Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware infection (adultyum.info)


  • Please log in to reply
2 replies to this topic

#1 KuroShiro

KuroShiro

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 25 March 2015 - 10:51 PM

I was just browsing the web then suddenly I got redirected to this website (adultyum.info) .  (Started happening today)
When I'm using google (searching for stuff) I don't get redirected to adultyum, but when I started opening websites aside from google, I get redirected. :(
There's like 70-80% chance I'll get redirected.
I tried scanning with malwarebytes but it found nothing.

Edit:  I tried resetting my ie back to default and I no longer get redirected to adultyum. Not sure if it's really fixed. Will observe for a day.




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Levi (administrator) on LEVI-PC on 26-03-2015 11:06:13
Running from C:\Users\Levi\Desktop
Loaded Profiles: Levi (Available profiles: Levi & Administrator)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Ginger Software) C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4298808 2014-02-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-662598926-731074878-913923748-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-662598926-731074878-913923748-1000\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4110992 2014-02-16] (Speedbit Ltd.)
HKU\S-1-5-21-662598926-731074878-913923748-1000\...\MountPoints2: {caf9d9f7-9b44-11e3-a314-8c89a507b92d} - E:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-03] (NVIDIA Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47464;https=127.0.0.1:47464
HKU\S-1-5-21-662598926-731074878-913923748-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?ocid=iehp
HKU\S-1-5-21-662598926-731074878-913923748-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ph/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2012-04-19] (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {5347542D-5637-006A-76A7-7A786E7484D7} ->  No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll [2014-02-16] (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 168.95.192.1 168.95.1.1

