Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with adulttube.info/community & Most of websites keep redirecting to it


  • This topic is locked This topic is locked
7 replies to this topic

#1 gauravrawat

gauravrawat

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 16 April 2015 - 05:47 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by dell (administrator) on DELL-PC on 16-04-2015 16:08:22
Running from C:\Users\dell\Downloads
Loaded Profiles: dell (Available profiles: dell)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\dell\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Akamai Technologies, Inc.) C:\Users\dell\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-23] (AMD)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-01-26] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [uTorrent] => C:\Users\dell\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-26] (BitTorrent Inc.)
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [LightShot] => C:\Users\dell\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-28] ()
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [RGSC] => E:\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [Google Update] => C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-31] (Google Inc.)
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [Akamai NetSession Interface] => C:\Users\dell\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\MountPoints2: {a40ab085-42e7-11e4-8a6a-a41f72675b6d} - H:\.\ShowModem.exe
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3528454666-2620316319-789348031-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-19] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-18] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-19] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-18] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.163.64.81 8.8.8.8
Tcpip\..\Interfaces\{7D0013EC-A0EE-4D0C-9D79-0AA7E590C454}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\4vw0j830.default
FF Homepage: hxxp://google.co.in/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [2013-10-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll [2013-10-03] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3528454666-2620316319-789348031-1000: @tools.google.com/Google Update;version=3 -> C:\Users\dell\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3528454666-2620316319-789348031-1000: @tools.google.com/Google Update;version=9 -> C:\Users\dell\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3528454666-2620316319-789348031-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-09] (Unity Technologies ApS)
FF Extension: Test Pilot - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\4vw0j830.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-08-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-09-14]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-14]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-09-14]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com [2013-09-14]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com [2013-09-14]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Profile 2 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (YouTube) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-14]
CHR Extension: (Sprucemarks) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fakeocdnmmmnokabaiflppclocckihoj [2015-03-10]
CHR Extension: (Google Sheets) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Badoo Notifications Extension) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gngmhdpofjbdiecihebaaooakicnjjmc [2015-03-17]
CHR Extension: (Safe Money) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-01-14]
CHR Extension: (Content Blocker) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-01-14]
CHR Extension: (Virtual Keyboard) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2015-01-14]
CHR Extension: (Skype Click to Call) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-14]
CHR Extension: (Kaspersky Protection) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-01-14]
CHR Extension: (Ge tt) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nflehelhgpjjhfiigceaplnmgiblnclo [2015-02-27]
CHR Extension: (Google Wallet) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Online Call of Duty 4) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohofkabaocibnnbndnkhimohkaoieboe [2015-04-05]
CHR Extension: (Gmail) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR Extension: (Anti-Banner) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-14]
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (YouTube) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-14]
CHR Extension: (Skype Click to Call) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-14]
CHR Extension: (Kaspersky Protection) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Gmail) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-01-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\ab.crx [2013-01-15]
StartMenuInternet: Google Chrome.JJSW7J3LFMH2IUTKQIUBVRLJPQ - C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1425097074&from=wpc&uid=WDCXWD5000AAKX-75U6AA0_WD-WCC2EX05416154161

