Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection: websites redirect to other unfamiliar websites.


  • Please log in to reply
15 replies to this topic

#1 minhtamtritam

minhtamtritam

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 08 January 2017 - 01:22 PM

When I'm on any website, sometimes just clicking the background is enough for a new tab (Firefox) to appear or the current webpage to redirect itself. Further more, when I open Google, there's a strange "Secure search" bar appears below the URL box (see attached file). In addition, sometimes making a search on Google automatically redirects my search topics using Bing. I followed Global Moderator's advice (https://www.bleepingcomputer.com/forums/t/636666/browser-hijacker-problems/) to post my issue on this forum.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017
Ran by jeffreykd (administrator) on HP-PAVILION-G7 (07-01-2017 20:18:38)
Running from C:\Users\jeffreykd\Downloads
Loaded Profiles: jeffreykd (Available Profiles: jeffreykd)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(SureAI) C:\Program Files (x86)\The Elder Scrolls V Skyrim\Enderal Launcher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [839648 2016-03-10] (DivX, LLC)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\jeffreykd\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=c916adddb7ff47d29001557dd16d5da5-0a7941a60676b59798160708e8302bd78f68e7a4 /CMPID=0214c
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [296576 2012-11-15] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\...\MountPoints2: {9a231e86-bc46-11e3-82fb-84349789b456} - H:\TL_Bootstrap.exe
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\...\MountPoints2: {cb2588fb-a905-11e3-a945-84349789b456} - E:\setup.exe
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\...\MountPoints2: {e5dd12f8-7e0d-11e6-8cc1-84349789b456} - F:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3293096365-3675617748-1253994106-1000] => hxxp://no-stop.net/wpad.dat?57253d63739b52c2395f869e518584b820799616
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{716B8F56-DE7F-414D-8504-7CCC418D4163}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F18C1739-9B13-4B30-BE30-26C3E8343E0D}: [DhcpNameServer] 192.168.0.1
ManualProxies: 0hxxp://no-stop.net/wpad.dat?57253d63739b52c2395f869e518584b820799616

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> DefaultScope {712DC496-BD5A-47CA-88AB-F1ACBD3A0BB4} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> {712DC496-BD5A-47CA-88AB-F1ACBD3A0BB4} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\jeffreykd\AppData\Roaming\Mozilla\Firefox\Profiles\mvsgd87q.default-1483756038886 [2017-01-07]
FF Homepage: Mozilla\Firefox\Profiles\mvsgd87q.default-1483756038886 -> hxxps://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\mvsgd87q.default-1483756038886 -> is enabled.
FF Extension: (AdBlock for Firefox) - C:\Users\jeffreykd\AppData\Roaming\Mozilla\Firefox\Profiles\mvsgd87q.default-1483756038886\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-01-06]
FF Extension: (Adblock Plus) - C:\Users\jeffreykd\AppData\Roaming\Mozilla\Firefox\Profiles\mvsgd87q.default-1483756038886\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3293096365-3675617748-1253994106-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jeffreykd\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-20] (Citrix Online)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\7920201.js [2016-11-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\7920201.cfg [2016-11-25] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Google Docs) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (Google Search) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (ICE Quick Stream) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2014-05-16] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (AdBlock) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-06]
CHR Extension: (Google Wallet) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-02]
CHR Extension: (Unoisales) - C:\ProgramData\eepccjcnafchpfjooncpdajegljgcmpg\ []
CHR Extension: (OOptOn) - C:\ProgramData\innkololnnadlnelheppndakdcminpfb\ []

