Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

to much windows (commercials) opening [Solved]

Started by HaraMo , Mar 15 2015 07:13 AM

  • This topic is locked This topic is locked

#16
HaraMo
Posted 26 March 2015 - 10:49 AM

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

I tried firefox, I think it also happens in firefox as in IE., but not sure.

 

It's possible it has to do with the page I'm visiting, it is loaded with commercials, so if I click somewhere , than extra windows appears (commercials).

 

one IE stopped working , something about DEP, to prevent virus attack on memory (my own words).

 

I will let mbam to scan


Edited by HaraMo, 26 March 2015 - 10:59 AM.

  • 0

Advertisements

#17
Essexboy
Posted 26 March 2015 - 11:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK when MBAM has finished could you run a fresh FRST scan for me please
  • 0

#18
HaraMo
Posted 03 April 2015 - 04:54 PM

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

sorry, will let mbam scan, forget about it. let you know soon


  • 0

#19
HaraMo
Posted 03 April 2015 - 05:37 PM

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

mbam scanned, found a lot of threads, I hit the button at the left corner (put all in quaranty) and then it finished but I can't find the log, the log I opened after mbam finished is empty.

 

and in history, no scan log found.

 

My mistake, I thaught mbam was finished, but minutes later a windows appears to reboot laptop.  

 

Will check log and upload it soon.


Edited by HaraMo, 03 April 2015 - 05:43 PM.

  • 0

#20
HaraMo
Posted 03 April 2015 - 05:51 PM

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scandatum: 4/04/2015
Scantijd: 0:59:06
Logbestand: logmbam.txt
Beheerder: Ja
 
Versie: 2.00.4.1028
Malwaredatabase: v2015.04.03.08
Rootkitdatabase: v2015.03.31.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
 
Besturingssysteem: Windows Vista Service Pack 2
Processor: x86
Bestandssysteem: NTFS
Gebruiker: User
 
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 364165
Verstreken Tijd: 27 m, 44 s
 
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld
 
Processen: 0
(Geen kwaadaardige items gedetecteerd)
 
Modules: 0
(Geen kwaadaardige items gedetecteerd)
 
Registersleutels: 3
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, In Quarantaine, [9f74c98359317bbb19be9da160a5f30d], 
PUP.Optional.VNMToolbar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dghncoeocefmhkhiphdgikkamjeglbfh, In Quarantaine, [43d093b9662477bfaf07489c8d7616ea], 
PUP.Optional.MediaPlayerVideo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Media+PlayerVidEd2.5-nv, In Quarantaine, [a271b7956f1b0c2a22495d6ca65d29d7], 
 
Registerwaardes: 1
PUP.Optional.MBot.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_be_13, In Quarantaine, [49caa6a6a2e89e9858380dce27dccb35], 
 
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
 
Mappen: 11
PUP.Optional.Datamngr.A, C:\Users\User\AppData\LocalLow\DataMngr, In Quarantaine, [28eb3319d3b773c3a963157163a0a65a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected], In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\defaults, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\defaults\preferences, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData\plugins, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\locale, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\locale\en-US, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.DataMngr.A, C:\ProgramData\Datamngr, In Quarantaine, [53c06be1b8d261d5651c495ea162f20e], 
PUP.Optional.FastPlayer.A, C:\Users\User\AppData\Local\com\FastPlayer.exe_Url_ciccyb0pt404zejkup1z3zavmfgzkecl, In Quarantaine, [d142d6766f1b2a0ceb1ecbe0d3302cd4], 
PUP.Optional.FastPlayer.A, C:\Users\User\AppData\Local\com\FastPlayer.exe_Url_ciccyb0pt404zejkup1z3zavmfgzkecl\1.0.0.1, In Quarantaine, [d142d6766f1b2a0ceb1ecbe0d3302cd4], 
 
