Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome pop ups to bad sites


  • Please log in to reply
5 replies to this topic

#1 BabylonHoruv

BabylonHoruv

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 14 June 2015 - 09:10 PM

I am running Windows 8.1.  When I use google chrome whenever I click on the scroll bar a new window will pop up.  Mostly for website hosting sites, Avast pings them as bad sites.  I have run malwarebytes and avast scans and removed all chrome extensions 



BC AdBot (Login to Remove)

 


m

#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:03:42 AM

Posted 15 June 2015 - 03:29 AM

Hello,

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

-----

 

Download AdwCleaner by "Xplode", and save it on Desktop. 

 

* Double click to run program. 

* Click on [Scan] button and wait for program to finish. 

* Click on button [Clean].

Program will close all active windows. Click Ok to confirm. 

* After restart log will appear (C:\AdwCleaner[S0].txt). Copy log into this topic.

 

------

 

How to get MBAM log:

 

§  Open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 BabylonHoruv

BabylonHoruv
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 15 June 2015 - 11:45 AM

Thank you very much for helping me.  Here are the logs.

 

Mini Tool Box results.

 

 

 

MiniToolBox by Farbar Version: 11-05-2015 01
Ran by frances (administrator) on 15-06-2015 at 12:11:39
Running from "C:\Users\frances\Downloads"
Microsoft Windows 8.1 (X64)
Model: HP Pavilion 17 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : BGTOY
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : B0-10-41-BB-9D-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter
Physical Address. . . . . . . . . : B0-10-41-BB-9D-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2607:fcc8:c882:7400:21d2:7ef1:1128:61ea(Preferred)
Temporary IPv6 Address. . . . . . : 2607:fcc8:c882:7400:443b:f394:747d:e64b(Preferred)
Link-local IPv6 Address . . . . . : fe80::21d2:7ef1:1128:61ea%4(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, June 15, 2015 10:57:15 AM
Lease Expires . . . . . . . . . . : Monday, June 15, 2015 12:57:15 PM
Default Gateway . . . . . . . . . : fe80::92c7:92ff:fee2:cec7%4
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 78647361
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-01-41-55-8C-DC-D4-74-69-0C
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 8C-DC-D4-74-69-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:ca5:8b1:3f57:fff9(Preferred)
Link-local IPv6 Address . . . . . : fe80::ca5:8b1:3f57:fff9%7(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 318767104
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-01-41-55-8C-DC-D4-74-69-0C
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{3C778400-93A2-4030-86A6-932EFAC17F92}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61
 

 

adwcleaner results

 

 

 

# AdwCleaner v4.206 - Logfile created 15/06/2015 at 12:21:21
# Updated 01/06/2015 by Xplode
# Database : 2015-06-14.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : frances - BGTOY
# Running from : C:\Users\frances\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\ded0e36a000044f4
Folder Deleted : C:\Users\frances\AppData\Local\pokki
File Deleted : C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Deleted : C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKLM\SOFTWARE\59798bb7-42e3-7432-6599-811177105fe6
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124

[C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://homepage-web.com/?s=hp&m=home
[C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 92619661B58BE37337E46C34DAE159CBADCB5560411123A4ECF869CECAE839CD"},"software_reporter":{"prompt_reason":"B2DB5F9B7F74977CE0F30D1C913FD63F85EBA425FDB723E0B7A9AF97D06EDC9E","prompt_seed":"25028160F47660A6DBA40EF6959BE06E655CB60CC75DB2188CC90EA6C1B894F2","prompt_version":"043D132DD9B93BCC9B77B0D0A4E44BAB79FEF1642F61068F04243FE6C06FC62E"},"sync":{"remaining_rollback_tries":"BDE76B4C121E9F7B55A204B3539F164B8AD3B6EBF9597EC8BF5BDA2A52D550F9"}},"super_mac":"E2542AA4E1975CBDAD76992D1B5536FDCD4A40E93E7AF2C2C85D0EA2E9431C63"},"session":{"restore_on_startup":5,"restore_on_startup_migrated":null,"startup_urls":["hxxp://homepage-web.com/?s=hp&m=start

*************************

AdwCleaner[R0].txt - [3510 bytes] - [15/06/2015 12:18:00]
AdwCleaner[S0].txt - [3357 bytes] - [15/06/2015 12:21:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3416 bytes] ##########

 

 

And MalwareBytes

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/8/2015
Scan Time: 6:38:57 PM
Logfile: MALWAREBYTES.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.08.05
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: frances

