Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked, constant redirection and links appearing.


  • This topic is locked This topic is locked
2 replies to this topic

#1 kmplsv

kmplsv

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 10 November 2015 - 01:42 PM

I am not sure what kind of virus/malware I am infected with. I am constantly seeing links appear on webpages over certain words. The word becomes all capitalized with an odd leaf-looking icon next to them. I have posted the logs below. Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by kmplsv (administrator) on 0GRE (10-11-2015 11:37:56)
Running from F:\XXX\netvids
Loaded Profiles: kmplsv (Available Profiles: kmplsv)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) D:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\kmplsv\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
() C:\Users\kmplsv\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\kmplsv\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Elaborate Bytes AG) D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Don HO don.h@free.fr) D:\Program Files (x86)\Notepad++\notepad++.exe
(Intel Corporation) D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Seifert) C:\Program Files (x86)\WinDirStat\windirstat.exe
() D:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [CCEnhancer] => C:\Users\kmplsv\Utilities\CCEnhancer-4.0.exe [284160 2014-06-15] (SingularLabs)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => D:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\...\Run: [f.lux] => C:\Users\kmplsv\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\...\Run: [Facebook Update] => C:\Users\kmplsv\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-11-30] (Facebook Inc.)
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\...\Run: [Amazon Music] => C:\Users\kmplsv\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\...\Run: [Spotify Web Helper] => C:\Users\kmplsv\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-10] (Spotify Ltd)
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\...\Run: [Spotify] => C:\Users\kmplsv\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-10] (Spotify Ltd)
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-07-18]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-07-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\..\Interfaces\{888FBAB0-4B8C-4CF8-A683-9CADC006B892}: [NameServer] 68.105.28.16,68.105.28.17

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/images?FORM=HDRSC2
HKU\S-1-5-21-1267143682-213387156-2102367617-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-1267143682-213387156-2102367617-1000 -> DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-1267143682-213387156-2102367617-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-07-18] (LastPass)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-07] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files (x86)\LastPass\LPToolbar.dll [2014-07-18] (LastPass)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-07] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-07-18] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LastPass\LPToolbar.dll [2014-07-18] (LastPass)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2014-07-18] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass.dll [2014-07-18] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-05-15] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1267143682-213387156-2102367617-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\kmplsv\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1267143682-213387156-2102367617-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-05-15] (Pando Networks)
FF Plugin HKU\S-1-5-21-1267143682-213387156-2102367617-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-07-03] ()
FF Extension: ChatZilla - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-08-18]
FF Extension: Firebug - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\firebug@software.joehewitt.com.xpi [2015-11-10]
FF Extension: YouTube mp3 - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\info@youtube-mp3.org.xpi [2015-06-03]
FF Extension: The Camelizer - Price Tracker - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\izer@camelcamelcamel.com.xpi [2015-10-19]
FF Extension: Lightbeam - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-05-27]
FF Extension: Session Manager - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-11-10]
FF Extension: Video DownloadHelper - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-10]
FF Extension: Adblock Plus - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-19]
FF Extension: Tab Mix Plus - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-10-19]
FF Extension: DownThemAll! - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-28]
FF Extension: Greasemonkey - C:\Users\kmplsv\AppData\Roaming\Mozilla\Firefox\Profiles\yr6ks1an.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-10]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-03]
CHR Extension: (Gliffy Diagrams) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-11-23]
CHR Extension: (YouTube) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2015-10-09]
CHR Extension: (Google Search) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Session Buddy) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Chrome Notepad) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2014-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (The Camelizer) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2015-08-30]
CHR Extension: (AdBlock) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-14]
CHR Extension: (Cryptocat) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij [2015-04-05]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-02-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-11-03]
CHR Extension: (goo.gl URL Shortener) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-05-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-01]
CHR Extension: (Webcam Toy) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
CHR Extension: (chromeIPass) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2014-12-24]
CHR Extension: (Gmail) - C:\Users\kmplsv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: Google Chrome Canary.UPPF2ZTPN7Z3S4736OZUM4WAKA - C:\Users\kmplsv\AppData\Local\Google\Chrome SxS\Application\chrome.exe