Bestanden: 36
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNHK_01009.Wdf, Verwijder-bij-Herstart, , 
PUP.Optional.MindSpark.A, C:\$Recycle.Bin\S-1-5-21-3988253976-802080291-3916808085-1004\$RU5J3RR.exe, In Quarantaine, [050eb5975d2d0630b8c3960adb2a6898], 
PUP.Optional.DomaIQ, C:\Users\User\Downloads\Setup v2 1 (1).exe, In Quarantaine, [fe15aca04e3c8fa70f9d55037b85c43c], 
PUP.Optional.DomaIQ, C:\Users\User\Downloads\Setup v2 1.exe, In Quarantaine, [bd564ffd325886b03379d682f9072dd3], 
PUP.Optional.OneClickDownloader.A, C:\Users\User\Downloads\nelolive_download.exe, In Quarantaine, [72a192baf4966accae52bead877ade22], 
PUP.Optional.DomaIQ, C:\Users\User\Downloads\Player Setup (3).exe, In Quarantaine, [48cb133902881620767d1244da26c13f], 
PUP.Optional.DomaIQ, C:\Users\User\Downloads\Player Setup (5).exe, In Quarantaine, [d1422329e3a743f3298d0b4e25db7090], 
PUP.Optional.IBryte, C:\Users\User\Downloads\setup (10).exe, In Quarantaine, [9a79fa524644c17512d1a0566d94827e], 
PUP.Optional.DigiPlug, C:\Users\User\Downloads\Setup (16).exe, In Quarantaine, [898acb819cee0a2c69a4d840c0421ae6], 
PUP.Optional.DomaIQ, C:\Users\User\Downloads\Setup (2).exe, In Quarantaine, [d43f91bb6c1e4aec8271b89e07f95aa6], 
PUP.Optional.DomaIQ, C:\Users\User\Downloads\Setup (3).exe, In Quarantaine, [4bc8ed5f305ac670d61d97bfa060ef11], 
PUP.Optional.MultiPlug, C:\Users\User\Downloads\Setup (4).exe, In Quarantaine, [fe15d5770c7e2f0725bc02df8978d030], 
PUP.Optional.MultiPlug, C:\Users\User\Downloads\Setup (5).exe, In Quarantaine, [ec27b3995139a88e6f72667beb1658a8], 
PUP.Optional.SoftPulse, C:\Users\User\Downloads\Setup (6).exe, In Quarantaine, [957e50fce2a82f077a339dba9a66f010], 
PUP.Optional.OptimunInstaller, C:\Users\User\Downloads\setup (7).exe, In Quarantaine, [769d90bce5a5c0761b480f3cd12f8080], 
PUP.Optional.OptimunInstaller, C:\Users\User\Downloads\setup (8).exe, In Quarantaine, [7e9508444d3d2115e67dd97230d0de22], 
Trojan.BHO, C:\Users\User\Downloads\flash (1).exe, In Quarantaine, [da39d27af5956dc937f4c6b9ea1653ad], 
Trojan.BHO, C:\Users\User\Downloads\flash.exe, In Quarantaine, [0e05b9933e4cd75fe64517680cf4966a], 
PUP.Optional.OneClickDownloader.A, C:\Users\User\Downloads\nelolive_download (1).exe, In Quarantaine, [b95ad27a5733171f08f81a5142bf966a], 
PUP.Optional.IBryte, C:\Users\User\Downloads\setup (9).exe, In Quarantaine, [977c6ae2aae0b87e6d7612e4867b32ce], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI34B7.tmp, In Quarantaine, [bf5458f4f892c4724f98cb64b44c59a7], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\2549ff2.msi, In Quarantaine, [56bd85c71f6b082e28ff7a39e21f4bb5], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI34B7.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantaine, [33e02428a7e375c1de09042b19e76898], 
PUP.Optional.Datamngr.A, C:\Users\User\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantaine, [28eb3319d3b773c3a963157163a0a65a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\chrome.manifest, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\install.rdf, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\defaults\preferences\prefs.js, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData\manifest.xml, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData\plugins.json, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData\plugins\180.js, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData\plugins\192.js, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData\plugins\253.js, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData\plugins\273.js, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\extensionData\plugins\301.js, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions\[email protected]\locale\en-US\translations.dtd, In Quarantaine, [25ee4dffe6a4e65010b0f8ad887b718f], 
PUP.Optional.FastPlayer.A, C:\Users\User\AppData\Local\com\FastPlayer.exe_Url_ciccyb0pt404zejkup1z3zavmfgzkecl\1.0.0.1\user.config, In Quarantaine, [d142d6766f1b2a0ceb1ecbe0d3302cd4], 
 
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
 
 
(end)

