01:07 - 2014-08-19 21:14 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-09 16:30 - 2014-09-05 23:48 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-09 16:30 - 2014-09-05 23:48 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-09 16:29 - 2014-09-05 23:48 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-09 16:29 - 2014-09-05 23:48 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 16:29 - 2014-09-05 23:48 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-09 16:29 - 2014-09-05 23:48 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 12:47 - 2014-09-05 23:48 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2015-02-01 16:01 - 2015-02-04 12:58 - 0000020 _____ () C:\Users\Colton\AppData\Roaming\appdataFr3.bin
2015-01-16 20:44 - 2015-01-16 20:44 - 0007605 _____ () C:\Users\Colton\AppData\Local\Resmon.ResmonCfg
2014-09-06 13:18 - 2014-09-06 13:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Colton\AppData\Local\Temp\Quarantine.exe
C:\Users\Colton\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 17:37
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:57 AM

Posted 08 February 2015 - 08:47 AM

hi colt45,

 

We will get two downloads to use. Adwcleaner and Malwarebytes. MBAM you can keep and use as a antimalware app.

 

1) Adwcleaner:

 

   Please download adwcleaner from here and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab, once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next       reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Note: The log can also be located at C: AdwCleaner AdwCleaner[S0].txt

 

 

2) Malwarebytes:

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the  scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.
 

 


How Can I Reduce My Risk to Malware?


#3 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 14 February 2015 - 09:00 PM

# AdwCleaner v4.110 - Logfile created 14/02/2015 at 18:57:35
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Colton - COLTON-PC
# Running from : C:\Users\Colton\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.99
 
[C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.thesearchpage.info/?pid=20495&r=2015/01/16&hid=2003297146304647893&lg=EN&cc=US&unqvl=74
 
*************************
 
AdwCleaner[R0].txt - [4562 bytes] - [01/02/2015 19:29:05]
AdwCleaner[R1].txt - [1070 bytes] - [04/02/2015 13:02:51]
AdwCleaner[R2].txt - [1186 bytes] - [14/02/2015 18:56:08]
AdwCleaner[S0].txt - [4705 bytes] - [01/02/2015 19:32:14]
AdwCleaner[S1].txt - [1134 bytes] - [04/02/2015 13:07:39]
AdwCleaner[S2].txt - [1116 bytes] - [14/02/2015 18:57:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1175  bytes] ##########


#4 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 14 February 2015 - 11:09 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/14/2015
Scan Time: 7:04:01 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.15.01
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Colton
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327384
Time Elapsed: 12 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
Trojan.Banker, C:\Users\Colton\Desktop\nexus 5 backup\Download\Live And Let Die - Paul McCartney & Win....rar, Quarantined, [bc5665b5f5951a1cdeefad7ff60f6c94], 
PUP.Optional.TheSearchPage.A, C:\Users\Colton\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://websearch.thesearchpage.info/?pid=20495&r=2015/01/16&hid=2003297146304647893&lg=EN&cc=US&unqvl=74" ],), Replaced,[43cfb06a5c2e64d26c66ce2b7f86f709]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:57 AM

Posted 15 February 2015 - 01:09 PM

Next we will do two things. First you will have to uninstall Chrome  via the add/remove programs panel including preferences if asked to delete them.

Reboot machine after the uninstall then reinstall Google Chrome:

 

https://www.google.com/chrome/browser/desktop/

 

Copy/paste whats below in the code box in notepad. Save it as fixlist.txt to your desktop. Start FRST again like you did before except this time press the fix button. Frst will create a new log on your desktop. Fixlog.txt. Please post the log in your reply.

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION

How Can I Reduce My Risk to Malware?


#6 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 February 2015 - 03:44 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Colton at 2015-02-15 13:43:42 Run:1
Running from C:\Users\Colton\Desktop
Loaded Profiles: Colton (Available profiles: Colton)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
 
==== End of Fixlog 13:43:42 ====


#7 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:57 AM

Posted 15 February 2015 - 04:38 PM

Ok you reinstalled Chrome? so hows it looking now?


How Can I Reduce My Risk to Malware?


#8 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 February 2015 - 06:16 PM

Yes I re-installed Chrome, this time the 64bit edition. It didn't prompt to remove preferences, so all my settings are still here, and a lot of extensions I used to have that were missing popped back up as well.  Everything seems to be running great.



#9 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:57 AM

Posted 15 February 2015 - 06:47 PM

Ok great. If all is good on your end you can get one more download that will remove the tools we used then delete itself:

 

   Please download Delfix.exe and save it to your desktop. It will remove the tools and there associated folders/files.

 

    https://toolslib.net/downloads/viewdownload/2-delfix/

 

    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.

    The tool will delete itself once it finishes. You can delete the log it generates.

 

Happy Safe Surfing Out There.


How Can I Reduce My Risk to Malware?


#10 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 February 2015 - 08:13 PM

Thank you.



#11 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:57 AM

Posted 17 February 2015 - 05:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users