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 CorsairGamingAudioService; C:\Windows\System32\DRIVERS\CorsairGamingAudioamd64.sys [120832 2015-10-30] (Corsair Components, Inc.)
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-10-30] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-10-30] (Corsair)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-11] (Disc Soft Ltd)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [288328 1999-12-31] (Realtek Semiconductor Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 1999-12-31] (RTS Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-07] ()
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-07 20:18 - 2017-01-07 20:19 - 00017460 _____ C:\Users\jeffreykd\Downloads\FRST.txt
2017-01-07 20:18 - 2017-01-07 20:18 - 00000000 ____D C:\FRST
2017-01-07 20:16 - 2017-01-07 20:16 - 02418688 _____ (Farbar) C:\Users\jeffreykd\Downloads\FRST64.exe
2017-01-05 23:56 - 2017-01-05 23:56 - 00000010 _____ C:\Users\jeffreykd\Desktop\Origin of Species pages.txt
2017-01-05 18:26 - 2017-01-07 18:17 - 00003488 _____ C:\Windows\System32\Tasks\AutoKMS
2017-01-04 23:12 - 2017-01-04 23:12 - 00000061 _____ C:\Users\jeffreykd\Desktop\weird.txt
2017-01-04 22:32 - 2017-01-04 22:32 - 00000000 ____D C:\Users\jeffreykd\Downloads\Autoruns
2017-01-04 22:31 - 2017-01-04 22:32 - 01304400 _____ C:\Users\jeffreykd\Downloads\Autoruns.zip
2017-01-02 00:56 - 2017-01-02 00:56 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-02 00:56 - 2017-01-02 00:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-27 23:21 - 2016-12-27 23:21 - 00000053 _____ C:\Users\jeffreykd\Documents\note.txt
2016-12-27 21:22 - 2016-12-27 21:26 - 101977629 _____ C:\Users\jeffreykd\Downloads\AmorousAdventures-v3_0_3-SexLab.7z
2016-12-14 18:04 - 2017-01-02 00:51 - 00001664 _____ C:\Windows\PFRO.log
2016-12-10 08:33 - 2017-01-06 18:13 - 00002800 _____ C:\Windows\setupact.log
2016-12-10 08:33 - 2016-12-10 08:33 - 00445968 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-10 08:33 - 2016-12-10 08:33 - 00000000 _____ C:\Windows\setuperr.log
2016-12-09 21:36 - 2016-12-09 21:36 - 00111520 _____ C:\Users\jeffreykd\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-07 20:15 - 2014-06-26 13:30 - 00000000 ____D C:\Users\jeffreykd\AppData\Roaming\Skype
2017-01-07 20:13 - 2014-01-18 15:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-07 20:07 - 2014-07-27 20:07 - 00000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {BEEE4B1D-3CE6-4B3E-99A2-9B3CDD104C34}.job
2017-01-07 20:07 - 2014-07-27 20:07 - 00000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {BEEE4B1D-3CE6-4B3E-99A2-9B3CDD104C34}.job
2017-01-07 18:47 - 2014-03-09 14:51 - 00000000 ____D C:\ProgramData\MFAData
2017-01-07 18:22 - 2009-07-13 23:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-07 18:22 - 2009-07-13 23:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-07 13:54 - 2014-06-26 17:41 - 00000000 ____D C:\Users\jeffreykd\AppData\Local\Battle.net
2017-01-07 13:21 - 2014-06-26 17:40 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-06 21:31 - 2016-11-18 06:24 - 00000000 ____D C:\Users\jeffreykd\AppData\LocalLow\Mozilla
2017-01-06 20:48 - 2014-07-22 19:23 - 00018746 _____ C:\Users\jeffreykd\Documents\note to self.txt
2017-01-06 19:13 - 2016-11-13 09:38 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-06 18:13 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-05 22:39 - 2014-07-22 19:20 - 00000000 ____D C:\Users\jeffreykd\Documents\Manga, Anime related
2017-01-04 19:16 - 2014-07-27 01:20 - 00000000 ____D C:\Users\jeffreykd\AppData\Roaming\vlc
2017-01-02 00:56 - 2016-11-17 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-02 00:56 - 2014-03-10 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-27 23:21 - 2014-01-18 10:25 - 00000000 ___RD C:\Users\jeffreykd\Documents
2016-12-27 23:10 - 2014-03-11 05:52 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2016-12-27 22:12 - 2014-01-18 10:25 - 00000000 ___HD C:\Users\jeffreykd\AppData
2016-12-27 19:48 - 2014-06-24 18:32 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-12-27 19:48 - 2014-06-24 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-12-27 19:48 - 2014-03-11 21:36 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-12-26 19:25 - 2016-11-13 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-12-26 19:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\drivers
2016-12-20 07:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-16 15:16 - 2014-04-06 17:38 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 15:16 - 2014-04-06 17:38 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 15:16 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
2016-12-16 15:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Tasks
2016-12-14 18:15 - 2014-04-06 17:39 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 18:15 - 2014-04-06 17:39 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 07:13 - 2014-01-18 15:50 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 07:13 - 2014-01-18 15:50 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 07:13 - 2014-01-18 15:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:13 - 2014-01-18 15:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 07:13 - 2014-01-18 15:50 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 07:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
2016-12-13 23:57 - 2016-11-07 07:14 - 00000023 _____ C:\Users\jeffreykd\Desktop\anime for taylor.txt
2016-12-10 08:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-10 08:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32
2016-12-10 00:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Drivers\etc
2016-12-09 21:34 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files
2016-12-09 21:30 - 2015-07-11 14:54 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-09 21:30 - 2014-03-11 05:48 - 00000000 ____D C:\Users\jeffreykd\AppData\Roaming\DAEMON Tools Lite
2016-12-09 21:30 - 2014-03-10 21:32 - 00000000 ____D C:\Users\jeffreykd\AppData\Roaming\BitTorrent
2016-12-09 20:57 - 2015-07-29 07:51 - 00000000 ____D C:\Users\jeffreykd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CABAL2 (US)
2016-12-09 20:57 - 2014-07-21 19:46 - 00000000 ___DC C:\Users\jeffreykd\AppData\Local\MigWiz
2016-12-09 20:57 - 2014-01-18 12:40 - 00000000 ____D C:\Windows\Panther
2016-12-09 20:57 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\debug
2016-12-09 20:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Logs

