Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP INFECTION


  • This topic is locked This topic is locked
11 replies to this topic

#1 keronkkumar

keronkkumar

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:03:33 AM

Posted 06 June 2017 - 10:35 AM

When ever i do a Malwearbyte scan i get " pup " detected.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2017
Ran by User (administrator) on USER-PC (06-06-2017 11:18:09)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid\Vid.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(wyDay) C:\Program Files\CyberGhost 6\wyUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7519960 2015-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [986648 2016-10-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [986648 2016-10-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{6ADD132D-5F8A-45B2-8ADB-0B86F12C5A7A}: [DhcpNameServer] 185.156.172.178 185.93.180.131 83.143.245.42
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [NameServer] 185.156.172.178,185.93.180.131
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669 [2017-06-06]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-26]
FF Extension: (Follow-on Search Telemetry) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ovddxlw4.default-1455637092669\features\{62b667ae-b12e-4629-9cb3-9299935cd426}\followonsearch@mozilla.com.xpi [2017-06-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-06-06]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Flash Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-28]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Video Downloader Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [445976 2016-10-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [425496 2016-10-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [466456 2016-10-21] (BlueStack Systems, Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-02-06] (CyberGhost S.R.L)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [86752 2015-04-16] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [179936 2015-04-16] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [139360 2016-10-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2016-10-07] (Bluestack System Inc. )
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-06-06] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl805f2538; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2157B447-6230-4897-A14A-0C212C9BDBD5}\MpKsl805f2538.sys [39168 2017-06-06] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [110208 2016-07-02] (BigNox Corporation)
R1 YSDrv; C:\Windows\System32\DRIVERS\YSDrv.sys [220432 2017-04-15] (BigNox Corporation)
S3 eapihdrv; \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-06 11:18 - 2017-06-06 11:19 - 00013894 _____ C:\Users\User\Desktop\FRST.txt
2017-06-06 11:10 - 2017-06-06 11:18 - 00000000 ____D C:\FRST
2017-06-06 11:09 - 2017-06-06 11:09 - 01774080 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2017-06-05 13:37 - 2017-06-05 15:38 - 458851488 _____ C:\Users\User\Downloads\download (4).mp4
2017-06-05 13:37 - 2017-06-05 15:33 - 279372346 _____ C:\Users\User\Downloads\download (6).mp4
2017-06-05 13:36 - 2017-06-05 14:26 - 253991266 _____ C:\Users\User\Downloads\download (3).mp4
2017-06-05 13:35 - 2017-06-05 15:13 - 636035398 _____ C:\Users\User\Downloads\download (2).mp4
2017-06-05 13:34 - 2017-06-05 14:22 - 61774144 _____ C:\Users\User\Downloads\download (1).mp4
2017-06-05 13:33 - 2017-06-05 15:36 - 366234759 _____ C:\Users\User\Downloads\download.mp4
2017-06-05 13:33 - 2017-06-05 13:33 - 00000000 ____D C:\Users\User\Downloads\strong_walther
2017-06-05 12:53 - 2017-06-05 12:56 - 345625834 _____ C:\Users\User\Downloads\download (5).mp4
2017-06-05 12:49 - 2017-06-05 12:57 - 00000000 ____D C:\Users\User\Downloads\jovansex
2017-06-05 09:52 - 2017-06-05 10:05 - 00000000 ____D C:\Users\User\Downloads\boyboy212
2017-06-05 09:46 - 2017-06-05 09:46 - 00000000 ____D C:\Users\User\Downloads\neccesitysex
2017-06-05 09:45 - 2017-06-05 09:46 - 00000000 ____D C:\Users\User\Downloads\crazyydick1996
2017-06-02 14:36 - 2017-06-02 14:37 - 00000000 ____D C:\Users\User\Downloads\therazhanen
2017-06-02 12:00 - 2017-06-02 12:00 - 00000000 ____D C:\Users\User\Downloads\littlesubgirl
2017-05-28 22:22 - 2017-06-02 12:15 - 00000000 ____D C:\Users\User\Downloads\bodyfitnessbody
2017-05-28 21:41 - 2017-05-28 21:41 - 00000000 ____D C:\Users\User\Downloads\rainbowsyrup
2017-05-28 21:38 - 2017-05-28 21:38 - 00000000 ____D C:\Users\User\Downloads\curious_katie
2017-05-22 21:40 - 2017-05-23 00:45 - 00000000 ____D C:\Users\User\Downloads\1
2017-05-19 22:49 - 2017-05-19 22:49 - 00000000 ____D C:\Users\User\Downloads\cherrycrush
2017-05-17 12:49 - 2017-05-28 21:40 - 00000000 ____D C:\Users\User\Downloads\bllueberrylove
2017-05-17 12:49 - 2017-05-24 13:12 - 00000000 ____D C:\Users\User\Downloads\Aynmarie
2017-05-16 13:12 - 2017-05-16 13:20 - 00000000 ____D C:\Users\User\Downloads\mellybooo
2017-05-16 13:03 - 2017-05-17 12:05 - 00000000 ____D C:\Users\User\Downloads\priscillawtff
2017-05-16 13:02 - 2017-05-16 13:02 - 00000000 ____D C:\Users\User\Downloads\karen_lv
2017-05-16 13:01 - 2017-05-16 13:01 - 00000000 ____D C:\Users\User\Downloads\ladygilda
2017-05-16 12:59 - 2017-05-16 13:00 - 00000000 ____D C:\Users\User\Downloads\blackfoxvortex
2017-05-16 12:57 - 2017-05-16 13:00 - 00000000 ____D C:\Users\User\Downloads\toughnut111
2017-05-16 11:57 - 2017-05-16 13:17 - 00000000 ____D C:\Users\User\Downloads\msadams
2017-05-14 03:57 - 2017-05-14 03:58 - 00000000 ____D C:\Users\User\Downloads\pinklipz_dizzy
2017-05-14 03:48 - 2017-05-14 03:48 - 00000000 ____D C:\Users\User\Downloads\gamergirl323
2017-05-14 03:38 - 2017-05-14 03:39 - 00000000 ____D C:\Users\User\Downloads\kevin_hot_alison
2017-05-14 03:16 - 2017-05-28 23:31 - 00000000 ____D C:\Users\User\Downloads\sheepover_
2017-05-14 03:15 - 2017-05-14 05:10 - 00000000 ____D C:\Users\User\Downloads\lymiaa
2017-05-08 20:40 - 2017-05-14 02:21 - 00000000 ____D C:\Users\User\Downloads\bars_377