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348778
Time Elapsed: 20 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 8
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugincontainer.exe, 1568, Delete-on-Reboot, [a69f9424ec9e87af23941065d82e946c]
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\8\Plugin.exe, 3268, Delete-on-Reboot, [6dd8892f3c4ebb7b04b3581da066ca36]
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\5\Plugin.exe, 4844, Delete-on-Reboot, [4bfaa810f9912c0aefc82c494abca060]
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\4\Plugin.exe, 7668, Delete-on-Reboot, [89bc3286b6d4a591f9be5d1845c11be5]
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\3\Plugin.exe, 3056, Delete-on-Reboot, [54f1fabe7b0f64d22f880d68749223dd]
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\3\Plugin.exe, 6404, Delete-on-Reboot, [54f1fabe7b0f64d22f880d68749223dd]
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\2\Plugin.exe, 1168, Delete-on-Reboot, [e75effb977131a1ce3d454218e7853ad]
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Common Files\68f7eaff-0da4-47f4-8262-425ca2a087dd\updater.exe, 7204, Delete-on-Reboot, [2f167741206a8da9aa0d700527df926e]

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.CrazyScore.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr CrazyScore, Quarantined, [a69f9424ec9e87af23941065d82e946c],
PUP.Optional.CrazyScore.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr CrazyScore, Quarantined, [2f167741206a8da9aa0d700527df926e],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f439aa7e-a2a0-4635-99a2-164180e848ca}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{f439aa7e-a2a0-4635-99a2-164180e848ca}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{31d48cad-f6d9-411a-a0c9-c1f051511a86}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B81A3063-CE6C-4F9A-AEBD-5DDD0EA805A0}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B81A3063-CE6C-4F9A-AEBD-5DDD0EA805A0}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B81A3063-CE6C-4F9A-AEBD-5DDD0EA805A0}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{31d48cad-f6d9-411a-a0c9-c1f051511a86}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{31d48cad-f6d9-411a-a0c9-c1f051511a86}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F439AA7E-A2A0-4635-99A2-164180E848CA}, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Crazy Score, Quarantined, [92b3892f424838fecceb99dc0bfb29d7],
PUP.Optional.CrazyScore.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{cfd32d46-7d3f-483f-bace-7172aec5592d}, Quarantined, [92b3892f424838fecceb99dc0bfb29d7],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [ec59cdeb1278f541b7d483026d9851af],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Quarantined, [ca7b06b28604cd690bd54d369e679d63],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [ad983f790981b3831b70d9ac9d687987],
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64C81366-D6FF-11E4-8275-8CDCD474690C}, Quarantined, [93b24870d8b20e28126c21ca06fd3fc1],
PUP.Optional.ProductSetup.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\PRODUCTSETUP, Quarantined, [3a0ba315672365d1d08589feb45152ae],
PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\SUPER OPTIMIZER, Quarantined, [af96fdbb35550e287b9d31557b8ad22e],

Registry Values: 9
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [ec59cdeb1278f541b7d483026d9851af]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [ad983f790981b3831b70d9ac9d687987]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64C81366-D6FF-11E4-8275-8CDCD474690C}|FaviconURL, http://homepage-web.com/favicon.ico, Quarantined, [93b24870d8b20e28126c21ca06fd3fc1]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64C81366-D6FF-11E4-8275-8CDCD474690C}|FaviconURLFallback, http://homepage-web.com/favicon.ico, Quarantined, [b68fb80099f1d75f423cfbf0a55e59a7]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64C81366-D6FF-11E4-8275-8CDCD474690C}|TopResultURL, http://search.homepage-web.com/?src=omnibox&partner=hp&q={searchTerms}, Quarantined, [8bba4d6b602a62d4f98545a6c73cbd43]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64C81366-D6FF-11E4-8275-8CDCD474690C}|URL, http://search.homepage-web.com/?src=omnibox&partner=hp&q={searchTerms}, Quarantined, [64e1a11705855adc532bd615b84b16ea]
PUP.Optional.ProductSetup.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\PRODUCTSETUP|tb, Quarantined, [3a0ba315672365d1d08589feb45152ae],
PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\SUPER OPTIMIZER|SetupName, C:\Users\frances\AppData\Local\Temp\is1107330353\7754DF34_stp\SuperOptimizer.exe, Quarantined, [af96fdbb35550e287b9d31557b8ad22e]
PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-673409094-3649548947-863032199-1002\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, http://supc4.superpctools.revenuewire.net/spu/register?221001849_EC68EFA0-C02F-4028-8DDA-1AED3778A0CF, Quarantined, [162fb1076e1c280e33dceb98a362a759]