Opera:
=======
OPR Extension: (Powerbot for Gmail) - C:\Users\kmplsv\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccdcdeciofigkmmhblkcalfmofhbcepb [2014-06-15]
OPR Extension: (Reddit Enhancement Suite) - C:\Users\kmplsv\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfdcmdcpehpkengmkhkbpifajmbhfgae [2015-03-12]
OPR Extension: (Web Developer) - C:\Users\kmplsv\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2014-06-15]
OPR Extension: (Adblock Plus) - C:\Users\kmplsv\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-08-11]
StartMenuInternet: (HKLM) Operabeta - D:\Program Files (x86)\Opera Next\Launcher.exe
StartMenuInternet: (HKLM) OperaMail - D:\Program Files (x86)\Opera Mail\OperaMail.exe
StartMenuInternet: (HKLM) OperaStable - D:\Program Files (x86)\Opera\Launcher.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-06] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-20] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 ss_conn_service; D:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [16877 2002-07-16] (Adaptec)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 Saffire; C:\Windows\System32\Drivers\Saffire.sys [226640 2014-03-17] (Focusrite A.E.)
R3 SaffireAudio; C:\Windows\System32\drivers\SaffireAudio.sys [47824 2014-03-17] (Focusrite A.E.)
R3 SaffireMidi; C:\Windows\System32\drivers\SaffireMidi.sys [38608 2014-03-17] (Focusrite A.E.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-07] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\kmplsv\Desktop\RealTemp_370\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 11:33 - 2015-11-10 11:34 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-11-10 11:33 - 2015-11-10 11:33 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2015-11-10 11:32 - 2015-11-10 11:32 - 00980334 _____ C:\Users\kmplsv\Desktop\9fbbf9c1e8c36e81cb734c41e63ccf43.10.nzb
2015-11-10 11:28 - 2015-11-10 11:28 - 00978262 _____ C:\Users\kmplsv\Desktop\70f16314d9579232faf1aed8e359c4b1.10.nzb
2015-11-10 11:25 - 2015-11-10 11:26 - 220807168 _____ C:\Users\kmplsv\Desktop\LibreOffice_5.0.3_Win_x86.msi
2015-11-09 18:46 - 2015-11-09 18:46 - 04155664 _____ C:\Users\kmplsv\Desktop\0076-958iridisoos.nzb958iridisoos.nzb
2015-11-09 18:37 - 2015-11-09 18:37 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\kmplsv\Desktop\tdsskiller.exe
2015-11-08 18:05 - 2015-11-08 18:05 - 03191747 _____ C:\Users\kmplsv\Desktop\000111-05tjkgo0odppd.nzb05tjkgo0odppd.nzb
2015-11-08 18:04 - 2015-11-08 18:04 - 00978851 _____ C:\Users\kmplsv\Desktop\33fa2f45ab7a86d8b32f623052d07272.10.nzb
2015-11-08 18:00 - 2015-11-08 18:00 - 01302508 _____ C:\Users\kmplsv\Desktop\0d15da91851eefe87054f4a979fa58e8.10.nzb
2015-11-08 16:37 - 2015-11-08 16:37 - 01115573 _____ C:\Users\kmplsv\Desktop\17dd8a2e1f4740017b923240f0647fb1.10.nzb
2015-11-08 16:35 - 2015-11-08 16:35 - 01020528 _____ C:\Users\kmplsv\Desktop\6i738371p18eaqa4d381588f.part01.rar (1).nzb
2015-11-08 16:32 - 2015-11-08 16:32 - 01020528 _____ C:\Users\kmplsv\Desktop\6i738371p18eaqa4d381588f.part01.rar.nzb
2015-11-07 14:14 - 2015-11-07 14:14 - 01713664 _____ C:\Users\kmplsv\Desktop\AdwCleaner.exe
2015-11-07 14:07 - 2015-11-07 14:08 - 10327053 _____ C:\Users\kmplsv\Desktop\SABnzbd-0.8.0Beta1-win32-setup.exe
2015-11-07 13:55 - 2015-11-07 13:55 - 10926924 _____ C:\Users\kmplsv\Desktop\SABnzbd-0.7.20-win32-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 11:38 - 2014-05-21 00:35 - 00000000 ____D C:\FRST
2015-11-10 11:25 - 2009-07-13 22:45 - 00024720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-10 11:25 - 2009-07-13 22:45 - 00024720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-10 11:22 - 2014-02-26 18:39 - 00048640 _____ C:\Users\kmplsv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-10 10:57 - 2014-02-20 22:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-10 10:48 - 2014-11-30 10:42 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1267143682-213387156-2102367617-1000UA.job
2015-11-10 10:48 - 2014-11-30 10:42 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1267143682-213387156-2102367617-1000Core.job
2015-11-10 10:48 - 2014-11-21 01:33 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267143682-213387156-2102367617-1000UA.job
2015-11-10 10:45 - 2014-02-20 22:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-10 10:05 - 2014-02-20 20:10 - 01550882 _____ C:\Windows\WindowsUpdate.log
2015-11-10 09:22 - 2014-10-07 21:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-10 04:48 - 2014-11-21 01:33 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267143682-213387156-2102367617-1000Core.job
2015-11-09 14:45 - 2014-02-20 22:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 14:23 - 2014-08-25 18:18 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409012301