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-06 11:14 - 2014-08-16 02:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-06-06 11:14 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-06 11:14 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-06 11:06 - 2016-12-09 20:09 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-06-06 11:06 - 2016-10-25 11:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-06 11:06 - 2014-07-07 17:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-06 11:05 - 2014-07-15 03:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-06 11:03 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-05 23:05 - 2014-07-25 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-05 23:03 - 2016-08-14 00:34 - 00000000 ____D C:\Users\User\AppData\Local\Nox
2017-06-05 21:27 - 2017-04-15 05:58 - 00000000 ____D C:\Users\User\.BigNox
2017-06-05 21:27 - 2016-08-14 00:41 - 00000000 ____D C:\Users\User\vmlogs
2017-06-05 21:27 - 2015-12-28 05:05 - 00000000 ____D C:\Users\User\.android
2017-06-05 20:51 - 2015-03-12 03:09 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-06-05 13:22 - 2014-07-10 05:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-06-05 10:02 - 2017-02-02 11:10 - 00000000 ____D C:\Users\User\Downloads\zacjagger
2017-06-04 03:54 - 2014-07-15 06:26 - 00000000 ____D C:\Users\User\Documents\iWisoft Free Video Converter
2017-06-02 12:20 - 2017-04-09 05:18 - 00000000 ____D C:\Users\User\Downloads\z
2017-05-31 10:37 - 2015-02-22 00:32 - 00000000 ____D C:\Program Files\Opera
2017-05-30 16:45 - 2014-07-04 15:26 - 00456360 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-28 23:30 - 2017-04-23 21:50 - 00000000 ____D C:\Users\User\Downloads\babygirl_claire
2017-05-28 01:00 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2017-05-27 20:25 - 2014-07-04 11:29 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-22 13:42 - 2017-04-24 20:26 - 00000000 ____D C:\Users\User\Downloads\hot_wet_lilly
2017-05-19 22:58 - 2017-04-08 23:21 - 00000000 ____D C:\Users\User\Downloads\superhotgirl2
2017-05-17 12:12 - 2016-12-22 01:37 - 00000000 ____D C:\Users\User\Downloads\Rec-Tube
2017-05-15 12:02 - 2017-04-24 22:34 - 00000000 ____D C:\Users\User\Downloads\vikikinkygirl
2017-05-10 21:16 - 2016-04-20 15:48 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-10 21:16 - 2016-04-20 15:48 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-09 00:46 - 2017-04-28 21:59 - 00000000 ____D C:\Users\User\Downloads\alycetn
2017-05-08 23:59 - 2017-05-04 22:14 - 00000000 ____D C:\Users\User\Downloads\XOVALENTINA

==================== Files in the root of some directories =======

2017-04-06 12:27 - 2017-04-06 12:27 - 325407814 _____ () C:\Users\User\AppData\Local\ACCCx4_0_1_188.zip.aamdownload
2017-04-06 12:27 - 2017-04-06 12:27 - 0003630 _____ () C:\Users\User\AppData\Local\ACCCx4_0_1_188.zip.aamdownload.aamd
2015-03-12 03:09 - 2017-06-05 20:51 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-22 02:28 - 2017-04-28 02:07 - 0000753 _____ () C:\Users\User\AppData\Local\Nox_crash.log
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-06 13:27 - 2015-11-06 13:27 - 0000458 _____ () C:\ProgramData\Local Disk (D) - Shortcut.lnk

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-02 11:19

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 AM

Posted 06 June 2017 - 12:14 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Flash Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [X]
S3 eapihdrv; \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

If the problem persists please post the MBAM log for my review.

#3 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:03:33 AM

Posted 06 June 2017 - 08:02 PM

thank you for your response :) but before we start I need let you know a few things first . I sent you a PM explaining every thing.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 AM

Posted 07 June 2017 - 07:47 AM


Forget about my fix for the moment.

Open your Chrome Extension and delete these 3 items in bold.

CHR Extension: (Flash Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]


Post the Malwarebytes log for my review.

#5 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:03:33 AM

Posted 07 June 2017 - 08:41 AM

these are the most resent. i hope this is what you were asking for.

 

 

05/28/17

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/28/2017
Scan Time: 12:40 PM
Logfile: 05.28.17.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.05.28.04
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273470
Time Elapsed: 26 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 8
PUP.Optional.MindSpark, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gifables.dl.myway.com_0.localstorage, Quarantined, [0d77dd402a7fa09662bc4387a260b44c],
PUP.Optional.MindSpark, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gifables.dl.myway.com_0.localstorage-journal, Quarantined, [f391b8659910db5bb16d02c89171f709],
PUP.Optional.MindSpark, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myradioaccess.dl.myway.com_0.localstorage, Quarantined, [8ff534e99316bf7741ddb515719154ac],
PUP.Optional.MindSpark, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myradioaccess.dl.myway.com_0.localstorage-journal, Quarantined, [b8ccc954e5c4b87ec35b9c2ed82a10f0],
PUP.Optional.MindSpark, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gifables.dl.tb.ask.com_0.localstorage, Quarantined, [651ffe1f4762152176a97d4d20e26f91],
PUP.Optional.MindSpark, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gifables.dl.tb.ask.com_0.localstorage-journal, Quarantined, [265e48d59c0dc76fd847b81246bc768a],
PUP.Optional.MindSpark, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myradioaccess.dl.tb.ask.com_0.localstorage, Quarantined, [0e760a139415c67039e6b119fc06a65a],
PUP.Optional.MindSpark, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myradioaccess.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1173f22b931645f126f94189fb071de3],

Physical Sectors: 0
(No malicious items detected)


(end)

 

06/03/17

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/3/2017
Scan Time: 2:34 PM
Logfile: 06.03.17.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.06.03.03
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274221
Time Elapsed: 27 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fulltab.com_0.localstorage, Quarantined, [def1df5b6049f83ed2ae11f737ca827e],
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fulltab.com_0.localstorage-journal, Quarantined, [913e82b89d0c57dfe0a0cf39976a738d],
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.fulltabsearch.com_0.localstorage, Quarantined, [5f70201a5b4eef474f199574c23fa759],
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.fulltabsearch.com_0.localstorage-journal, Quarantined, [1bb4d3679f0a55e1076155b4f60bd927],

Physical Sectors: 0
(No malicious items detected)


(end)

 

06/05/17

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/5/2017
Scan Time: 8:47 AM
Logfile: 96.05.17.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.06.05.03
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274876
Time Elapsed: 22 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fulltab.com_0.localstorage, Quarantined, [8c0b58e3ebbe63d3b2cdd137907131cf],
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fulltab.com_0.localstorage-journal, Quarantined, [7e19a4978e1bcf67f08f05035fa23fc1],

Physical Sectors: 0
(No malicious items detected)

 



#6 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:03:33 AM

Posted 07 June 2017 - 09:15 AM

i deleted flash video downloader extension but i don't see the other 2



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 AM

Posted 07 June 2017 - 09:49 AM

Do you still have PUP issues?

#8 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:03:33 AM

Posted 07 June 2017 - 09:51 AM

yes. i just did a scan and i got this

 

 

Scan Date: 6/7/2017
Scan Time: 10:18 AM
Logfile: 06.07.17.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.06.07.04
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276273
Time Elapsed: 29 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fulltab.com_0.localstorage, , [253b2c105851a096d39e7395b64b58a8],
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fulltab.com_0.localstorage-journal, , [0c5441fb7831b1856f025eaa639e3ac6],
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.fulltabsearch.com_0.localstorage, , [c59b55e7f8b140f665f47990a65bd729],
PUP.Optional.FullTab, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.fulltabsearch.com_0.localstorage-journal, , [94cc192307a2a59196c328e1b051e61a],

Physical Sectors: 0
(No malicious items detected)


(end)



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 AM

Posted 07 June 2017 - 10:00 AM

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.

Clean everything that MBAM will find.
Run MBAM twice to make sure all is well.

Keep me posted.

#10 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:03:33 AM

Posted 07 June 2017 - 02:45 PM

ok i did as you said . i reset chrome then did back to back MBAM scans and doth came up with nothing.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 AM

Posted 08 June 2017 - 06:50 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#12 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:03:33 AM

Posted 09 June 2017 - 08:13 AM

thank you very much for all your help :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users