Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups and links are redirected!


  • This topic is locked This topic is locked
17 replies to this topic

#1 goldYJTYJ

goldYJTYJ

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 19 June 2015 - 09:57 AM

Hello everyday i get a pop-up from totaladperformce. as you can see on the http://imgur.com/46SMq9c

I have tired to download more then one malware program to find it and get rid off it. but all failed. 

Have also got multipul blue screens with the error 0x0000008E (0xc0000005, 0xc570b67fD, 0xf3cdaae0, 0x00000000) Each time i got the blue screen was when i closed google chrome. 

Help, thank you 

I dont know what to do :/ 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Kim (administrator) on FUUUU on 19-06-2015 16:33:17
Running from C:\Users\Kim\Downloads
Loaded Profiles: Kim (Available Profiles: Kim & Frank & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Gianpaolo Bottin) C:\Program Files\WallpaperSS\WallpaperSS.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3335774972-2199081873-1928884644-1000\...\Run: [WallpaperSS] => C:\Program Files\WallpaperSS\WallpaperSS.exe [454344 2010-11-16] (Gianpaolo Bottin)
HKU\S-1-5-21-3335774972-2199081873-1928884644-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3335774972-2199081873-1928884644-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [294912 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3335774972-2199081873-1928884644-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-3335774972-2199081873-1928884644-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-14]
 