==================== Files in the root of some directories =======

2016-06-04 15:18 - 2016-06-04 15:18 - 0000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\Users\jeffreykd\CTX.DAT


Some files in TEMP:
====================
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.60.11.exe
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.60.13.exe
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-05 07:07

==================== End of FRST.txt ============================Attached File  Addition.txt   40.06KB   7 downloads

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:37 AM

Posted 08 January 2017 - 04:07 PM

hi,

 

I beleive the secure search you refer to is added by the AVG install.

If you want to remove see the following link:

 

https://support.avg.com/SupportArticleView?l=en&urlName=How-to-uninstall-AVG-Toolbar-homepage-and-Secure-Search-from-your-browser

 

You can also get a copy of Malwarebytes to run and keep on your machine. Lets see what if drags up and we will go from there.

Usually only on the site once or twice per day so you may not get a reply back form me until the following day.

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop:

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


How Can I Reduce My Risk to Malware?


#3 minhtamtritam

minhtamtritam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 08 January 2017 - 06:56 PM

Hello.

 

I checked the AVG link. I don't see any "AVG Security Toolbar, AVG SafeGuard Toolbar or AVG Web TuneUp" the webpage mentions. What I have instead is AVG and AVG Protection (AVG recently update into Zen with weird functionalities that I don't understand).

 

I actually am using trial version 3.0.5 of Malwarebytes. I ticked the box 'Scan for rootkits' and scanned. Below is the log you requested:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/8/17
Scan Time: 6:14 PM
Logfile: Malwarebytes Premimum Trial 3.0.5 scan.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.953
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HP-PAVILION-G7\jeffreykd

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345615
Time Elapsed: 25 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 41
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\class_08&subclass_06&prot_50, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\authenticamd_-_amd64, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\internal_ide_channel, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\composite_battery, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\compositebus, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\hdaudio\func_01, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\root_hub20, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\storage\volume, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\acpi0003, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\composite, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0310, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0320, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\blbdrive, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\mssmbios, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_010601, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\vdrvroot, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\pnp0c0a, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\class_0e, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\rdp_mou, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\root_hub, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0300, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0403, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\swenum, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\rdpbus, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\volmgr, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0604, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0601, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\umbus, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\umb\umbus, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\gencdrom, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\gendisk, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\hdaudio, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\storage, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\umb, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\USERS\JEFFREYKD\APPDATA\LOCAL\SlimWare Utilities Inc\DriverUpdate, No Action By User, [1207], [341510],1.0.953