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 Change Modem Device Service; C:\ProgramData\ChgService.exe [114688 2012-04-13] () [File not signed]
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [276248 2012-12-08] (Intel Corporation) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2012-12-08] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-08] (McAfee, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186560 2015-01-31] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-10-02] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-01-26] (Razer Inc.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-04-16] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2012-12-08] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WMZuneComm; D:\ZUNE\WMZuneComm.exe [306400 2011-08-06] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
S3 ZuneNetworkSvc; D:\ZUNE\ZuneNss.exe [8277728 2011-08-06] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; D:\ZUNE\ZuneWlanCfgSvc.exe [467680 2011-08-06] (Microsoft Corporation)
S2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [X]
S2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-08] (McAfee, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2011-09-15] (QUALCOMM Incorporated)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-04-16] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-16] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-23] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-08] (McAfee, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-01-31] (Razer, Inc.)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 16:08 - 2015-04-16 16:08 - 00027196 _____ () C:\Users\dell\Downloads\FRST.txt
2015-04-16 16:05 - 2015-04-16 16:08 - 00000000 ____D () C:\FRST
2015-04-16 16:03 - 2015-04-16 16:05 - 02097664 _____ (Farbar) C:\Users\dell\Downloads\FRST64.exe
2015-04-16 15:44 - 2015-04-16 15:44 - 00000000 ____D () C:\ProgramData\Razer
2015-04-16 15:15 - 2015-04-16 15:29 - 46627408 _____ () C:\Users\dell\Downloads\BDPUARLauncher.exe
2015-04-16 14:40 - 2015-04-16 14:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-16 14:40 - 2015-04-16 14:40 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-16 14:40 - 2015-04-16 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-16 14:40 - 2015-04-16 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-16 14:40 - 2015-04-16 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-16 14:40 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-16 14:40 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-16 14:40 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-16 14:25 - 2015-04-16 14:39 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\dell\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-16 14:25 - 2015-04-16 14:31 - 02686088 _____ (Thisisu) C:\Users\dell\Downloads\JRT.exe
2015-04-16 14:05 - 2015-04-16 14:05 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-04-16 13:55 - 2015-04-16 14:05 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-04-16 13:53 - 2015-04-16 13:58 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-16 13:49 - 2015-04-16 13:56 - 00000000 ____D () C:\AdwCleaner
2015-04-16 13:46 - 2015-04-16 13:48 - 02217984 _____ () C:\Users\dell\Downloads\adwcleaner_4.201.exe
2015-04-16 13:37 - 2015-04-16 13:53 - 43120431 _____ () C:\Users\dell\Downloads\Spyhunter 4.17 patch.rar
2015-04-16 13:30 - 2015-04-16 13:30 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-16 12:59 - 2015-04-16 12:59 - 00000000 ____D () C:\ProgramData\ATI
2015-04-16 12:51 - 2015-04-16 12:51 - 00000000 _____ () C:\autoexec.bat
2015-04-16 12:50 - 2015-04-16 14:05 - 00003332 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-04-16 12:50 - 2015-04-16 14:05 - 00002282 _____ () C:\Users\dell\Desktop\SpyHunter.lnk
2015-04-16 12:50 - 2015-04-16 14:05 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-04-16 12:50 - 2015-04-16 12:50 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Enigma Software Group
2015-04-16 12:48 - 2015-04-16 12:50 - 00000000 ____D () C:\sh4ldr
2015-04-16 12:36 - 2015-04-16 12:36 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-04-16 12:34 - 2015-04-16 12:34 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-16 12:33 - 2015-04-16 12:34 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\dell\Downloads\SpyHunter-Installer.exe
2015-04-14 11:44 - 2015-04-14 11:44 - 00000219 _____ () C:\Users\dell\Desktop\Dota 2.url
2015-04-13 17:35 - 2015-04-13 17:37 - 00000000 ____D () C:\Users\dell\Desktop\New folder
2015-04-11 09:12 - 2015-04-11 09:12 - 00000000 ____D () C:\Users\dell\Tracing
2015-04-05 15:55 - 2015-04-05 15:55 - 00688842 _____ () C:\Users\dell\Downloads\gw (1).pwn
2015-04-04 20:08 - 2015-04-04 20:10 - 01788513 _____ () C:\Users\dell\Downloads\mysql-r34-win.rar
2015-04-04 19:56 - 2015-04-04 19:56 - 00006888 _____ () C:\Users\dell\Downloads\toribio.txt
2015-04-04 19:50 - 2015-04-04 19:53 - 01787289 _____ () C:\Users\dell\Downloads\mysql-r33-win.rar
2015-04-04 18:29 - 2015-04-04 18:29 - 00000000 ____D () C:\Users\dell\AppData\Local\Steam
2015-04-04 12:01 - 2012-11-03 10:36 - 00000000 ____D () C:\Users\dell\Desktop\Project ZMA MySQL
2015-04-04 11:54 - 2015-04-04 11:57 - 02496042 _____ () C:\Users\dell\Downloads\Project ZMA MySQL (1).rar
2015-04-04 10:55 - 2015-04-04 10:55 - 00074774 _____ () C:\Users\dell\Downloads\sscanf.rar
2015-04-04 10:53 - 2015-04-04 10:53 - 00006089 _____ () C:\Users\dell\Downloads\dutils_1_10.zip