  • 0

#21
HaraMo
Posted 03 April 2015 - 05:59 PM

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by User (administrator) on PC_BUSSINES on 04-04-2015 01:55:16
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Nederlands (Nederland)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
() C:\Program Files\Softex\OmniPass\opvapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3988253976-802080291-3916808085-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-12] (Google Inc.)
HKU\S-1-5-21-3988253976-802080291-3916808085-1004\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3988253976-802080291-3916808085-1004\...\MountPoints2: {c5b9bf51-6909-11e4-a34e-001bfc97586a} - E:\DTE_Privacy_launcher.exe
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3988253976-802080291-3916808085-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-be/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3988253976-802080291-3916808085-1004 -> 1AE3244F33ED4BF5B51960D970818C66 URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3988253976-802080291-3916808085-1004 -> {249B52F7-4E23-4B29-AF44-301875F10B5E} URL = https://www.google.c...q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live Aanmelden - Help -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3988253976-802080291-3916808085-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.19.243.50
Tcpip\..\Interfaces\{C25BB66B-77AC-4196-863C-4478A13F7C78}: [NameServer] 134.184.250.7,134.184.15.13
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default
FF NewTab: 
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: 
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2010-01-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2010-01-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2010-01-29] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-02-25] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32(76).dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2010-01-29] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2010-01-29] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2010-01-29] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2006-11-09] ()
FF Extension: Microsoft .NET Framework Assistant - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-03-17]
FF Extension: Packard Bell Settings - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2007-11-09]
FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2007-11-09]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-11-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-25]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions
FF HKU\S-1-5-21-3988253976-802080291-3916808085-1004\...\Firefox\Extensions: [[email protected]] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\93clg68m.default\extensions
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
StartMenuInternet: Google Chrome.LX2IXEFA66ZXZ45XCZM335ABAI - C:\Users\Dushi\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S4 NACAgent; C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe [783616 2010-08-19] (Cisco Systems, Inc.)
S4 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2006-12-15] (Softex Inc.) [File not signed]
S4 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2006-12-11] (Syntek America Inc.)
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [139144 2006-12-15] (AuthenTec, Inc.)
S3 FIXUSTOR; C:\Windows\System32\DRIVERS\fixustor.sys [12544 2006-10-31] (Genesys Logic)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [6272 2006-10-27] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 StkCMini; C:\Windows\System32\DRIVERS\StkCMini.sys [1132544 2006-12-22] (Syntek)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbscan; system32\DRIVERS\usbscan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-30 22:04 - 2015-03-30 22:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Real
2015-03-22 18:45 - 2015-03-22 18:45 - 05200384 _____ (AVAST Software) C:\Users\User\Desktop\aswmbr.exe
2015-03-15 19:29 - 2015-03-15 19:38 - 00000000 ____D () C:\AdwCleaner
2015-03-15 19:26 - 2015-03-15 19:26 - 02171392 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2015-03-15 19:13 - 2015-03-15 14:33 - 01135104 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-03-15 15:15 - 2015-04-04 01:54 - 00000000 ____D () C:\Users\User\Desktop\15-03-2015 grote schoonmaak
2015-03-15 14:39 - 2015-03-15 15:11 - 00033485 _____ () C:\Users\User\Desktop\Addition.txt
2015-03-15 14:36 - 2015-04-04 01:55 - 00011467 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-15 14:35 - 2015-04-04 01:55 - 00000000 ____D () C:\FRST
2015-03-15 14:20 - 2015-03-31 00:37 - 00001958 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-03-15 14:20 - 2015-03-31 00:36 - 00000843 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-15 14:20 - 2015-03-31 00:36 - 00000831 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-15 14:20 - 2015-03-31 00:36 - 00000831 _____ () C:\ProgramData\Desktop\TeamViewer 10.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 01:46 - 2008-01-08 00:04 - 02024129 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 01:44 - 2007-11-09 21:43 - 00763554 _____ () C:\Windows\system32\perfh013.dat
2015-04-04 01:44 - 2007-11-09 21:43 - 00166132 _____ () C:\Windows\system32\perfc013.dat
2015-04-04 01:44 - 2006-11-02 12:33 - 01712506 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 01:41 - 2014-09-25 18:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 01:39 - 2007-11-09 14:20 - 00275612 _____ () C:\Windows\PFRO.log
2015-04-04 01:39 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 01:39 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 01:39 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 01:38 - 2007-11-09 13:38 - 00003204 _____ () C:\Windows\bthservsdp.dat
2015-04-04 01:38 - 2006-11-02 15:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-04 01:37 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\User\AppData\Local\com
2015-04-04 01:37 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-04 01:08 - 2014-05-02 10:46 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 21:59 - 2008-01-08 00:19 - 00000354 _____ () C:\Windows\Tasks\Uitgebreide garantie.job
2015-04-03 21:59 - 2008-01-08 00:19 - 00000354 _____ () C:\Windows\Tasks\Recovery DVD Creator.job
2015-03-31 00:37 - 2014-03-16 17:17 - 00000000 ____D () C:\Program Files\TeamViewer
2015-03-31 00:28 - 2014-03-16 17:49 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-03-26 18:05 - 2014-05-02 10:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-26 18:05 - 2014-05-02 10:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-26 18:05 - 2014-04-17 17:35 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-03-22 20:10 - 2014-03-18 13:08 - 00000512 _____ () C:\Users\User\Desktop\MBR.dat
2015-03-16 02:13 - 2014-03-16 19:07 - 00000000 ____D () C:\Users\User\Tracing
2015-03-15 19:38 - 2015-02-13 11:54 - 00000958 _____ () C:\Users\User\Desktop\Internet Explorer (2).lnk
2015-03-15 19:38 - 2014-03-16 17:49 - 00000988 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-15 19:38 - 2007-11-09 13:59 - 00000925 _____ () C:\Users\Public\Desktop\Internet - Firefox.lnk
2015-03-15 19:38 - 2007-11-09 13:59 - 00000925 _____ () C:\ProgramData\Desktop\Internet - Firefox.lnk
2015-03-15 19:38 - 2007-11-09 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-03-15 19:22 - 2006-11-02 14:47 - 00423864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-15 19:08 - 2014-03-16 18:22 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-03-15 19:08 - 2007-11-09 14:04 - 00000000 ____D () C:\Program Files\Google
2015-03-15 14:31 - 2014-03-16 17:50 - 00116464 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-12 23:56 - 2013-09-16 01:18 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-03-12 23:53 - 2014-09-25 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-12 23:53 - 2014-09-25 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-12 23:53 - 2014-03-18 16:57 - 00000902 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-12 23:53 - 2014-03-18 16:57 - 00000902 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-12 23:32 - 2014-01-25 17:26 - 00000000 ____D () C:\Windows\pss
2015-03-12 01:15 - 2015-01-08 15:15 - 00000086 _____ () C:\Users\User\AppData\Roaming\WB.CFG
 