File: 74
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\acpi0003\battc.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\acpi0003\battery.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\acpi0003\CmBatt.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\authenticamd_-_amd64\amdppm.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\authenticamd_-_amd64\cpu.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\pnp0c0a\battc.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\pnp0c0a\battery.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\acpi\pnp0c0a\CmBatt.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\composite_battery\battc.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\composite_battery\battery.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\composite_battery\compbatt.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\gencdrom\cdrom.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\gencdrom\cdrom.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\gendisk\disk.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\gendisk\disk.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\hdaudio\func_01\hdaudio.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\hdaudio\func_01\HdAudio.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\internal_ide_channel\atapi.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\internal_ide_channel\ataport.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\internal_ide_channel\mshdc.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_010601\atapi.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_010601\ataport.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_010601\mshdc.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_010601\pciidex.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0300\display.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0300\vgapnp.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0403\hdaudbus.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0403\hdaudbus.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0601\machine.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0601\msisadrv.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0604\machine.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0604\pci.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0310\usbhub.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0310\usbohci.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0310\usbport.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0310\usbport.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0320\usbehci.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0320\usbhub.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0320\usbport.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\pci\cc_0c0320\usbport.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\blbdrive\blbdrive.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\blbdrive\blbdrive.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\compositebus\compositebus.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\compositebus\CompositeBus.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\mssmbios\machine.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\mssmbios\mssmbios.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\rdpbus\rdpbus.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\rdpbus\rdpbus.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\rdp_mou\machine.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\rdp_mou\termdd.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\swenum\machine.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\swenum\streamci.dll, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\umbus\umbus.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\umbus\umbus.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\vdrvroot\machine.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\vdrvroot\vdrvroot.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\volmgr\machine.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\root\volmgr\volmgr.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\storage\volume\volsnap.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\storage\volume\volume.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\umb\umbus\umbus.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\umb\umbus\umbus.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\class_08&subclass_06&prot_50\usbstor.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\class_08&subclass_06&prot_50\USBSTOR.SYS, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\class_0e\usbvideo.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\class_0e\usbvideo.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\composite\usb.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\composite\usbccgp.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\root_hub\usbd.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\root_hub\usbhub.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\root_hub\usbport.inf, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\root_hub20\usbd.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\root_hub20\usbhub.sys, No Action By User, [1207], [341510],1.0.953
PUP.Optional.DriverUpdate, C:\Users\jeffreykd\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140118T212012438937\usb\root_hub20\usbport.inf, No Action By User, [1207], [341510],1.0.953

Physical Sector: 0
(No malicious items detected)


(end)



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:37 AM

Posted 09 January 2017 - 05:26 PM

Let do this:

 

Copy/paste whats below into notepad. Save it as fixlist.txt in the same location where you have FRST installed.

 

Start FRST like before except this time click on the Fix button once. Machine will reboot to finish. Upon reboot it will display a fixlog.txt which you can copy/paste in your reply. We will go from there.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> DefaultScope {712DC496-BD5A-47CA-88AB-F1ACBD3A0BB4} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> {712DC496-BD5A-47CA-88AB-F1ACBD3A0BB4} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
Toolbar: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\7920201.js [2016-11-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\7920201.cfg [2016-11-25] <==== ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
C:\Users\jeffreykd\CTX.DAT
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.60.11.exe
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.60.13.exe
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe
Empty Temp:

 


How Can I Reduce My Risk to Malware?


#5 minhtamtritam

minhtamtritam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 09 January 2017 - 07:57 PM