FireFox:
========
FF ProfilePath: C:\Users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\ssybdicm.default
FF SearchEngineOrder.1: default-search.net
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-20] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-20] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Levi\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [2014-09-09] (Ginger Software)
FF Plugin HKU\S-1-5-21-662598926-731074878-913923748-1000: @catalinahub.com/CatalinaGroup Update;version=3 -> C:\Users\Levi\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll No File
FF Plugin HKU\S-1-5-21-662598926-731074878-913923748-1000: @catalinahub.com/CatalinaGroup Update;version=9 -> C:\Users\Levi\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll No File
FF Plugin HKU\S-1-5-21-662598926-731074878-913923748-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Levi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-662598926-731074878-913923748-1000: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [2014-09-09] (Ginger Software)
FF Extension: Avira Browser Safety - C:\Users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\ssybdicm.default\Extensions\abs@avira.com [2014-10-07]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2014-07-26]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: Ginger - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2014-07-26]
FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-20]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-20]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-20]
FF HKU\S-1-5-21-662598926-731074878-913923748-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Levi\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Levi\AppData\Roaming\IDM\idmmzcc5 [2013-12-09]
FF HKU\S-1-5-21-662598926-731074878-913923748-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2014-02-16]
FF HKU\S-1-5-21-662598926-731074878-913923748-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Levi\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\ssybdicm.default\extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> speedbit.com
CHR DefaultSearchURL: Default -> http://go.speedbit.com/search.aspx?s=DB5aya1&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-01]
CHR Extension: (Google Drive) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (YouTube) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-01]
CHR Extension: (Google Search) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-20]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-02-01]
CHR Extension: (Avira Browser Safety) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Nishikino Maki) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalkfnidcmbphdkkmdeojadoaelomkfh [2014-10-28]
CHR Extension: (Google Wallet) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR Extension: (Gmail) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2014-02-16]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-11-14] (EasyAntiCheat Ltd)
R2 GingerUpdateService; C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [280976 2014-09-09] (Ginger Software)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5206216 2013-10-04] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-07] () [File not signed]
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4298808 2014-02-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-07] (Bigfoot Networks, Inc.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-22] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-01-20] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-01-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0117.sys [28768 2014-02-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-04-09] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-04-09] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31400 2014-04-09] (Razer Inc)
R3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-02-24] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 TesSafe; C:\Windows\system32\TesSafe.sys [969696 2014-04-07] (TENCENT)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 11:06 - 2015-03-26 11:07 - 00029519 _____ () C:\Users\Levi\Desktop\FRST.txt
2015-03-26 11:05 - 2015-03-26 11:06 - 00000000 ____D () C:\FRST
2015-03-26 11:04 - 2015-03-26 11:05 - 02095616 _____ (Farbar) C:\Users\Levi\Desktop\FRST64.exe
2015-03-26 08:00 - 2015-03-26 08:00 - 00000000 ____D () C:\Windows\pss
2015-03-26 06:18 - 2015-03-26 06:30 - 47945756 _____ () C:\Users\Levi\Desktop\Shinmai-Maou-no-Testament-Episode-12.mp4
2015-03-22 13:44 - 2015-03-22 14:01 - 51111402 _____ () C:\Users\Levi\Desktop\Koufuku-Graffiti-Episode-11.mp4
2015-03-22 05:51 - 2015-03-22 06:36 - 84714028 _____ () C:\Users\Levi\Desktop\Rolling-Girls-Episode-11.mp4
2015-03-21 06:05 - 2015-03-21 07:12 - 74047972 _____ () C:\Users\Levi\Desktop\Ansatsu-Kyoubleepsu-TV-Episode-9.mp4
2015-03-21 06:04 - 2015-03-21 07:02 - 60096890 _____ () C:\Users\Levi\Desktop\Garo-Honoo-no-Kokuin-Episode-23.mp4
2015-03-21 06:04 - 2015-03-21 06:57 - 53710510 _____ () C:\Users\Levi\Desktop\The-iDOLMASTER-Cinderella-Girls-Episode-10.mp4
2015-03-21 06:04 - 2015-03-21 06:49 - 39806072 _____ () C:\Users\Levi\Desktop\Shirobako-Episode-23.mp4
2015-03-21 06:04 - 2015-03-21 06:44 - 67011933 _____ () C:\Users\Levi\Desktop\Ansatsu-Kyoubleepsu--TV--Episode-10.mp4
2015-03-21 06:01 - 2015-03-26 08:43 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Levi
2015-03-20 19:49 - 2015-03-20 19:49 - 01349054 _____ () C:\Users\Levi\Desktop\appcompat.rar
2015-03-20 06:03 - 2015-03-20 06:39 - 60195293 _____ () C:\Users\Levi\Desktop\Soukyuu-no-Fafner-Dead-Aggressor-Exodus-Episode-11.mp4
2015-03-19 22:18 - 2015-03-19 22:24 - 97750541 _____ () C:\Users\Levi\Desktop\Miiro Cover.mp4
2015-03-19 20:23 - 2015-03-19 20:40 - 28860498 _____ () C:\Users\Levi\Desktop\Kantai Collection_ KanColle Opening.mp4
2015-03-19 20:13 - 2015-03-19 20:13 - 00002672 _____ () C:\Users\Levi\Documents\Register Vegas Pro.htm
2015-03-19 19:31 - 2015-03-19 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-19 18:30 - 2015-03-19 18:40 - 68544754 _____ () C:\Users\Levi\Desktop\Seitokai-Yakuindomo-OVA-Episode-3.mp4
2015-03-18 14:22 - 2015-03-18 14:22 - 00000000 ____D () C:\Users\Levi\Desktop\Mth
2015-03-17 16:50 - 2015-03-17 17:01 - 00000000 ____D () C:\Users\Levi\.android
2015-03-17 16:50 - 2015-03-17 16:50 - 00000827 _____ () C:\Users\Levi\Desktop\eclipse - Shortcut.lnk
2015-03-17 16:48 - 2015-03-21 17:19 - 00000000 ____D () C:\Users\Levi\Desktop\Levi
2015-03-17 16:16 - 2015-03-19 22:26 - 00000000 ____D () C:\Users\Levi\Desktop\Miiro
2015-03-17 16:16 - 2015-03-17 16:17 - 00000000 ____D () C:\Users\Levi\Desktop\adt-bundle-windows-x86-20140702-FIXED
2015-03-15 15:58 - 2015-03-15 16:19 - 59940849 _____ () C:\Users\Levi\Desktop\Koufuku-Graffiti-Episode-10.mp4
2015-03-15 06:24 - 2015-03-15 07:04 - 69495791 _____ () C:\Users\Levi\Desktop\Rolling-Girls-Episode-10.mp4
2015-03-14 05:47 - 2015-03-14 06:17 - 48168968 _____ () C:\Users\Levi\Desktop\The-iDOLMASTER-Cinderella-Girls-Episode-9.mp4
2015-03-14 05:47 - 2015-03-14 06:11 - 64608554 _____ () C:\Users\Levi\Desktop\Garo-Honoo-no-Kokuin-Episode-22.mp4
2015-03-13 06:03 - 2015-03-13 06:26 - 45710834 _____ () C:\Users\Levi\Desktop\Shirobako-Episode-22.mp4
2015-03-10 21:44 - 2015-03-19 22:00 - 00000000 ____D () C:\Users\Levi\Desktop\New folder
2015-03-08 14:59 - 2015-03-08 15:27 - 78138285 _____ () C:\Users\Levi\Desktop\Koufuku-Graffiti-Episode-9.mp4
2015-03-07 05:58 - 2015-03-07 06:22 - 39362125 _____ () C:\Users\Levi\Desktop\The-iDOLMASTER-Cinderella-Girls-Episode-8.mp4
2015-03-06 22:54 - 2015-03-06 23:00 - 42756653 _____ () C:\Users\Levi\Desktop\Shirobako-Episode-21.mp4
2015-03-03 17:56 - 2015-03-03 17:57 - 07854103 _____ () C:\Users\Levi\Desktop\ES-GMO1.pptx
2015-03-03 06:25 - 2015-03-03 07:02 - 57179672 _____ () C:\Users\Levi\Desktop\The-iDOLMSTER-Cinderella-Girls-Episode-3.mp4
2015-03-03 06:21 - 2015-03-03 06:53 - 49438888 _____ () C:\Users\Levi\Desktop\Garo-Honoo-no-Kokuin-Episode-19.mp4
2015-03-03 06:21 - 2015-03-03 06:45 - 48374053 _____ () C:\Users\Levi\Desktop\Garo-Honoo-no-Kokuin-Episode-18.mp4
2015-03-01 20:04 - 2015-03-02 17:32 - 07849516 _____ () C:\Users\Levi\Desktop\ES - GMO.pptx
2015-03-01 06:45 - 2015-03-01 07:26 - 59124696 _____ () C:\Users\Levi\Desktop\Koufuku-Graffiti-Episode-8.mp4
2015-02-28 22:35 - 2015-02-28 22:49 - 96725372 _____ () C:\Users\Levi\Desktop\Rolling-Girls-Episode-7.mp4
2015-02-28 06:49 - 2015-02-28 07:23 - 42522888 _____ () C:\Users\Levi\Desktop\Garo-Honoo-no-Kokuin-Episode-20.mp4
2015-02-27 06:31 - 2015-02-27 07:03 - 45889880 _____ () C:\Users\Levi\Desktop\Shirobako-Episode-20.mp4
2015-02-26 19:36 - 2015-03-17 16:32 - 00000000 ____D () C:\Users\Levi\Desktop\ES PLANT
2015-02-25 14:46 - 2015-02-26 19:17 - 00000000 ____D () C:\Users\Levi\Desktop\LT 3 MA
2015-02-25 14:24 - 2015-02-25 14:24 - 00536365 _____ () C:\Users\Levi\Desktop\LT-3-Handouts.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 11:05 - 2014-12-05 11:26 - 00000000 ____D () C:\Users\Levi\Desktop\Docs