==================== Files in the root of some directories =======
 
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\User\AppData\Roaming\IGTZIQD
2015-01-08 01:02 - 2015-01-08 01:02 - 1356768 _____ () C:\Users\User\AppData\Roaming\IGTZIQD.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\User\AppData\Roaming\VQUFGO
2014-09-22 12:25 - 2014-09-22 12:25 - 1968544 _____ () C:\Users\User\AppData\Roaming\VQUFGO.exe
2015-01-08 15:15 - 2015-03-12 01:15 - 0000086 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2014-06-09 18:11 - 2014-06-09 18:11 - 0000552 _____ () C:\Users\User\AppData\Local\d3d8caps.dat
2014-04-01 11:35 - 2014-11-17 04:41 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 01:46
 
==================== End Of Log ============================

  • 0

#22
Essexboy
Posted 04 April 2015 - 04:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking good now, MBAM found the orphans for me :)

Any further problems ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\User\AppData\Roaming\IGTZIQD
2015-01-08 01:02 - 2015-01-08 01:02 - 1356768 _____ () C:\Users\User\AppData\Roaming\IGTZIQD.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\User\AppData\Roaming\VQUFGO
2014-09-22 12:25 - 2014-09-22 12:25 - 1968544 _____ () C:\Users\User\AppData\Roaming\VQUFGO.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#23
HaraMo
Posted 05 April 2015 - 10:54 AM

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

browsing is running smoothly, not slow anymore, thanks a lot.

 

Only the commercial on that specific site keep coming on IE, tried in on firefox same problem.

 

log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by User at 2015-04-05 18:46:23 Run:3
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\User\AppData\Roaming\IGTZIQD
2015-01-08 01:02 - 2015-01-08 01:02 - 1356768 _____ () C:\Users\User\AppData\Roaming\IGTZIQD.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\User\AppData\Roaming\VQUFGO
2014-09-22 12:25 - 2014-09-22 12:25 - 1968544 _____ () C:\Users\User\AppData\Roaming\VQUFGO.exe
EmptyTemp:
CMD: bitsadmin /reset /allUsers
*****************
 
Restore point was successfully created.
C:\Users\User\AppData\Roaming\IGTZIQD => Moved successfully.
C:\Users\User\AppData\Roaming\IGTZIQD.exe => Moved successfully.
C:\Users\User\AppData\Roaming\VQUFGO => Moved successfully.
C:\Users\User\AppData\Roaming\VQUFGO.exe => Moved successfully.
 
=========  bitsadmin /reset /allUsers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 138.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:47:05 ====

  • 0

#24
Essexboy
Posted 05 April 2015 - 11:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What site is that ?
  • 0

#25
HaraMo
Posted 06 April 2015 - 03:26 PM

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

this one:

 

http://aflam4you.tv/


  • 0

Advertisements

#26
Essexboy
Posted 07 April 2015 - 07:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It looks to be associated with that site.

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#27
Essexboy
Posted 08 April 2015 - 07:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP