Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Flash Update Popups in Firefox


  • This topic is locked This topic is locked
10 replies to this topic

#1 JC45

JC45

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 31 July 2014 - 03:17 PM

I am having an issue in Firefox with new page tabs loading at random which typically contain fake items requesting that I update flash player. 
 
some of these sites have been -
 
hxxttp://instant-download.net/
 
hxxttp://www.lpmxp2081.com/

If anyone can possibly help I appreciate it.

Thank you
 
listed below is my DDS log
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by mutant at 16:06:32 on 2014-07-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.24567.21986 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
F:\TCPVIEW\Tcpview.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\Mozilla\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\Mozilla\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\ips\ipsbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7DC59108-B602-40F9-86E7-A198D997C94A} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mutant\AppData\Roaming\Mozilla\Firefox\Profiles\tihya93k.default-1406755200901\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - plugin: E:\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Quicktime\Plugins\npqtplugin.dll
FF - plugin: E:\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: E:\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: E:\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: E:\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: E:\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: E:\Quicktime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-6 293416]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-25 56208]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1504000.00D\symds64.sys [2014-7-9 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1504000.00D\symefa64.sys [2014-7-9 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [2014-7-22 1530160]
R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1504000.00D\ccsetx64.sys [2014-7-9 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140730.002\IDSviA64.sys [2014-7-30 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1504000.00D\ironx64.sys [2014-7-9 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1504000.00D\symnets.sys [2014-7-9 593112]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-12-30 96896]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBios.sys [2010-2-3 30384]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe [2014-7-9 262968]
R2 XTUService;Intel® Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-4-9 22280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-11 142128]
R3 hdsp;RME Hammerfall Audio Device;C:\Windows\System32\drivers\hdsp_64.sys [2010-8-5 97280]
R3 ICTDrv;ICTDrv;C:\Windows\System32\drivers\ICTDrv.sys [2009-7-10 22488]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-4-12 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 mlkumidi;MusicLab Virtual Miniport MIDI Driver;C:\Windows\System32\drivers\mlkumidi.sys [2012-8-29 57408]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 synusb64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-5-6 30352]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 398112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2011-4-1 23904]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-20 1432400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-25 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672]
S3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys [2010-2-9 28680]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;C:\Windows\System32\drivers\MAudioLegacyKeyboard.sys [2010-2-9 196616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-10-6 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-22 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-2 1255736]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-2-1 129440]
S4 MDES;DVM Meta Data Export Service;C:\ASUS.SYS\CONFIG\DVMExportService.exe [2009-3-24 319488]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;E:\3DSMax2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;E:\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-07-31 20:00:26    69000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9CD92058-0DF2-4A92-A67B-5595A88708C1}\offreg.dll
2014-07-31 16:29:53    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2014-07-31 02:08:28    --------    d-----w-    C:\Users\mutant\AppData\Roaming\Adersoft
2014-07-31 01:59:35    537088    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ScriptDebug\pdm.dll
2014-07-31 01:59:35    358904    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ScriptDebug\msdbg2.dll
2014-07-31 01:59:31    361800    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ScriptDebug\pdm.dll
2014-07-31 01:59:31    265720    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ScriptDebug\msdbg2.dll
2014-07-31 01:59:31    --------    d-----w-    C:\ProgramData\Vbsedit
2014-07-31 01:59:28    --------    d-----w-    C:\Users\mutant\AppData\Local\Adersoft
2014-07-30 21:11:07    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-07-30 21:11:05    --------    d-----w-    C:\Users\mutant\AppData\Local\temp
2014-07-30 20:49:52    29160    ----a-w-    C:\Windows\SysWow64\drivers\TrueSight.sys
2014-07-30 20:49:52    --------    d-----w-    C:\ProgramData\RogueKiller
2014-07-30 05:24:56    175528    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-07-29 22:35:23    --------    d-----w-    C:\Users\mutant\AppData\Local\Adobe
2014-07-29 05:06:58    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-29 05:06:58    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-11 20:44:27    --------    d-----w-    C:\PortQryV2
2014-07-09 11:05:41    875736    ----a-w-    C:\Windows\System32\drivers\NAVx64\1504000.00D\srtsp64.sys
2014-07-09 11:05:41    593112    ----a-w-    C:\Windows\System32\drivers\NAVx64\1504000.00D\symnets.sys
2014-07-09 11:05:41    493656    ----a-r-    C:\Windows\System32\drivers\NAVx64\1504000.00D\symds64.sys
2014-07-09 11:05:41    36952    ----a-r-    C:\Windows\System32\drivers\NAVx64\1504000.00D\srtspx64.sys
2014-07-09 11:05:41    264280    ----a-r-    C:\Windows\System32\drivers\NAVx64\1504000.00D\ironx64.sys
2014-07-09 11:05:41    23568    ----a-r-    C:\Windows\System32\drivers\NAVx64\1504000.00D\symelam.sys
2014-07-09 11:05:41    162392    ----a-r-    C:\Windows\System32\drivers\NAVx64\1504000.00D\ccsetx64.sys
2014-07-09 11:05:41    1148120    ----a-w-    C:\Windows\System32\drivers\NAVx64\1504000.00D\symefa64.sys
2014-07-09 11:05:35    --------    d-----w-    C:\Windows\System32\drivers\NAVx64\1504000.00D
.
==================== Find3M  ====================
.
2014-07-31 06:17:02    128728    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-31 06:16:52    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:26:10    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-12 11:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 16:06:50.83 ===============

Edited by nasdaq, 05 August 2014 - 09:12 AM.
Bad sites obfuscated.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 PM

Posted 05 August 2014 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

Edited by nasdaq, 05 August 2014 - 09:15 AM.


#3 JC45

JC45
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 05 August 2014 - 11:08 PM

I recently uninstalled a couple of Firefox plugins and so far the Fake Update Flash popups have not continued.

These were the two plugins that I removed -  

https://addons.mozilla.org/en-us/firefox/addon/video-downloadhelper/
https://addons.mozilla.org/en-us/firefox/addon/web-developer/


Also, in the Farbar scan under Internet where it mentions that there is more than one entry in Hosts.

I recently blocked a site, as I had begun occassionally noticing a strange connection. Apparently it was NXDOMAIN associated with the following DNS enhancing service which my ISP I suspect uses.

However I believe I have now successfully stopped it simply by altering the DNS servers on my router. But I just havent removed the additional hosts entry yet.

unallocated.barefruit.co.uk

 

 

Lastly, I also choose not to remove the Firefox pref.js file listed in AdwCleaner.

 

 

-----------

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/5/2014
Scan Time: 11:02:24 PM
Logfile: MalwarebytesScan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.05.09
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mutant

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455868
Time Elapsed: 5 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

--------------------------

 

Under the AdwareCleaner I choose not to remove the Firefox setting listed.

 

# AdwCleaner v3.302 - Report created 05/08/2014 at 23:13:09
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : mutant - MUTANT-PC
# Running from : C:\Users\mutant\Downloads\adwcleaner_3.302.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\mutant\AppData\Roaming\Mozilla\Firefox\Profiles\tihya93k.default-1406755200901\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\mutant\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2297 octets] - [23/05/2014 18:51:51]
AdwCleaner[R1].txt - [1160 octets] - [24/05/2014 01:41:54]
AdwCleaner[R2].txt - [1189 octets] - [27/07/2014 19:52:21]
AdwCleaner[R3].txt - [1006 octets] - [05/08/2014 23:13:09]
AdwCleaner[S0].txt - [2275 octets] - [23/05/2014 18:57:54]
AdwCleaner[S1].txt - [1226 octets] - [24/05/2014 01:44:37]
AdwCleaner[S2].txt - [1253 octets] - [27/07/2014 19:55:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1246 octets] ##########
 

 

 

-----------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by mutant (administrator) on MUTANT-PC on 05-08-2014 23:15:48
Running from C:\Users\mutant\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2222016538-2714971507-2960070370-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2222016538-2714971507-2960070370-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicyUsers\S-1-5-21-2222016538-2714971507-2960070370-1006\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE94378DC0162CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mutant\AppData\Roaming\Mozilla\Firefox\Profiles\tihya93k.default-1406755200901
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\mutant\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-11-14]
FF StartMenuInternet: FIREFOX.EXE - F:\Mozilla\firefox.exe