Chrome: 
=======
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11]
CHR Extension: (Google Drive) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-11]
CHR Extension: (YouTube) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-11]
CHR Extension: (Adblock Plus) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-20]
CHR Extension: (Google Search) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-11]
CHR Extension: (Cinem Plus 2.4cV01.06) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-06-01]
CHR Extension: (AdBlock) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-11]
CHR Extension: (Toothless) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmoddhicigmjbldpdglkhalagjjiinnl [2015-02-17]
CHR Extension: (Adblock Super) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-20]
CHR Extension: (Google Wallet) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-11]
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (YouTube) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Google Search) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (Cinem Plus 2.4cV01.06) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-06-01]
CHR Extension: (Skype Click to Call) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-24]
CHR Extension: (Google Wallet) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Gmail) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKU\S-1-5-21-3335774972-2199081873-1928884644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-10-22] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1073216 2011-03-30] (Broadcom Corporation)
S3 EagleXNt; C:\Windows\system32\drivers\EagleXNt.sys [554368 2014-01-14] (AhnLab, Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [245504 2005-11-03] (Ralink Technology, Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-11-05] (Windows ® Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\NAVEX15.SYS [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 16:33 - 2015-06-19 16:34 - 00016968 _____ C:\Users\Kim\Downloads\FRST.txt
2015-06-19 16:32 - 2015-06-19 16:33 - 00000000 ____D C:\FRST
2015-06-19 16:31 - 2015-06-19 16:32 - 01148416 _____ (Farbar) C:\Users\Kim\Downloads\FRST.exe
2015-06-19 15:06 - 2015-06-19 15:06 - 00000000 ____D C:\Users\Kim\Downloads\memtest86-usb
2015-06-19 15:05 - 2015-06-19 15:05 - 05852307 _____ C:\Users\Kim\Downloads\memtest86-usb.zip
2015-06-19 13:50 - 2015-06-19 13:50 - 00159816 _____ C:\Windows\Minidump\Mini061915-02.dmp
2015-06-19 03:26 - 2015-06-19 03:26 - 00159896 _____ C:\Windows\Minidump\Mini061915-01.dmp
2015-06-13 00:46 - 2015-06-13 00:46 - 00007785 _____ C:\Users\Kim\Downloads\TPM20-ACPITABL.zip
2015-06-13 00:06 - 2015-06-13 00:06 - 00164941 _____ C:\Users\Kim\Downloads\WBICreator (1).zip
2015-06-13 00:06 - 2015-06-13 00:06 - 00000000 ____D C:\Users\Kim\Downloads\WBICreator (1)
2015-06-13 00:04 - 2015-06-13 00:04 - 00000000 ____D C:\Users\Kim\Downloads\Vista
2015-06-13 00:02 - 2015-06-13 00:15 - 00000000 ____D C:\Users\Kim\Desktop\Vista 2.9
2015-06-12 20:35 - 2015-06-12 23:58 - 2783166763 _____ C:\Users\Kim\Downloads\install.wim
2015-06-12 20:35 - 2015-06-12 20:48 - 133129475 _____ C:\Users\Kim\Downloads\boot.wim
2015-06-12 20:35 - 2015-06-12 20:43 - 85177872 _____ (Microsoft Corporation) C:\Users\Kim\Downloads\X14-63452 (1).exe
2015-06-11 14:59 - 2015-06-11 14:59 - 00000766 _____ C:\Users\Public\Desktop\UltraISO.lnk
2015-06-11 14:59 - 2015-06-11 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-06-11 14:59 - 2015-06-11 14:59 - 00000000 ____D C:\Program Files\Common Files\EZB Systems
2015-06-11 14:58 - 2015-06-11 14:59 - 00000000 ____D C:\Program Files\UltraISO
2015-06-11 14:58 - 2015-06-11 14:58 - 04384520 _____ (EZB Systems, Inc. ) C:\Users\Kim\Downloads\uiso9_pe.exe
2015-06-11 14:58 - 2015-06-11 14:58 - 00000000 ____D C:\Users\Kim\Documents\My ISO Files
2015-06-11 03:18 - 2015-05-21 16:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-11 03:18 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-11 03:18 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 03:00 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-11 03:00 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-11 03:00 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-11 03:00 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-11 03:00 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 11:32 - 2015-06-13 00:48 - 00001905 _____ C:\Windows\diagwrn.xml
2015-06-10 11:32 - 2015-06-13 00:48 - 00001905 _____ C:\Windows\diagerr.xml
2015-06-10 11:15 - 2015-06-10 11:15 - 00000000 ____D C:\Users\Kim\New Folder
2015-06-10 11:15 - 2015-06-10 11:15 - 00000000 ____D C:\Users\Kim\Desktop\Outpatch
2015-06-10 11:14 - 2015-06-10 11:35 - 00000000 ____D C:\Users\Kim\Desktop\Vista USB
2015-06-10 11:07 - 2015-06-10 11:11 - 85177872 _____ (Microsoft Corporation) C:\Users\Kim\Downloads\X14-63452.exe
2015-06-10 10:48 - 2015-06-10 10:48 - 01089027 _____ (pendrivelinux.com) C:\Users\Kim\Downloads\Universal-USB-Installer-1.9.6.0.exe
2015-06-10 10:17 - 2015-06-10 10:17 - 00000000 ____D C:\Users\Kim\AppData\Roaming\ImgBurn
2015-06-10 10:14 - 2015-06-10 10:14 - 00001624 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-06-10 10:14 - 2015-06-10 10:14 - 00001612 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2015-06-10 10:14 - 2015-06-10 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-06-10 10:14 - 2015-06-10 10:14 - 00000000 ____D C:\Program Files\ImgBurn
2015-06-10 09:58 - 2015-06-10 10:00 - 00000000 ____D C:\Users\Kim\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-06-10 09:58 - 2015-06-10 09:58 - 00002309 _____ C:\Users\Kim\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-06-10 09:58 - 2015-06-10 09:58 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-06-10 09:34 - 2015-06-10 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2015-06-10 09:34 - 2015-06-10 09:34 - 00000000 ____D C:\Program Files\Magical Jelly Bean
2015-06-10 09:32 - 2015-06-10 09:32 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Kim\Downloads\KeyFinderInstaller.exe
2015-06-10 07:19 - 2015-05-31 02:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 07:19 - 2015-05-31 01:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 07:19 - 2015-05-31 01:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 07:19 - 2015-05-31 01:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 07:19 - 2015-05-31 01:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 07:19 - 2015-05-31 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 07:19 - 2015-05-31 01:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 07:19 - 2015-05-31 01:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 07:19 - 2015-05-31 01:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 07:19 - 2015-05-31 01:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 07:19 - 2015-05-31 01:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 07:19 - 2015-05-31 01:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 07:19 - 2015-05-31 01:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-10 07:19 - 2015-05-31 01:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 07:19 - 2015-05-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 07:19 - 2015-05-31 01:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 07:19 - 2015-05-31 01:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-10 07:19 - 2015-05-31 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 07:19 - 2015-05-31 01:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 07:19 - 2015-05-31 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 07:19 - 2015-05-31 01:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-10 07:19 - 2015-05-31 01:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-05 13:44 - 2015-06-05 13:44 - 00000000 ____D C:\Users\Kim\Documents\ProcAlyzer Dumps
2015-06-05 02:18 - 2015-06-04 23:43 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts.20150605-021816.backup
2015-06-05 00:06 - 2015-06-19 15:47 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-06-05 00:06 - 2015-06-17 00:53 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-06-05 00:06 - 2015-06-05 13:11 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-06-05 00:06 - 2015-06-05 08:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-05 00:06 - 2015-06-05 00:06 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-05 00:06 - 2015-06-05 00:06 - 00001920 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-05 00:06 - 2015-06-05 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-05 00:06 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-06-05 00:05 - 2015-06-05 00:14 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-06-04 22:52 - 2015-06-04 22:52 - 00000792 _____ C:\Users\Kim\Documents\random.txt
2015-06-03 01:39 - 2015-06-03 04:05 - 00000173 _____ C:\Users\Kim\Desktop\bedre til ting.txt
2015-06-03 00:47 - 2015-06-03 00:47 - 00000029 _____ C:\Users\Kim\Documents\cgfndfhxdfh.txt
2015-06-02 02:12 - 2015-06-02 02:12 - 00000799 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2015-06-01 08:22 - 2015-06-01 09:36 - 00000000 ____D C:\Program Files\globalUpdate
2015-06-01 08:22 - 2015-06-01 08:22 - 00000000 ____D C:\Users\Kim\AppData\Local\globalUpdate
2015-05-28 23:25 - 2015-05-28 23:25 - 00159896 _____ C:\Windows\Minidump\Mini052815-01.dmp
2015-05-24 12:32 - 2015-06-05 00:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 12:30 - 2015-05-24 12:30 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-24 12:30 - 2015-05-24 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-24 12:30 - 2015-05-24 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-24 12:30 - 2015-05-24 12:30 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-05-24 12:30 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-24 12:30 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-24 12:30 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-24 12:26 - 2015-05-24 12:27 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Kim\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-24 00:44 - 2015-06-11 22:06 - 00000000 ____D C:\Users\Kim\AppData\Local\CrashDumps
2015-05-22 08:40 - 2015-05-27 10:48 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-05-22 08:40 - 2015-05-22 10:10 - 00000000 ____D C:\ProgramData\RogueKiller
2015-05-22 08:39 - 2015-05-22 08:40 - 16986200 _____ C:\Users\Kim\Downloads\RogueKiller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 16:22 - 2012-08-05 20:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-19 16:08 - 2013-02-19 22:02 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Skype
2015-06-19 15:59 - 2014-03-11 12:09 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 15:51 - 2012-04-13 15:59 - 01904649 _____ C:\Windows\WindowsUpdate.log
2015-06-19 15:48 - 2015-01-25 14:01 - 00002882 _____ C:\Windows\setupact.log
2015-06-19 15:47 - 2014-03-11 12:09 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-19 15:47 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 15:47 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 15:46 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 15:12 - 2006-11-02 15:01 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-19 13:50 - 2015-02-04 20:44 - 216960342 _____ C:\Windows\MEMORY.DMP
2015-06-19 13:50 - 2013-07-23 21:50 - 00000000 ____D C:\Windows\Minidump
2015-06-19 13:19 - 2013-12-22 17:21 - 00000000 ____D C:\Users\Kim\AppData\Local\Battle.net
2015-06-19 00:01 - 2012-04-30 10:49 - 00000000 ____D C:\Users\Kim\AppData\Roaming\mIRC
2015-06-18 19:09 - 2014-10-30 00:36 - 00000000 ____D C:\Program Files\Heroes of the Storm
2015-06-15 22:27 - 2013-12-22 17:23 - 00000000 ____D C:\Program Files\Hearthstone
2015-06-13 10:54 - 2012-09-07 19:01 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Spotify
2015-06-13 10:46 - 2012-09-07 19:02 - 00000000 ____D C:\Users\Frank\AppData\Local\Spotify
2015-06-13 00:46 - 2015-01-25 14:01 - 00000000 _____ C:\Windows\setuperr.log
2015-06-11 14:55 - 2006-11-02 12:33 - 00759542 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 03:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:37 - 2014-12-09 02:20 - 00290856 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:18 - 2013-07-12 18:02 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:03 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-11 00:50 - 2012-05-06 14:56 - 00000000 ____D C:\Fraps
2015-06-11 00:49 - 2014-12-11 04:39 - 00022470 _____ C:\Windows\PFRO.log
2015-06-10 11:15 - 2012-04-13 16:03 - 00000000 ____D C:\Users\Kim
2015-06-10 11:14 - 2012-04-13 16:38 - 00000000 ____D C:\Users\Kim\Desktop\^^
2015-06-10 09:19 - 2012-05-06 14:32 - 00048640 _____ C:\Users\Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-10 09:14 - 2015-04-26 13:28 - 00000000 ____D C:\Users\Kim\AppData\Roaming\vlc
2015-06-10 03:22 - 2012-08-05 20:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 03:22 - 2012-08-05 20:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 20:30 - 2014-08-09 02:23 - 00000198 _____ C:\Users\Kim\Desktop\sdfgsgd.txt
2015-06-05 06:00 - 2014-12-19 12:56 - 00001869 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-05 06:00 - 2014-12-19 12:56 - 00001867 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-05 06:00 - 2014-12-19 12:56 - 00001857 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-05 06:00 - 2014-12-19 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-02 00:38 - 2013-12-22 17:21 - 00000000 ____D C:\Program Files\Battle.net
2015-06-01 08:33 - 2014-03-11 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-01 08:33 - 2013-12-22 17:21 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Battle.net
2015-06-01 08:33 - 2012-04-21 21:35 - 00000000 ____D C:\Users\Frank
2015-06-01 08:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2015-06-01 08:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2015-06-01 08:33 - 2006-11-02 12:22 - 44564480 _____ C:\Windows\system32\config\components_previous
2015-06-01 08:33 - 2006-11-02 12:22 - 41943040 _____ C:\Windows\system32\config\software_previous
2015-06-01 08:33 - 2006-11-02 12:22 - 22020096 _____ C:\Windows\system32\config\system_previous
2015-06-01 08:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-06-01 08:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-06-01 08:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-06-01 08:23 - 2012-04-13 16:32 - 00000000 ____D C:\Program Files\7-Zip
2015-06-01 00:37 - 2012-05-18 22:39 - 00000000 ____D C:\Users\Kim\AppData\Roaming\TS3Client
2015-05-27 14:33 - 2013-02-19 22:01 - 00000000 ____D C:\ProgramData\Skype
2015-05-25 13:29 - 2012-04-13 17:15 - 00000456 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-05-20 17:32 - 2012-05-29 15:25 - 00000000 ____D C:\Program Files\Diablo III
 