2015-03-26 11:04 - 2014-02-22 19:50 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-03-26 11:00 - 2014-08-12 21:00 - 00000911 _____ () C:\Windows\Tasks\EPSON L120 Series Update {3298762A-389F-4F65-9B06-8EA74A30F614}.job
2015-03-26 11:00 - 2014-08-12 21:00 - 00000725 _____ () C:\Windows\Tasks\EPSON L120 Series Invitation {3298762A-389F-4F65-9B06-8EA74A30F614}.job
2015-03-26 11:00 - 2009-07-14 13:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-26 10:54 - 2013-12-03 06:49 - 00000934 _____ () C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-662598926-731074878-913923748-1000UA.job
2015-03-26 10:44 - 2013-12-03 08:32 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 10:04 - 2013-10-24 17:06 - 01354230 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 08:51 - 2009-07-14 12:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 08:51 - 2009-07-14 12:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 08:48 - 2013-10-24 18:11 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\GarenaPlus
2015-03-26 08:48 - 2013-10-24 18:11 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-03-26 08:45 - 2013-11-05 21:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-26 08:45 - 2013-10-24 17:30 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-03-26 08:43 - 2015-01-20 18:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-26 08:43 - 2013-12-03 08:32 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 08:43 - 2009-07-14 12:51 - 00112213 _____ () C:\Windows\setupact.log
2015-03-26 08:42 - 2013-10-24 17:34 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-03-26 08:42 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 08:41 - 2010-11-21 11:47 - 00428556 _____ () C:\Windows\PFRO.log
2015-03-26 08:40 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Branding
2015-03-26 08:13 - 2014-08-14 18:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 08:11 - 2014-01-20 17:25 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-03-26 07:42 - 2013-11-05 17:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-26 06:56 - 2014-02-19 19:06 - 00000000 ____D () C:\Users\Levi\AppData\Local\Battle.net
2015-03-26 06:54 - 2013-12-03 06:49 - 00000882 _____ () C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-662598926-731074878-913923748-1000Core.job
2015-03-26 06:46 - 2013-10-27 21:09 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\vlc
2015-03-25 20:22 - 2014-02-19 19:20 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-25 19:24 - 2014-02-19 19:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-25 13:13 - 2013-10-24 17:34 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-03-25 06:37 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-21 17:20 - 2009-07-14 13:13 - 00876042 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 16:48 - 2013-10-24 17:58 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-03-19 19:31 - 2014-07-04 16:59 - 00000000 ____D () C:\Users\Levi\AppData\Local\Sony
2015-03-19 19:30 - 2014-07-04 16:58 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\Sony
2015-03-19 16:45 - 2013-12-09 22:19 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\DMCache
2015-03-18 22:02 - 2013-12-09 22:19 - 00000000 ____D () C:\Users\Levi\Downloads\Video
2015-03-18 18:09 - 2014-03-08 14:54 - 00000000 ____D () C:\Users\Levi\Documents\Signature Banner
2015-03-17 16:50 - 2013-10-24 17:06 - 00000000 ____D () C:\Users\Levi
2015-03-13 18:04 - 2014-09-17 18:06 - 00000000 ____D () C:\Users\Levi\Documents\Visual Studio 2010
2015-03-13 07:48 - 2013-11-17 21:23 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\Audacity
2015-03-08 16:18 - 2014-12-03 19:48 - 00000000 ____D () C:\Users\Levi\Desktop\ES
2015-03-05 19:26 - 2013-11-03 09:05 - 00000000 ____D () C:\Guitar
2015-03-04 13:45 - 2013-11-04 17:06 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\uTorrent
2015-03-01 20:16 - 2014-12-16 22:02 - 00000000 ____D () C:\Users\Levi\Desktop\ES PROJ
2015-02-24 04:17 - 2010-11-21 11:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-07-16 03:02 - 2014-07-16 03:03 - 0942850 _____ () C:\Program Files (x86)\translation.bin
2014-07-16 03:02 - 2014-07-16 03:03 - 0182272 _____ () C:\Program Files (x86)\translator.dll
2014-03-06 18:00 - 2014-10-29 00:30 - 0000132 _____ () C:\Users\Levi\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-05-03 19:12 - 2012-05-03 19:12 - 0000532 _____ () C:\Users\Levi\AppData\Local\datos.txt
2013-12-03 20:54 - 2014-01-04 11:17 - 0007603 _____ () C:\Users\Levi\AppData\Local\Resmon.ResmonCfg
2014-04-07 12:25 - 2014-04-07 12:25 - 0000040 _____ () C:\ProgramData\DT0001.dat

Files to move or delete:
====================
C:\ProgramData\DT0001.dat

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Levi\AppData\Local\Temp\avgnt.exe
C:\Users\Levi\AppData\Local\Temp\BRSVC_351573993_hlp.exe
C:\Users\Levi\AppData\Local\Temp\BTSync.exe
C:\Users\Levi\AppData\Local\Temp\cabex.dll
C:\Users\Levi\AppData\Local\Temp\DAPREMOVE.EXE
C:\Users\Levi\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Levi\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Levi\AppData\Local\Temp\elsph_patch_20131018to20131024.exe
C:\Users\Levi\AppData\Local\Temp\elsph_patch_20131024to20131025.exe
C:\Users\Levi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Levi\AppData\Local\Temp\IeSearchProvider7855304446139348726.exe
C:\Users\Levi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Levi\AppData\Local\Temp\lowproc.exe
C:\Users\Levi\AppData\Local\Temp\ose00000.exe
C:\Users\Levi\AppData\Local\Temp\ose00002.exe
C:\Users\Levi\AppData\Local\Temp\PH314_131114to131127v3.exe
C:\Users\Levi\AppData\Local\Temp\PH_131127to131217v315v2.exe
C:\Users\Levi\AppData\Local\Temp\PH_131217to140110.exe
C:\Users\Levi\AppData\Local\Temp\PH_140110to140121v2.exe
C:\Users\Levi\AppData\Local\Temp\PH_140121to140212v2.exe
C:\Users\Levi\AppData\Local\Temp\PH_140212to140214.exe
C:\Users\Levi\AppData\Local\Temp\PH_140214to140220.exe
C:\Users\Levi\AppData\Local\Temp\PH_140220to140306.exe
C:\Users\Levi\AppData\Local\Temp\PH_140306to140307.exe
C:\Users\Levi\AppData\Local\Temp\PH_140307to140325.exe
C:\Users\Levi\AppData\Local\Temp\PH_140325to140401v2.exe
C:\Users\Levi\AppData\Local\Temp\PH_140401to140409.exe
C:\Users\Levi\AppData\Local\Temp\PH_140409to140410.exe
C:\Users\Levi\AppData\Local\Temp\PH_140410to140429.exe
C:\Users\Levi\AppData\Local\Temp\PH_140429to140430.exe
C:\Users\Levi\AppData\Local\Temp\PH_140430to140513.exe
C:\Users\Levi\AppData\Local\Temp\PH_140513to140529.exe
C:\Users\Levi\AppData\Local\Temp\PH_140529to140610v2.exe
C:\Users\Levi\AppData\Local\Temp\PH_140610to140624.exe
C:\Users\Levi\AppData\Local\Temp\PH_140624to140708v2.exe
C:\Users\Levi\AppData\Local\Temp\PH_140708to140722.exe
C:\Users\Levi\AppData\Local\Temp\PH_140722to140805.exe
C:\Users\Levi\AppData\Local\Temp\PH_140805to140819.exe
C:\Users\Levi\AppData\Local\Temp\PH_140819to140903.exe
C:\Users\Levi\AppData\Local\Temp\PH_140903to140916.exe
C:\Users\Levi\AppData\Local\Temp\PH_140916to140930.exe
C:\Users\Levi\AppData\Local\Temp\PH_140930to141003.exe
C:\Users\Levi\AppData\Local\Temp\PH_141003to141014.exe
C:\Users\Levi\AppData\Local\Temp\PH_141014to141021.exe
C:\Users\Levi\AppData\Local\Temp\PH_141021to141111.exe
C:\Users\Levi\AppData\Local\Temp\PH_141111to141118.exe
C:\Users\Levi\AppData\Local\Temp\PH_141118to141119.exe
C:\Users\Levi\AppData\Local\Temp\PH_141119to141125.exe
C:\Users\Levi\AppData\Local\Temp\PH_141125to141215.exe
C:\Users\Levi\AppData\Local\Temp\PH_141215to141223.exe
C:\Users\Levi\AppData\Local\Temp\PH_141223to150109.exe
C:\Users\Levi\AppData\Local\Temp\PH_150109to150121.exe
C:\Users\Levi\AppData\Local\Temp\PH_150121to150203.exe
C:\Users\Levi\AppData\Local\Temp\PH_150203to150213.exe
C:\Users\Levi\AppData\Local\Temp\PH_150213to150223.exe
C:\Users\Levi\AppData\Local\Temp\PH_150223to150303.exe
C:\Users\Levi\AppData\Local\Temp\PH_150303to150317.exe
C:\Users\Levi\AppData\Local\Temp\PH_313hotfix_131104to131114.exe
C:\Users\Levi\AppData\Local\Temp\PH_313_131016to131104v2.exe
C:\Users\Levi\AppData\Local\Temp\RunWizards.exe
C:\Users\Levi\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Levi\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Levi\AppData\Local\Temp\SetupUtils6.dll
C:\Users\Levi\AppData\Local\Temp\SimilarBundleGenericDl.exe
C:\Users\Levi\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Levi\AppData\Local\Temp\stubhelper.dll
C:\Users\Levi\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Levi\AppData\Local\Temp\TXPltSafeInit.dll
C:\Users\Levi\AppData\Local\Temp\Uninstaller-3744.exe
C:\Users\Levi\AppData\Local\Temp\UnityWebPlayer3261192926107753031.exe
C:\Users\Levi\AppData\Local\Temp\UNT4FEE.exe
C:\Users\Levi\AppData\Local\Temp\_isE33.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-25 11:53

==================== End Of Log ============================

Attached Files


Edited by KuroShiro, 26 March 2015 - 05:44 AM.


BC AdBot (Login to Remove)

 


m

#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:47 AM

Posted 26 March 2015 - 08:39 AM

KuroShiro,

 

Welcome to the forum.

 

Please check to see if adultyum has modified your DNS settings using the DNSCHECK tool from F-Secure:
https://www.ismydnshijacked.com/

 

Press: Start test

 

What is the Verdict?
Any DNS hijacking detected?

 

 

 

Since adultyum.info may have come along with Trojan Poweliks, let's do a check with the ESET Poweliks Cleaner

http://download.eset.com/special/ESETPoweliksCleaner.exe
 

Download to the Desktop, and double-click to run it.

If Poweliks is detected, press: Y (on the keyboard)

 

Please post the results of the two checks above.

 

Thanks


Old duck...


#3 KuroShiro

KuroShiro
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 01 April 2015 - 09:34 AM

Hi, the adultyum didn't appear again ,but I want to make sure my system doesn't have any virus.

First Check
Uncertain 
Since all the results were Google inc. I guess there's no hijacking (I'm using google's dns server)

Second Check

No Poweliks detected.

Thanks


 


Edited by KuroShiro, 01 April 2015 - 09:35 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users