Chrome:
=======
CHR HomePage:
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\PROGRA~2\Google\Chrome\APPLIC~1\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\PROGRA~2\Google\Chrome\APPLIC~1\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\PROGRA~2\Google\Chrome\APPLIC~1\35.0.1916.153\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - E:\Quicktime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - E:\Quicktime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - E:\Quicktime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - E:\Quicktime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - E:\Quicktime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - E:\Quicktime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - E:\Quicktime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll No File
CHR Plugin: (iTunes Application Detector) - E:\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google Search) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [129440 2011-01-13] (Futuremark Corporation)
S4 MDES; C:\ASUS.SYS\CONFIG\DVMExportService.exe [319488 2009-03-24] (DeviceVM) [File not signed]
S4 mi-raysat_3dsmax2012_64; E:\3DSMax2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
S4 mi-raysat_3dsmax2013_64; E:\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe [262968 2014-06-27] (Symantec Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 XTUService; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [22280 2010-04-09] (Intel Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1504000.00D\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R3 hdsp; C:\Windows\System32\drivers\hdsp_64.sys [97280 2010-08-05] (RME)
R3 ICTDrv; C:\Windows\System32\DRIVERS\ICTDrv.sys [22488 2009-07-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140805.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140805.017\ENG64.SYS [126040 2014-06-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140805.017\EX64.SYS [2099288 2014-06-30] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1504000.00D\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1504000.00D\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1504000.00D\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2010-09-17] (Steinberg Media Technologies GmbH)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-30] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 23:15 - 2014-08-05 23:16 - 00013216 _____ () C:\Users\mutant\Downloads\FRST.txt
2014-08-05 23:15 - 2014-08-05 23:15 - 00000000 ____D () C:\FRST
2014-08-05 23:12 - 2014-08-05 23:12 - 01361309 _____ () C:\Users\mutant\Downloads\adwcleaner_3.302.exe
2014-08-05 23:10 - 2014-08-05 23:10 - 02094080 _____ (Farbar) C:\Users\mutant\Downloads\frst64.exe
2014-08-05 22:11 - 2014-08-05 22:11 - 00564575 _____ () C:\Users\mutant\Downloads\Vague.js-master.zip
2014-08-05 20:18 - 2014-08-05 20:18 - 00011393 _____ () C:\Users\mutant\Downloads\slide-push-menus-source.zip
2014-08-05 18:47 - 2014-08-05 18:47 - 00926517 _____ () C:\Users\mutant\Downloads\timemap.2.0.1.zip
2014-08-05 18:34 - 2014-08-05 18:34 - 00003878 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 16:46 - 2014-08-05 16:46 - 00006423 _____ () C:\Users\mutant\Downloads\3d-carousel-gallery-ii.zip
2014-08-05 16:36 - 2014-08-05 16:36 - 00012695 _____ () C:\Users\mutant\Downloads\css-3d-carousel.zip
2014-08-05 04:26 - 2014-08-05 04:26 - 00036233 _____ () C:\Users\mutant\Downloads\clanceyp-youtube-video-gallery-1.3.0-2-gb1c9c34.zip
2014-08-05 04:16 - 2014-08-05 04:16 - 00064683 _____ () C:\Users\mutant\Downloads\swipebox-master.zip
2014-08-05 03:55 - 2014-08-05 03:55 - 00072753 _____ () C:\Users\mutant\Downloads\Gallery-2.15.1.zip
2014-08-05 03:49 - 2014-08-05 03:49 - 01732457 _____ () C:\Users\mutant\Downloads\slick-master.zip
2014-08-05 03:46 - 2014-08-05 03:47 - 21728152 _____ () C:\Users\mutant\Downloads\amazingcarousel-win.zip
2014-08-05 03:18 - 2014-08-05 03:18 - 00010961 _____ () C:\Users\mutant\Downloads\simple-css3-jquery-carousel.zip
2014-08-05 03:10 - 2014-08-05 03:10 - 01005496 _____ () C:\Users\mutant\Downloads\3dcarousel-master.zip
2014-08-04 23:01 - 2014-08-04 23:02 - 00056450 _____ () C:\Users\mutant\Downloads\jquery.mb.YTPlayer-master.zip
2014-08-04 16:55 - 2014-08-04 16:55 - 00166897 _____ () C:\Users\mutant\Downloads\ThumbnailGridExpandingPreview.zip
2014-08-04 16:38 - 2014-08-04 16:38 - 00248595 _____ () C:\Users\mutant\Downloads\3DGridEffect.zip
2014-08-04 13:31 - 2014-08-04 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-08-04 02:53 - 2014-08-04 02:53 - 00001156 _____ () C:\Users\mutant\Desktop\bleepit - Shortcut.lnk
2014-08-03 21:41 - 2014-08-03 21:44 - 30222610 _____ () C:\Users\mutant\Downloads\Babylon.js-master.zip
2014-08-03 03:43 - 2014-08-03 03:43 - 00000967 _____ () C:\Users\mutant\Desktop\r1 - Shortcut.lnk
2014-08-03 01:46 - 2014-08-03 01:46 - 00786201 _____ () C:\Users\mutant\Downloads\timeline-2.9.0.zip
2014-08-02 21:56 - 2014-08-02 21:56 - 08660963 _____ () C:\Users\mutant\Downloads\template(2).zip
2014-08-02 21:47 - 2014-08-02 21:47 - 08658046 _____ () C:\Users\mutant\Downloads\template(1).zip
2014-08-02 21:46 - 2014-08-02 21:46 - 08464643 _____ () C:\Users\mutant\Downloads\bundle.zip
2014-08-02 21:26 - 2014-08-02 21:26 - 08655350 _____ () C:\Users\mutant\Downloads\template.zip
2014-08-02 19:49 - 2014-08-02 19:49 - 02751806 _____ () C:\Users\mutant\Downloads\3DJSGallery.zip
2014-08-02 19:19 - 2014-08-02 19:19 - 00001170 _____ () C:\Users\mutant\Desktop\index3 - Shortcut.lnk
2014-08-02 19:03 - 2014-08-02 19:04 - 02082978 _____ () C:\Users\mutant\Downloads\13-01-embedded-html-basic.zip
2014-08-02 18:20 - 2014-08-02 18:20 - 01190505 _____ () C:\Users\mutant\Downloads\art-gallery.zip
2014-08-01 16:06 - 2014-08-01 16:06 - 00716504 _____ () C:\Users\mutant\Downloads\honeyglobe-master.zip
2014-08-01 15:59 - 2014-08-01 16:00 - 00985011 _____ () C:\Users\mutant\Downloads\globe.js-master.zip
2014-07-31 18:46 - 2014-07-31 18:46 - 00063131 _____ () C:\Users\mutant\Downloads\Dateslider_v1.3.zip
2014-07-31 18:42 - 2014-07-31 18:42 - 00091652 _____ () C:\Users\mutant\Downloads\Lightweight-jQuery-Timeline-Plugin-jqtimeline.zip
2014-07-31 18:38 - 2014-07-31 18:38 - 00042705 _____ () C:\Users\mutant\Downloads\jquery-timecube-master.zip
2014-07-31 18:33 - 2014-07-31 18:33 - 00043792 _____ () C:\Users\mutant\Downloads\ion.rangeSlider-master.zip
2014-07-31 18:31 - 2014-07-31 18:31 - 00091109 _____ () C:\Users\mutant\Downloads\jqtimeline-master.zip
2014-07-31 18:17 - 2014-07-31 18:17 - 00215688 _____ () C:\Users\mutant\Downloads\jQRangeSlider-5.7.0.zip
2014-07-31 18:00 - 2014-07-31 18:02 - 267884203 _____ () C:\Users\mutant\Downloads\cookbook-gh-pages.zip
2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-31 12:18 - 2014-07-31 12:19 - 00401920 _____ (Farbar) C:\Users\mutant\Downloads\MiniToolBox(1).exe
2014-07-31 12:18 - 2014-07-31 12:18 - 00854390 _____ () C:\Users\mutant\Downloads\SecurityCheck(2).exe
2014-07-30 22:08 - 2014-07-30 22:08 - 00000000 ____D () C:\Users\mutant\AppData\Roaming\Adersoft
2014-07-30 21:59 - 2014-07-30 21:59 - 00000000 ____D () C:\Users\mutant\AppData\Local\Adersoft
2014-07-30 21:59 - 2014-07-30 21:59 - 00000000 ____D () C:\ProgramData\Vbsedit
2014-07-30 21:58 - 2014-07-30 21:58 - 09069112 _____ (Adersoft) C:\Users\mutant\Downloads\vbsedit.exe
2014-07-30 21:38 - 2014-07-30 21:38 - 00854390 _____ () C:\Users\mutant\Downloads\SecurityCheck(1).exe
2014-07-30 17:11 - 2014-07-30 17:11 - 00012824 _____ () C:\ComboFix.txt
2014-07-30 16:49 - 2014-07-30 16:49 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-30 16:49 - 2014-07-30 16:49 - 00004650 _____ () C:\Users\mutant\Desktop\Rkill.txt
2014-07-30 16:49 - 2014-07-30 16:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-30 01:28 - 2014-07-30 01:28 - 00000010 _____ () C:\Users\mutant\AppData\Local\sponge.last.runtime.cache
2014-07-30 01:24 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-07-30 01:18 - 2014-07-30 01:18 - 29611712 _____ (Microsoft Corporation) C:\Users\mutant\Downloads\Windows-KB890830-x64-V5.14.exe
2014-07-30 00:00 - 2014-07-31 16:07 - 00016190 _____ () C:\Users\mutant\Desktop\attach.txt
2014-07-30 00:00 - 2014-07-31 16:06 - 00012813 _____ () C:\Users\mutant\Desktop\dds.txt
2014-07-29 23:59 - 2014-07-29 23:59 - 00002362 _____ () C:\Users\mutant\Downloads\FSS.txt
2014-07-29 23:55 - 2014-07-31 12:31 - 00037778 _____ () C:\Users\mutant\Downloads\Result.txt
2014-07-29 23:23 - 2014-07-29 23:23 - 00415232 _____ (Farbar) C:\Users\mutant\Downloads\FSS.exe
2014-07-29 23:19 - 2014-07-29 23:19 - 00688992 ____R (Swearware) C:\Users\mutant\Downloads\dds.com
2014-07-29 23:17 - 2014-07-29 23:17 - 00448512 _____ (OldTimer Tools) C:\Users\mutant\Downloads\TFC.exe
2014-07-29 22:47 - 2014-07-29 22:47 - 04806744 _____ () C:\Users\mutant\Downloads\RogueKiller.exe
2014-07-29 22:47 - 2014-07-29 22:47 - 00401920 _____ (Farbar) C:\Users\mutant\Downloads\MiniToolBox.exe
2014-07-29 22:45 - 2014-07-29 22:45 - 00602112 _____ (OldTimer Tools) C:\Users\mutant\Downloads\OTL.exe
2014-07-29 21:23 - 2014-07-31 02:18 - 00000000 ____D () C:\Users\mutant\Desktop\mbar
2014-07-29 21:12 - 2014-07-29 21:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\mutant\Downloads\mbar-1.07.0.1012.exe
2014-07-29 21:12 - 2014-07-29 21:12 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\mutant\Downloads\rkill.exe
2014-07-29 21:08 - 2014-07-29 21:09 - 00854390 _____ () C:\Users\mutant\Downloads\SecurityCheck.exe
2014-07-29 21:08 - 2014-07-29 21:08 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\mutant\Downloads\tdsskiller.exe
2014-07-29 18:35 - 2014-08-05 21:12 - 00000000 ____D () C:\Users\mutant\AppData\Local\Adobe
2014-07-29 01:06 - 2014-07-29 01:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 01:06 - 2014-07-29 01:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 01:04 - 2014-07-29 01:04 - 00000624 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 01:04 - 2014-07-29 01:04 - 00000624 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 01:03 - 2014-07-29 01:03 - 00244120 _____ () C:\Users\mutant\Downloads\Firefox Setup Stub 31.0.exe