==================== Files in the root of some directories =======
 
2012-05-06 14:35 - 2015-04-26 13:27 - 0000027 _____ () C:\Program Files\plugins.dat
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kim\AppData\Roaming\LtEs8AtV3
2012-05-20 22:19 - 2014-06-19 23:29 - 0000796 _____ () C:\Users\Kim\AppData\Roaming\wklnhst.dat
2012-04-13 17:15 - 2015-03-16 23:55 - 0007916 _____ () C:\Users\Kim\AppData\Local\d3d9caps.dat
2012-05-06 14:32 - 2015-06-10 09:19 - 0048640 _____ () C:\Users\Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-12 22:57 - 2014-12-12 22:57 - 0000092 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2009-03-17 02:31 - 2012-06-25 13:41 - 0070161 _____ () C:\ProgramData\nvModes.001
2009-03-17 02:06 - 2012-06-25 13:41 - 0070161 _____ () C:\ProgramData\nvModes.dat
 
Files to move or delete:
====================
C:\Users\Kim\temp.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-19 15:53
 
==================== End of log ============================Attached File  Addition.txt   43.16KB   0 downloads

Edited by goldYJTYJ, 19 June 2015 - 10:00 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 22 June 2015 - 09:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
SearchScopes: HKU\S-1-5-21-3335774972-2199081873-1928884644-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Cinem Plus 2.4cV01.06) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-06-01]
CHR Extension: (Toothless) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmoddhicigmjbldpdglkhalagjjiinnl [2015-02-17]
CHR Extension: (Cinem Plus 2.4cV01.06) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-06-01]
CHR HKU\S-1-5-21-3335774972-2199081873-1928884644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\NAVEX15.SYS [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh
C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmoddhicigmjbldpdglkhalagjjiinnl
C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

How is the computer running now?

#3 goldYJTYJ

goldYJTYJ
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 22 June 2015 - 10:09 AM

After first notepad log, when i open google chrome it reinstalled adblock.
 
After the restart Adwcleaner, when i opend google chrome my computer froze for about 30 secs. But it normaly do that, after i restart my computer. But i dont think my computer is meaning to that after i open a browser, just because i restarted. 
 
Not sure if totaladpreformer is gone, that i only see it once everyday to once every 2 days. Will post asap if it pop-ups again.

 

Attached File  Fixlog.txt   4.36KB   1 downloads

 

Attached File  AdwCleanerS0.txt   1.59KB   2 downloads

 

Attached File  JRT.txt   1.32KB   3 downloads



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 22 June 2015 - 01:06 PM

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

How is it now?

#5 goldYJTYJ

goldYJTYJ
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 23 June 2015 - 07:47 PM

Still getting the totaladperformer pop-up



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 24 June 2015 - 08:05 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#7 goldYJTYJ

goldYJTYJ
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 25 June 2015 - 03:48 PM

After a restart, windows own problem reports and solutions. Told me there was info about Windows Internet Explorer has stopped working properly. Because of an add on. It requested me to download mircosoft fixit. I did, used it. And it found nothing. Not sure what caused all this now. 

 

Will Post asap if totaladprefomer pop up again. 

Attached Files



#8 goldYJTYJ

goldYJTYJ
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 25 June 2015 - 06:15 PM

I just got the pop-up again :( 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 26 June 2015 - 08:15 AM

Are you getting popups on both Chrome and Internet Explorer?

#10 goldYJTYJ

goldYJTYJ
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 26 June 2015 - 02:16 PM

Well i never use internet explodrer, so i dont know. Do you want me to use Explodrer for the next days?  to see if i get a pop-up there.


Edited by goldYJTYJ, 26 June 2015 - 02:16 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 27 June 2015 - 07:38 AM



Well i never use internet explodrer, so i dont know. Do you want me to use Explodrer for the next days?

YES, just visit a few sites that you normally get popups.

===

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#12 goldYJTYJ

goldYJTYJ
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 29 June 2015 - 06:26 PM

Good news, the last days after i ran the combofix and have been using internet explorer, i have not got a singel totaladprefomer pop-up #yay!

Should i test google chrome for the next days to see if i get it there now ?

 

Attached File  ComboFix.txt   14.39KB   2 downloads



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 30 June 2015 - 06:37 AM

Yes.

#14 goldYJTYJ

goldYJTYJ
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 30 June 2015 - 04:00 PM

I just got the pop-up in chrome.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 01 July 2015 - 05:51 AM

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users