Registry Data: 0
(No malicious items detected)

Folders: 20
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd, Delete-on-Reboot, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugincontainer, Quarantined, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins, Delete-on-Reboot, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\2, Delete-on-Reboot, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\2bak, Quarantined, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\3, Delete-on-Reboot, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\3bak, Quarantined, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\4, Delete-on-Reboot, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\4bak, Quarantined, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\5, Delete-on-Reboot, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\5bak, Quarantined, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\8, Delete-on-Reboot, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\8bak, Quarantined, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Common Files\68f7eaff-0da4-47f4-8262-425ca2a087dd, Delete-on-Reboot, [6ed71a9e2466d165a48429beff0438c8],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Common Files\68f7eaff-0da4-47f4-8262-425ca2a087dd\updater, Quarantined, [6ed71a9e2466d165a48429beff0438c8],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Crazy Score, Quarantined, [95b02d8b3f4b0a2cd0592abdde256799],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Crazy Score\Extensions, Quarantined, [95b02d8b3f4b0a2cd0592abdde256799],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [063f5f590f7b0b2b6edefaee8d76ef11],
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkjcdmkhlaipielecdlhcnbdpabange\1.0.5628.26460_0, Quarantined, [df66c3f52862a690db381f59c2444fb1],
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkjcdmkhlaipielecdlhcnbdpabange, Quarantined, [df66c3f52862a690db381f59c2444fb1],

Files: 29
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugincontainer.exe, Delete-on-Reboot, [a69f9424ec9e87af23941065d82e946c],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\8\Plugin.exe, Delete-on-Reboot, [6dd8892f3c4ebb7b04b3581da066ca36],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\5\Plugin.exe, Delete-on-Reboot, [4bfaa810f9912c0aefc82c494abca060],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\4\Plugin.exe, Delete-on-Reboot, [89bc3286b6d4a591f9be5d1845c11be5],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\3\Plugin.exe, Delete-on-Reboot, [54f1fabe7b0f64d22f880d68749223dd],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\2\Plugin.exe, Delete-on-Reboot, [e75effb977131a1ce3d454218e7853ad],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Common Files\68f7eaff-0da4-47f4-8262-425ca2a087dd\updater.exe, Delete-on-Reboot, [2f167741206a8da9aa0d700527df926e],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Crazy Score\Extensions\f439aa7e-a2a0-4635-99a2-164180e848ca.dll, Quarantined, [f154b206addd7abc1942cb96c241fe02],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugincontainer.bak, Quarantined, [d66f269202882d0914a3ed88a36347b9],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\2bak\Plugin.exe, Quarantined, [7dc8991f3654d165991eed8832d4ae52],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\3bak\Plugin.exe, Quarantined, [b88d9226a5e57eb8c9ee4d2836d022de],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\4bak\Plugin.exe, Quarantined, [7fc68f293456cc6ab007c1b49b6b847c],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\5bak\Plugin.exe, Quarantined, [7bca6751cac04aeca017cda8ea1c9f61],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\plugins\8bak\Plugin.exe, Quarantined, [cd78d5e34545cf67b601f67f65a1ce32],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Crazy Score\Uninstaller.exe, Quarantined, [92b3892f424838fecceb99dc0bfb29d7],
PUP.Optional.InstallCore, C:\Users\frances\Downloads\BitTorrent Setup (1).exe, Quarantined, [cc7906b27812c5719c704135df27e51b],
PUP.Optional.InstallCore, C:\Users\frances\Downloads\BitTorrent Setup.exe, Quarantined, [143188308406979fd537f87ee323738d],
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_crazyscore-a.akamaihd.net_0.localstorage, Delete-on-Reboot, [40052d8b3a50a294a27d0edc08fbf50b],
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_crazyscore-a.akamaihd.net_0.localstorage-journal, Delete-on-Reboot, [d075d4e4cfbb1d1947d862884eb50ff1],
PUP.Optional.PricePeep.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Delete-on-Reboot, [f94ca414c0cac17571c3ae3caf544fb1],
PUP.Optional.PricePeep.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Delete-on-Reboot, [51f4e1d7e3a739fdae86f9f10df6857b],
PUP.Optional.CrazyScore.A, C:\ProgramData\68f7eaff-0da4-47f4-8262-425ca2a087dd\temp, Quarantined, [5ee7af09c0cac6708b9ca54212f14fb1],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Common Files\68f7eaff-0da4-47f4-8262-425ca2a087dd\updater.bak, Quarantined, [6ed71a9e2466d165a48429beff0438c8],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Crazy Score\7za.exe, Quarantined, [95b02d8b3f4b0a2cd0592abdde256799],
PUP.Optional.CrazyScore.A, C:\Program Files (x86)\Crazy Score\Extensions\bfkjcdmkhlaipielecdlhcnbdpabange.crx, Quarantined, [95b02d8b3f4b0a2cd0592abdde256799],
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkjcdmkhlaipielecdlhcnbdpabange\1.0.5628.26460_0\manifest.json, Quarantined, [df66c3f52862a690db381f59c2444fb1],
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkjcdmkhlaipielecdlhcnbdpabange\1.0.5628.26460_0\background.js, Quarantined, [df66c3f52862a690db381f59c2444fb1],
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkjcdmkhlaipielecdlhcnbdpabange\1.0.5628.26460_0\content.js, Quarantined, [df66c3f52862a690db381f59c2444fb1],
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkjcdmkhlaipielecdlhcnbdpabange\1.0.5628.26460_0\icon.png, Quarantined, [df66c3f52862a690db381f59c2444fb1],

