vanstrummer
-
Posts
3 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by vanstrummer
-
Having a problem with frequent pop-ups in Chrome.
vanstrummer replied to vanstrummer's topic in Resolved Malware Removal Logs
Sorry for the delayed response. I did run AdwCleaner first. And just to be sure I just re-ran it and it found nothing to clean. -
Having a problem with frequent pop-ups in Chrome.
vanstrummer replied to vanstrummer's topic in Resolved Malware Removal Logs
Thank you for the hasty reply! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by User (administrator) on USER-HP on 05-10-2013 08:49:09Running from C:\Users\User\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(AMD) C:\Windows\system32\atieclxx.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.28\ccSvcHst.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.28\ccSvcHst.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIEA.EXE(Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [984736 2011-10-22] (Atheros Commnucations)HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-14] (Google Inc.)HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)HKCU\...\Run: [RegistryBooster] - C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe [68000 2012-07-08] (Uniblue Systems Limited)HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEA.EXE [278112 2011-11-01] (SEIKO EPSON CORPORATION)HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1MountPoints2: {4eb04e0b-9b22-11e1-aa77-806e6f6e6963} - "F:\Diablo III Setup.exe"HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyBtD0DyB0DtDyDzzzyyBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=719453255SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyBtD0DyB0DtDyDzzzyyBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=719453255SearchScopes: HKLM - {B6ED369D-31DA-43BB-BBF4-027A2C132C6A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}SearchScopes: HKLM-x32 - {B6ED369D-31DA-43BB-BBF4-027A2C132C6A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}SearchScopes: HKCU - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyBtD0DyB0DtDyDzzzyyBtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=719453255SearchScopes: HKCU - {B6ED369D-31DA-43BB-BBF4-027A2C132C6A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 FireFox:========FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ajwcnuv.defaultFF SelectedSearchEngine: SearchFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ajwcnuv.default\Extensions\crossriderapp2258@crossrider.comFF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\FF HKCU\...\Firefox\Extensions: [support@unfriendapp.com] - C:\Program Files (x86)\UnfriendApp\Firefox\FF Extension: UnfriendApp - C:\Program Files (x86)\UnfriendApp\Firefox\ Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No FileCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()CHR Plugin: (PremierOpinion) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins/pmcm.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (UnfriendApp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.65265_0CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\Program Files (x86)\UnfriendApp\Chrome\common.crx ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-20] (BitRaider, LLC)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121214.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121214.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121216.007\ENG64.SYS [126112 2012-12-17] (Symantec Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121216.007\ENG64.SYS [126112 2012-12-17] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121216.007\EX64.SYS [2084000 2012-12-17] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121216.007\EX64.SYS [2084000 2012-12-17] (Symantec Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 SRTSP; C:\Windows\system32\drivers\NAVx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\NAVx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-05-11] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)R1 SymNetS; C:\Windows\system32\drivers\NAVx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-05 08:47 - 2013-10-05 08:47 - 01954124 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe2013-10-05 08:47 - 2013-10-05 08:47 - 00000000 ____D C:\FRST2013-10-05 08:25 - 2013-10-05 08:28 - 00000000 ____D C:\AdwCleaner2013-10-05 07:32 - 2013-10-05 07:32 - 01045226 _____ C:\Users\User\Desktop\adwcleaner.exe2013-10-05 07:29 - 2013-10-05 07:30 - 00891167 _____ C:\Users\User\Desktop\SecurityCheck.exe2013-10-03 06:31 - 2013-10-03 06:31 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith2013-10-03 06:31 - 2013-10-03 06:31 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-10-03 06:30 - 2013-10-03 06:30 - 00000000 ____D C:\Program Files (x86)\TechSmith2013-09-24 08:06 - 2013-09-24 08:19 - 58005545 _____ C:\Users\User\Downloads\MFC-HyruleFairy-08_09_2013-07.01.33-UTC.x264.mp42013-09-24 06:00 - 2013-09-24 06:01 - 573419520 _____ C:\Users\User\Documents\ladychaichai.camrec2013-09-23 02:42 - 2013-09-23 01:34 - 405012480 _____ C:\Users\User\Desktop\Mario Super Sluggers [RMBE01].iso2013-09-23 02:38 - 2013-09-23 02:38 - 00000963 _____ C:\Users\Public\Desktop\WBFS to ISO.lnk2013-09-23 02:38 - 2013-09-23 02:38 - 00000000 ____D C:\Program Files (x86)\WBFS to ISO2013-09-23 02:37 - 2013-09-23 02:37 - 01752750 _____ (wbfstoiso.com ) C:\Users\User\Downloads\wbfstoiso_setup.exe2013-09-23 02:25 - 2013-09-23 02:32 - 1505881451 _____ C:\Users\User\Desktop\RMBE01.iso2013-09-23 00:30 - 2013-09-23 01:34 - 1509949440 _____ C:\Users\User\Desktop\RMBE01.wbfs2013-09-22 23:17 - 2013-09-22 23:17 - 16503094 _____ C:\Users\User\Downloads\USBLoader_GX_V3_0_AllinOnePackage_IOS249.zip2013-09-21 08:44 - 2013-09-21 08:46 - 1634361344 _____ C:\Users\User\Documents\capture-13.camrec2013-09-18 07:54 - 2013-09-18 08:49 - 167375614 _____ C:\Users\User\Downloads\Infinite_t_nataliagrey_08_13_13.mp42013-09-11 05:49 - 2013-09-11 05:52 - 3104374784 _____ C:\Users\User\Documents\capture-12.camrec2013-09-10 06:13 - 2013-09-10 06:22 - 26192220 _____ C:\Users\User\Downloads\MFC-HyruleFairy-08_18_2013-08.17.38-UTC.x264.mp42013-09-09 02:18 - 2009-03-14 12:11 - 405012480 _____ C:\Users\User\Desktop\mtusaproper(compress).iso2013-09-09 02:16 - 2013-09-09 02:16 - 00000000 ____D C:\Users\User\AppData\Local\WBFSManager ==================== One Month Modified Files and Folders ======= 2013-10-05 08:47 - 2013-10-05 08:47 - 01954124 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe2013-10-05 08:47 - 2013-10-05 08:47 - 00000000 ____D C:\FRST2013-10-05 08:47 - 2012-05-20 05:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-05 08:41 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-05 08:41 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-05 08:39 - 2011-12-25 04:57 - 01078191 _____ C:\Windows\WindowsUpdate.log2013-10-05 08:37 - 2012-10-05 08:49 - 00000342 _____ C:\Windows\Tasks\RegistryBooster.job2013-10-05 08:36 - 2012-09-14 05:41 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706345589-3361608085-3645803954-1001UA.job2013-10-05 08:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-05 08:34 - 2009-07-14 00:51 - 00047316 _____ C:\Windows\setupact.log2013-10-05 08:33 - 2012-05-19 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-10-05 08:28 - 2013-10-05 08:25 - 00000000 ____D C:\AdwCleaner2013-10-05 08:25 - 2012-05-10 22:12 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{352536FD-2F98-4440-B60C-2C43A173CFCF}2013-10-05 08:24 - 2012-06-23 18:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Azureus2013-10-05 07:32 - 2013-10-05 07:32 - 01045226 _____ C:\Users\User\Desktop\adwcleaner.exe2013-10-05 07:30 - 2013-10-05 07:29 - 00891167 _____ C:\Users\User\Desktop\SecurityCheck.exe2013-10-05 07:28 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp2013-10-05 04:36 - 2012-09-14 05:41 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-706345589-3361608085-3645803954-1001Core.job2013-10-04 06:01 - 2013-06-23 16:25 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForUser.job2013-10-03 06:31 - 2013-10-03 06:31 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith2013-10-03 06:31 - 2013-10-03 06:31 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-10-03 06:30 - 2013-10-03 06:30 - 00000000 ____D C:\Program Files (x86)\TechSmith2013-10-03 06:30 - 2013-07-30 07:50 - 00000000 ____D C:\ProgramData\TechSmith2013-10-03 06:26 - 2013-07-30 07:42 - 00004509 _____ C:\Users\User\AppData\Roaming\CamStudio.cfg2013-10-03 06:26 - 2013-07-30 07:42 - 00000408 _____ C:\Users\User\AppData\Roaming\CamShapes.ini2013-10-03 06:26 - 2013-07-30 07:42 - 00000408 _____ C:\Users\User\AppData\Roaming\CamLayout.ini2013-10-03 06:26 - 2013-07-30 07:42 - 00000096 _____ C:\Users\User\AppData\Roaming\Camdata.ini2013-10-03 06:26 - 2013-07-30 07:37 - 00000000 ____D C:\Program Files (x86)\CamStudio 2.72013-09-30 03:05 - 2012-07-08 18:12 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc2013-09-28 12:46 - 2012-05-26 14:02 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2013-09-28 12:46 - 2012-05-19 21:09 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log2013-09-24 08:19 - 2013-09-24 08:06 - 58005545 _____ C:\Users\User\Downloads\MFC-HyruleFairy-08_09_2013-07.01.33-UTC.x264.mp42013-09-24 06:01 - 2013-09-24 06:00 - 573419520 _____ C:\Users\User\Documents\ladychaichai.camrec2013-09-24 06:00 - 2013-02-25 00:52 - 00006656 _____ C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-09-23 02:38 - 2013-09-23 02:38 - 00000963 _____ C:\Users\Public\Desktop\WBFS to ISO.lnk2013-09-23 02:38 - 2013-09-23 02:38 - 00000000 ____D C:\Program Files (x86)\WBFS to ISO2013-09-23 02:37 - 2013-09-23 02:37 - 01752750 _____ (wbfstoiso.com ) C:\Users\User\Downloads\wbfstoiso_setup.exe2013-09-23 02:32 - 2013-09-23 02:25 - 1505881451 _____ C:\Users\User\Desktop\RMBE01.iso2013-09-23 01:34 - 2013-09-23 02:42 - 405012480 _____ C:\Users\User\Desktop\Mario Super Sluggers [RMBE01].iso2013-09-23 01:34 - 2013-09-23 00:30 - 1509949440 _____ C:\Users\User\Desktop\RMBE01.wbfs2013-09-23 00:27 - 2012-06-23 18:02 - 00000000 ____D C:\Users\User\AppData\Local\WinZip2013-09-23 00:25 - 2013-08-21 03:08 - 00000000 ____D C:\Users\User\Documents\WBFS Manager Covers2013-09-23 00:25 - 2009-07-14 01:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-22 23:17 - 2013-09-22 23:17 - 16503094 _____ C:\Users\User\Downloads\USBLoader_GX_V3_0_AllinOnePackage_IOS249.zip2013-09-21 17:06 - 2012-09-14 05:42 - 00002358 _____ C:\Users\User\Desktop\Google Chrome.lnk2013-09-21 08:46 - 2013-09-21 08:44 - 1634361344 _____ C:\Users\User\Documents\capture-13.camrec2013-09-20 05:58 - 2012-05-20 05:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-20 05:58 - 2012-05-20 05:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-09-20 05:58 - 2011-10-15 02:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-09-18 08:49 - 2013-09-18 07:54 - 167375614 _____ C:\Users\User\Downloads\Infinite_t_nataliagrey_08_13_13.mp42013-09-18 05:29 - 2013-06-20 05:01 - 00000000 ____D C:\ProgramData\BitRaider2013-09-11 05:52 - 2013-09-11 05:49 - 3104374784 _____ C:\Users\User\Documents\capture-12.camrec2013-09-10 06:22 - 2013-09-10 06:13 - 26192220 _____ C:\Users\User\Downloads\MFC-HyruleFairy-08_18_2013-08.17.38-UTC.x264.mp42013-09-10 05:37 - 2012-05-19 20:53 - 00000000 ____D C:\Program Files (x86)\Diablo III2013-09-09 02:16 - 2013-09-09 02:16 - 00000000 ____D C:\Users\User\AppData\Local\WBFSManager2013-09-07 12:13 - 2011-02-10 15:23 - 00000000 ____D C:\SWSetup Files to move or delete:====================C:\Users\User\AppData\Roaming\Camdata.iniC:\Users\User\AppData\Roaming\CamLayout.iniC:\Users\User\AppData\Roaming\CamShapes.ini Some content of TEMP:====================C:\Users\User\AppData\Local\Temp\Extract.exeC:\Users\User\AppData\Local\Temp\i4jdel0.exeC:\Users\User\AppData\Local\Temp\Quarantine.exeC:\Users\User\AppData\Local\Temp\SP59792.exeC:\Users\User\AppData\Local\Temp\SP62234.exeC:\Users\User\AppData\Local\Temp\SRLDetectionLibrary1876351407386324400.dllC:\Users\User\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-03 07:50 ==================== End Of Log ============================Addition.txt -
I believe I may have some kind of malware in my google chrome. Occasionally when I click on any link, a new tab will pop up with a random "you've won something" tab. Also when i'm on certain sites these mini-windows will pop-up. Most of them have "X's" but even when you click them, another pop-up opens. Also some of them are invisible with just the "X". I have no idea what I could have downloaded to cause these kinds of problems. Any kind of help anybody can offer would be greatly appreciated.