2015-04-04 10:52 - 2015-04-04 10:52 - 00003063 _____ () C:\Users\dell\Downloads\dini_1_6.zip
2015-04-04 10:50 - 2015-04-04 10:51 - 00300803 _____ () C:\Users\dell\Downloads\irc_plugin_v1_4_6_non_ssl.zip
2015-04-04 10:46 - 2015-04-16 12:47 - 00000000 ____D () C:\Users\dell\Desktop\New Gamemode
2015-04-04 10:45 - 2015-04-04 10:45 - 00000000 ____D () C:\Users\dell\Downloads\samp03z_svr_R1_win32 (1)
2015-04-04 10:43 - 2015-04-04 10:44 - 01975133 _____ () C:\Users\dell\Downloads\samp03z_svr_R1_win32 (1).zip
2015-04-03 20:37 - 2015-04-03 20:37 - 00000000 ____D () C:\Users\dell\Documents\Assassin's Creed III
2015-04-03 20:37 - 2015-04-03 20:37 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Theta
2015-04-03 19:58 - 2015-04-03 19:58 - 00000625 _____ () C:\Users\dell\Desktop\Assassin's Creed III.lnk
2015-04-03 19:58 - 2015-04-03 19:58 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Assassin's Creed III
2015-04-03 19:58 - 2015-04-03 19:58 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-04-03 19:35 - 2015-04-03 19:35 - 00000000 ____D () C:\Users\dell\Documents\Criterion Games
2015-04-03 19:34 - 2015-04-03 19:34 - 00002171 _____ () C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
2015-04-03 19:29 - 2015-04-03 19:29 - 00000000 ____D () C:\Program Files (x86)\EA Games
2015-04-03 19:26 - 2015-04-03 19:26 - 00000000 ____D () C:\Users\dell\AppData\Roaming\TeraCopy
2015-03-31 10:29 - 2015-03-31 10:29 - 00000004 _____ () C:\Users\dell\Desktop\ss.txt
2015-03-30 21:39 - 2015-04-16 15:44 - 00002800 _____ () C:\Windows\setupact.log
2015-03-30 21:39 - 2015-03-30 21:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-29 20:18 - 2015-03-29 20:22 - 05777027 _____ () C:\Users\dell\Downloads\GRAND.THEFT.AUTO.S.A.V1.0.ENG.HOODLUM.NOCD.ZIP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 16:03 - 2013-08-31 05:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528454666-2620316319-789348031-1000UA.job
2015-04-16 15:52 - 2009-07-14 10:15 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-16 15:52 - 2009-07-14 10:15 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-16 15:49 - 2013-08-31 05:21 - 00000000 ____D () C:\Users\dell\AppData\Roaming\uTorrent
2015-04-16 15:49 - 2013-08-25 05:36 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Skype
2015-04-16 15:49 - 2013-08-25 02:50 - 01471628 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 15:48 - 2013-09-14 16:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-16 15:47 - 2014-03-15 13:25 - 00000000 ___RD () C:\Users\dell\Dropbox
2015-04-16 15:47 - 2014-03-15 13:21 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Dropbox
2015-04-16 15:45 - 2013-09-03 07:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-16 15:44 - 2014-09-27 19:31 - 00000356 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2015-04-16 15:44 - 2013-08-25 04:32 - 00167772 _____ () C:\Windows\PFRO.log
2015-04-16 15:44 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-16 15:43 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\Vss
2015-04-16 15:01 - 2015-03-16 18:09 - 00000000 ____D () C:\Program Files (x86)\IncludeInstance
2015-04-16 14:30 - 2013-08-30 23:41 - 00000501 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-16 13:38 - 2013-08-25 02:53 - 00000000 ____D () C:\Users\dell\AppData\Roaming\vlc
2015-04-16 13:27 - 2015-02-26 18:24 - 00004286 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6699F67C-067D-4602-84B1-082D556D6225}
2015-04-16 12:39 - 2015-03-05 17:25 - 00000020 _____ () C:\Users\dell\AppData\Roaming\appdataFr3.bin
2015-04-16 12:03 - 2013-08-31 05:30 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528454666-2620316319-789348031-1000Core.job
2015-04-16 11:50 - 2013-09-03 01:42 - 00000000 ____D () C:\Users\dell\AppData\Roaming\FileZilla
2015-04-16 01:48 - 2013-08-25 03:38 - 00276503 _____ () C:\Windows\DirectX.log
2015-04-14 11:44 - 2013-09-03 08:38 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-11 22:04 - 2013-08-30 08:29 - 00000000 ____D () C:\Users\dell\AppData\Local\Microsoft Games
2015-04-11 11:27 - 2013-08-25 02:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-11 09:12 - 2013-08-25 02:47 - 00000000 ____D () C:\Users\dell
2015-04-10 10:13 - 2014-12-07 20:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-07 14:01 - 2013-08-30 23:51 - 00007633 _____ () C:\Users\dell\AppData\Local\resmon.resmoncfg
2015-04-06 14:18 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-03 22:21 - 2009-07-14 10:43 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 09:39 - 2014-12-24 15:30 - 00000222 _____ () C:\Users\dell\Desktop\Dead Island Epidemic.url
2015-03-30 20:50 - 2014-03-15 21:05 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2014-06-26 09:21 - 2014-09-05 18:42 - 0000132 _____ () C:\Users\dell\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-05 17:25 - 2015-04-16 12:39 - 0000020 _____ () C:\Users\dell\AppData\Roaming\appdataFr3.bin
2014-06-24 21:35 - 2014-06-25 14:25 - 0001456 _____ () C:\Users\dell\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-08-30 23:51 - 2015-04-07 14:01 - 0007633 _____ () C:\Users\dell\AppData\Local\resmon.resmoncfg
2013-09-22 01:31 - 2013-09-22 01:31 - 0000003 _____ () C:\Users\dell\AppData\Local\updater.log
2013-09-22 01:31 - 2013-10-10 21:56 - 0000439 _____ () C:\Users\dell\AppData\Local\UserProducts.xml
2014-09-23 11:40 - 2012-04-13 14:49 - 0114688 _____ () C:\ProgramData\ChgService.exe