Physical Sectors: 0
(No malicious items detected)


(end)


#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:03:42 AM

Posted 15 June 2015 - 05:00 PM

You didn't copy to me whole MiniToolBox report. Some parts are missing.

 

Run MBAM once more:

 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

--------

 

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by severac, 15 June 2015 - 05:03 PM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 BabylonHoruv

BabylonHoruv
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 16 June 2015 - 02:00 AM

Mini Tool box again.  This is all there was.

 

 

MiniToolBox by Farbar  Version: 11-05-2015 01

Ran by frances (administrator) on 15-06-2015 at 12:11:39
Running from "C:\Users\frances\Downloads"
Microsoft Windows 8.1  (X64)
Model: HP Pavilion 17 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : BGTOY
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : B0-10-41-BB-9D-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter
   Physical Address. . . . . . . . . : B0-10-41-BB-9D-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2607:fcc8:c882:7400:21d2:7ef1:1128:61ea(Preferred) 
   Temporary IPv6 Address. . . . . . : 2607:fcc8:c882:7400:443b:f394:747d:e64b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::21d2:7ef1:1128:61ea%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, June 15, 2015 10:57:15 AM
   Lease Expires . . . . . . . . . . : Monday, June 15, 2015 12:57:15 PM
   Default Gateway . . . . . . . . . : fe80::92c7:92ff:fee2:cec7%4
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 78647361
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-01-41-55-8C-DC-D4-74-69-0C
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 8C-DC-D4-74-69-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:ca5:8b1:3f57:fff9(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::ca5:8b1:3f57:fff9%7(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-01-41-55-8C-DC-D4-74-69-0C
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{3C778400-93A2-4030-86A6-932EFAC17F92}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Name:    google.com
Addresses:  2607:f8b0:400c:c06::65
 74.125.141.101
 74.125.141.102
 74.125.141.113
 74.125.141.100
 74.125.141.138
 74.125.141.139
 
 
Pinging google.com [2607:f8b0:400c:c06::65] with 32 bytes of data:
Reply from 2607:f8b0:400c:c06::65: time=62ms 
Reply from 2607:f8b0:400c:c06::65: time=64ms 
 
Ping statistics for 2607:f8b0:400c:c06::65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 64ms, Average = 63ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=141ms TTL=45
Reply from 206.190.36.45: bytes=32 time=134ms TTL=45
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 134ms, Maximum = 141ms, Average = 137ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...b0 10 41 bb 9d fd ......Microsoft Wi-Fi Direct Virtual Adapter
  4...b0 10 41 bb 9d fd ......Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter
  3...8c dc d4 74 69 0c ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.6     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.6    286
      192.168.0.6  255.255.255.255         On-link       192.168.0.6    286
    192.168.0.255  255.255.255.255         On-link       192.168.0.6    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.6    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.6    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    286 ::/0                     fe80::92c7:92ff:fee2:cec7
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:6abd:ca5:8b1:3f57:fff9/128
                                    On-link
  4    286 2607:fcc8:c882:7400::/64 On-link
  4    286 2607:fcc8:c882:7400:21d2:7ef1:1128:61ea/128
                                    On-link
  4    286 2607:fcc8:c882:7400:443b:f394:747d:e64b/128
                                    On-link
  4    286 fe80::/64                On-link
  7    306 fe80::/64                On-link
  7    306 fe80::ca5:8b1:3f57:fff9/128
                                    On-link
  4    286 fe80::21d2:7ef1:1128:61ea/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    286 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/15/2015 10:57:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43617766
 