2015-11-08 16:16 - 2009-07-13 23:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 15:43 - 2014-12-25 00:55 - 00000000 ____D C:\Users\kmplsv\AppData\Roaming\Spotify
2015-11-07 15:43 - 2014-12-25 00:55 - 00000000 ____D C:\Users\kmplsv\AppData\Local\Spotify
2015-11-07 15:43 - 2014-04-18 20:24 - 00000000 ____D C:\Users\kmplsv\AppData\Roaming\Skype
2015-11-07 15:41 - 2014-08-29 20:05 - 00000000 ____D C:\Users\kmplsv\Utilities
2015-11-07 14:17 - 2015-03-31 00:00 - 00016377 _____ C:\Windows\setupact.log
2015-11-07 14:17 - 2014-02-20 22:42 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-07 14:17 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 14:16 - 2014-05-19 18:46 - 00000000 ____D C:\AdwCleaner
2015-11-07 13:56 - 2014-02-20 22:10 - 00000000 ____D C:\ProgramData\Oracle
2015-11-07 13:54 - 2015-09-06 17:16 - 00000000 ____D C:\Users\kmplsv\.oracle_jre_usage
2015-11-07 13:54 - 2015-06-24 19:44 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-07 13:54 - 2015-06-24 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-07 13:54 - 2014-10-16 13:23 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-05 18:11 - 2014-06-12 22:15 - 00003822 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1397959630
2015-10-29 15:12 - 2014-03-13 20:13 - 00000000 ____D C:\Users\kmplsv\AppData\Roaming\foobar2000
2015-10-19 05:52 - 2014-11-24 19:28 - 00000000 ____D C:\Users\kmplsv\AppData\Roaming\TS3Client
2015-10-17 05:57 - 2014-02-20 22:05 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 05:57 - 2014-02-20 22:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 05:57 - 2014-02-20 22:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-14 11:17 - 2015-08-24 19:37 - 00000789 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-14 11:17 - 2014-10-07 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-13 23:31 - 2014-10-22 11:39 - 00003722 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-13 23:31 - 2014-10-22 11:39 - 00003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-13 23:25 - 2015-04-04 07:26 - 00020856 _____ C:\Windows\PFRO.log
2015-10-13 23:25 - 2014-03-27 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-07-18 18:42 - 2014-07-18 18:42 - 15824384 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-05-16 23:51 - 2014-02-20 23:25 - 0012005 _____ () C:\Users\kmplsv\AppData\Roaming\alsoft.ini
2015-01-05 22:13 - 2015-01-05 22:14 - 0001405 _____ () C:\Users\kmplsv\AppData\Roaming\SpeedRunnersLog.txt
2014-06-16 00:11 - 2014-06-16 00:11 - 0000037 ___SH () C:\Users\kmplsv\AppData\Local\69ff07055291669bb2b218.72821112
2014-02-26 18:39 - 2015-11-10 11:22 - 0048640 _____ () C:\Users\kmplsv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-21 14:03 - 2014-03-21 18:32 - 1065984 _____ () C:\Users\kmplsv\AppData\Local\file__0.localstorage
2014-11-09 03:17 - 2014-11-09 03:17 - 0001480 _____ () C:\Users\kmplsv\AppData\Local\recently-used.xbel
2014-06-18 17:05 - 2014-06-18 17:05 - 0007608 _____ () C:\Users\kmplsv\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\kmplsv\FRST64.exe


Some files in TEMP:
====================
C:\Users\kmplsv\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\kmplsv\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\kmplsv\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\kmplsv\AppData\Local\Temp\npp.6.8.1.Installer.exe
C:\Users\kmplsv\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\kmplsv\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\kmplsv\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\kmplsv\AppData\Local\Temp\nvStInst.exe
C:\Users\kmplsv\AppData\Local\Temp\sqlite3.dll
C:\Users\kmplsv\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\kmplsv\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 00:29

==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 PM

Posted 13 November 2015 - 11:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Windows Firewall is disabled.
How to: Turn System Restore ON - Windows
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===

You are running the Farbar tool from this folder in bod. from F:\XXX\netvids
Please copy the file to your Desktop.
Place the Fixlist.txt file in the Desktop also. Run the fix.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1267143682-213387156-2102367617-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchKeyword: Default -> lp
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\kmplsv\Desktop\RealTemp_370\WinRing0x64.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Is the problem persisting?

Edited by nasdaq, 13 November 2015 - 11:24 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 PM

Posted 19 November 2015 - 10:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users