Hello. I got the result:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by jeffreykd (09-01-2017 19:47:11) Run:1
Running from C:\Users\jeffreykd\Downloads
Loaded Profiles: jeffreykd (Available Profiles: jeffreykd)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> DefaultScope {712DC496-BD5A-47CA-88AB-F1ACBD3A0BB4} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> {712DC496-BD5A-47CA-88AB-F1ACBD3A0BB4} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20176&r=2014/12/25&hid=1255577913861581497&lg=EN&cc=US&unqvl=72
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
Toolbar: HKU\S-1-5-21-3293096365-3675617748-1253994106-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\7920201.js [2016-11-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\7920201.cfg [2016-11-25] <==== ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
C:\Users\jeffreykd\CTX.DAT
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.60.11.exe
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.60.13.exe
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe
Empty Temp:
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{712DC496-BD5A-47CA-88AB-F1ACBD3A0BB4} => key not found.
HKCR\CLSID\{712DC496-BD5A-47CA-88AB-F1ACBD3A0BB4} => key not found.
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => key removed successfully
HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => key not found.
HKU\S-1-5-21-3293096365-3675617748-1253994106-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
"C:\Program Files (x86)\mozilla firefox\defaults\pref\7920201.js" => not found.
"C:\Program Files (x86)\mozilla firefox\7920201.cfg" => not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\jeffreykd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => not found
C:\Users\jeffreykd\CTX.DAT => moved successfully
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.60.11.exe => moved successfully
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.60.13.exe => moved successfully
C:\Users\jeffreykd\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12293078 B
Java, Flash, Steam htmlcache => 376785316 B
Windows/system/drivers => 1613564 B
Edge => 0 B
Chrome => 8614454 B
Firefox => 383725892 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 66356 B
LocalService => 132244 B
NetworkService => 76314 B
jeffreykd => 44463699 B

RecycleBin => 0 B
EmptyTemp: => 797.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:48:17 ====



#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:37 AM

Posted 10 January 2017 - 06:15 PM

Ok thanks. How we looking on your end now? Re-directs gone, cruise around and in all browsers to check.


How Can I Reduce My Risk to Malware?


#7 minhtamtritam

minhtamtritam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 10 January 2017 - 09:13 PM

Hello. Indeed the problems are gone: no weird "secure search" bar, no redirects from any websites I visit. Everyone helped me a lot and I am thankful for what the team has done. I think it's okay to close this topic. But I will archive it for future reference. Once again, I thank you.



#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:37 AM

Posted 11 January 2017 - 05:34 PM

Hey no problem. Your welcome. Happy safe surfing. Some tips at my site in link below. You can delete the FRST icon and its txt files if you want.


How Can I Reduce My Risk to Malware?


#9 minhtamtritam

minhtamtritam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 06 January 2018 - 03:13 PM

Hello:

 

It's me again. Can you help me again on this topic as well? Below is the Malwarebytes log you requested:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/6/18
Scan Time: 2:51 PM
Log File: f319d5d0-f31a-11e7-841f-6045cb6f1bf0.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3638
License: Trial

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: DESKTOP-27OG0E2\Tam Huynh

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295052
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\424862750.JS, No Action By User, [1102], [330892],1.0.3638
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\424862750.CFG, No Action By User, [1102], [345408],1.0.3638

Physical Sector: 0
(No malicious items detected)


(end)



#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:37 AM

Posted 07 January 2018 - 09:53 AM

Did Malwarebyutes remove the two PUP's if found? Looks much better than the other earlier log you posted. PUPs are easily avoidable. Are you getting redirected?


How Can I Reduce My Risk to Malware?


#11 minhtamtritam

minhtamtritam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 07 January 2018 - 11:43 AM

Hello:

 

Thank you for the response. I chose to "Quarantine" the infection. I have been redirected once today, but Malwarebytes blocked it. The "Secure search" bar appears below the URL box on Google is still there from time to time, randomly. Can you help me remove that bar?


Edited by minhtamtritam, 07 January 2018 - 12:32 PM.


#12 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:37 AM

Posted 08 January 2018 - 06:29 PM

Which browser do you see the tool bar in?


How Can I Reduce My Risk to Malware?


#13 minhtamtritam

minhtamtritam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 08 January 2018 - 06:41 PM

Hello, I use Firefox. There are times when I don't see the secure search bar on Google. But as soon as I hit "Enter", my search result is redirect to Yahoo search.



#14 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:37 AM

Posted 08 January 2018 - 08:20 PM

Ok, lets try "refreshing" Firefox and we will go from there. Wont be back on the site for 18-20 hours. Follow the directions in this link and see how it goes:

 

https://malwaretips.com/blogs/reset-firefox-settings/


How Can I Reduce My Risk to Malware?


#15 minhtamtritam

minhtamtritam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 11 January 2018 - 09:26 PM

Hello, I take several days testing the result after following your link's instruction. I think all the problems have been taken care of. Your team is amazing! I am very grateful for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users