Error: (06/15/2015 10:57:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43617766
 
Error: (06/15/2015 10:57:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/09/2015 07:03:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4183563
 
Error: (06/09/2015 07:03:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4183563
 
Error: (06/09/2015 07:03:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/09/2015 03:43:36 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (06/09/2015 02:42:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 52054453
 
Error: (06/09/2015 02:42:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 52054453
 
Error: (06/09/2015 02:42:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/14/2015 09:52:02 PM) (Source: DCOM) (User: BGTOY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (06/14/2015 09:51:55 PM) (Source: DCOM) (User: BGTOY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (06/14/2015 09:51:54 PM) (Source: DCOM) (User: BGTOY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (06/14/2015 09:51:47 PM) (Source: DCOM) (User: BGTOY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (06/14/2015 09:51:47 PM) (Source: DCOM) (User: BGTOY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (06/14/2015 09:51:43 PM) (Source: DCOM) (User: BGTOY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (06/14/2015 09:51:39 PM) (Source: DCOM) (User: BGTOY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (06/14/2015 09:51:39 PM) (Source: DCOM) (User: BGTOY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (06/09/2015 07:05:00 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (06/09/2015 07:04:59 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
 
Microsoft Office Sessions:
=========================
Error: (06/15/2015 10:57:09 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43617766
 
Error: (06/15/2015 10:57:09 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43617766
 
Error: (06/15/2015 10:57:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/09/2015 07:03:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4183563
 
Error: (06/09/2015 07:03:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4183563
 
Error: (06/09/2015 07:03:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/09/2015 03:43:36 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (06/09/2015 02:42:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 52054453
 
Error: (06/09/2015 02:42:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 52054453
 
Error: (06/09/2015 02:42:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C3E5B3AF-12F2-9E42-B493-9490DC745953}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOL (HKCU\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.4 - Pokki)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
BitTorrent 2015 Packages (HKCU\...\BitTorrent 2015 Packages) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKCU\...\Pokki) (Version: 0.269.7.660 - Pokki)
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.08 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{E9FA2CA2-B7B2-43E6-8449-A1618B042EAE}) (Version: 1.1.3 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.08 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.08 - Softex Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Start Menu (HKCU\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 55%
Total physical RAM: 3519.5 MB
Available physical RAM: 1564.76 MB
Total Pagefile: 4671.5 MB
Available Pagefile: 1920.35 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.15 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:676.55 GB) (Free:615.2 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:21.06 GB) (Free:2.08 GB) NTFS
3 Drive e: (Feb 07 2015) (CDROM) (Total:0.69 GB) (Free:0.64 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\BGTOY
 
Administrator            frances                  Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
18-05-2015 03:35:12 Windows Update
03-06-2015 06:08:08 Scheduled Checkpoint
08-06-2015 20:15:49 Windows Update
09-06-2015 20:42:49 avast! antivirus system restore point
15-06-2015 02:23:25 Windows Update
 
**** End of log ****
 

 

MalwareBytes

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 6/16/2015
Scan Time: 1:16:11 AM
Logfile: MALWAREBYTES2.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.16.02
Rootkit Database: v2015.06.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: frances
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348489
Time Elapsed: 22 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [40226655b1d938fe19fdb9d60203768a], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_crazyscore-a.akamaihd.net_0.localstorage, Quarantined, [e67cf8c3f9917cba56709f5206fdd828], 
PUP.Optional.CrazyScore.A, C:\Users\frances\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_crazyscore-a.akamaihd.net_0.localstorage-journal, Quarantined, [d78bbb00c9c152e4626444ad52b13ac6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

Eset found nothing



#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:03:42 AM

Posted 16 June 2015 - 03:20 AM

Please, look for Chrome extension called CrazyScore. If you can find it, uninstall it. 

Go to Control Panel and uninstall next programs:

AOL

Host App Service

Start Menu


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users