Files to move or delete:
====================
C:\ProgramData\ChgService.exe


Some content of TEMP:
====================
C:\Users\dell\AppData\Local\Temp\drm_dialogs.dll
C:\Users\dell\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\dell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk4bt9z.dll
C:\Users\dell\AppData\Local\Temp\GUR57A0.exe
C:\Users\dell\AppData\Local\Temp\mcitinfo_1377830077.exe
C:\Users\dell\AppData\Local\Temp\Quarantine.exe
C:\Users\dell\AppData\Local\Temp\sqlite3.dll
C:\Users\dell\AppData\Local\Temp\ubiB595.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 12:03

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:03 AM

Posted 20 April 2015 - 09:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKU\S-1-5-21-3528454666-2620316319-789348031-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Sprucemarks) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fakeocdnmmmnokabaiflppclocckihoj [2015-03-10]
StartMenuInternet: Google Chrome.JJSW7J3LFMH2IUTKQIUBVRLJPQ - C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1425097074&from=wpc&uid=WDCXWD5000AAKX-75U6AA0_WD-WCC2EX05416154161
S2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [X]
S2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
C:\Users\dell\AppData\Local\Temp\drm_dialogs.dll
C:\Users\dell\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\dell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk4bt9z.dll
C:\Users\dell\AppData\Local\Temp\GUR57A0.exe
C:\Users\dell\AppData\Local\Temp\mcitinfo_1377830077.exe
C:\Users\dell\AppData\Local\Temp\Quarantine.exe
C:\Users\dell\AppData\Local\Temp\sqlite3.dll
C:\Users\dell\AppData\Local\Temp\ubiB595.tmp.exe
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\Users\dell\Application Data:NT
AlternateDataStreams: C:\Users\dell\Application Data:NT2
AlternateDataStreams: C:\Users\dell\AppData\Roaming:NT
AlternateDataStreams: C:\Users\dell\AppData\Roaming:NT2
C:\Users\dell\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fakeocdnmmmnokabaiflppclocckihoj

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Chrome has been compromised. I suggest that you remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#3 gauravrawat

gauravrawat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 21 April 2015 - 12:38 AM

Files are attached below.

Thanks for the reply !

 

 

Edit:
The adultube isn't poping up frequently but it hasn't stopped yet. Sometimes it show up sometimes it don't.

Edit:
its comming frequntly again.

Attached Files


Edited by gauravrawat, 21 April 2015 - 04:59 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:03 AM

Posted 21 April 2015 - 07:36 AM

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Hoe is it now?

#5 gauravrawat

gauravrawat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 21 April 2015 - 08:30 AM

Fine for now after reset. Can you tell me what to do with steam ? Steam got that adultube redirect too.

 

 

Edit:
Problem still there it was like a temperorary fix but it came back


Edited by gauravrawat, 21 April 2015 - 10:23 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:03 AM

Posted 21 April 2015 - 01:35 PM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:03 AM

Posted 27 April 2015 - 08:09 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:03 AM

Posted 03 May 2015 - 07:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users