2014-07-28 21:33 - 2014-07-28 21:33 - 02347384 _____ (ESET) C:\Users\mutant\Downloads\esetsmartinstaller_enu.exe
2014-07-28 19:13 - 2014-07-28 19:13 - 00851632 _____ (Adobe Systems Incorporated) C:\Users\mutant\Downloads\uninstall_flash_player.exe
2014-07-27 19:48 - 2014-07-27 19:48 - 01016261 _____ (Thisisu) C:\Users\mutant\Downloads\JRT.exe
2014-07-27 16:13 - 2014-07-27 16:13 - 01223774 _____ () C:\Users\mutant\Downloads\ChordMem_v1.zip
2014-07-27 16:03 - 2014-07-27 16:03 - 02173923 _____ () C:\Users\mutant\Downloads\ChordSpace.zip
2014-07-27 15:57 - 2014-07-27 15:57 - 04634989 _____ () C:\Users\mutant\Downloads\Chordit.zip
2014-07-27 14:26 - 2014-07-27 14:26 - 08455116 _____ () C:\Users\mutant\Downloads\hah!.zip
2014-07-26 17:40 - 2014-07-26 17:40 - 05209028 _____ () C:\Users\mutant\Downloads\midibag.zip
2014-07-26 17:23 - 2014-07-26 17:23 - 00430508 _____ () C:\Users\mutant\Downloads\ndcMIDI.zip
2014-07-26 16:36 - 2014-07-26 16:36 - 00220250 _____ () C:\Users\mutant\Downloads\S-Note-Matrix.zip
2014-07-26 16:33 - 2014-07-26 16:33 - 00776762 _____ () C:\Users\mutant\Downloads\midiChords.zip
2014-07-24 21:14 - 2014-07-24 21:14 - 00001138 _____ () C:\Users\mutant\Desktop\alone - Shortcut.lnk
2014-07-20 23:23 - 2014-07-21 00:05 - 461223613 _____ () C:\Users\mutant\Downloads\v.mp4.flv
2014-07-20 20:41 - 2014-07-20 21:53 - 417401432 _____ () C:\Users\mutant\Downloads\video.flv
2014-07-17 21:32 - 2014-07-17 21:32 - 00013385 _____ () C:\Users\mutant\Desktop\youtubefear720 - Shortcut.lnk
2014-07-17 11:38 - 2014-07-17 11:38 - 00014013 _____ () C:\Users\mutant\Desktop\mr - Shortcut.lnk
2014-07-15 20:39 - 2014-07-15 20:40 - 43636912 _____ () C:\Users\mutant\Downloads\Comcastic service disconnection (levelated).wav
2014-07-11 16:53 - 2014-07-11 16:53 - 00000840 _____ () C:\Users\mutant\Desktop\cmd - Shortcut (2).lnk
2014-07-11 16:44 - 2014-07-11 16:44 - 00000000 ____D () C:\PortQryV2
2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-07-09 12:13 - 2014-07-09 12:13 - 00000978 _____ () C:\Users\mutant\Desktop\CoC - Shortcut.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 23:16 - 2014-08-05 23:15 - 00013216 _____ () C:\Users\mutant\Downloads\FRST.txt
2014-08-05 23:15 - 2014-08-05 23:15 - 00000000 ____D () C:\FRST
2014-08-05 23:13 - 2014-05-23 18:51 - 00000000 ____D () C:\AdwCleaner
2014-08-05 23:12 - 2014-08-05 23:12 - 01361309 _____ () C:\Users\mutant\Downloads\adwcleaner_3.302.exe
2014-08-05 23:10 - 2014-08-05 23:10 - 02094080 _____ (Farbar) C:\Users\mutant\Downloads\frst64.exe
2014-08-05 23:02 - 2014-06-24 21:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 22:11 - 2014-08-05 22:11 - 00564575 _____ () C:\Users\mutant\Downloads\Vague.js-master.zip
2014-08-05 21:12 - 2014-07-29 18:35 - 00000000 ____D () C:\Users\mutant\AppData\Local\Adobe
2014-08-05 21:04 - 2012-11-16 05:00 - 00001797 _____ () C:\Users\mutant\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-08-05 20:18 - 2014-08-05 20:18 - 00011393 _____ () C:\Users\mutant\Downloads\slide-push-menus-source.zip
2014-08-05 18:47 - 2014-08-05 18:47 - 00926517 _____ () C:\Users\mutant\Downloads\timemap.2.0.1.zip
2014-08-05 18:39 - 2009-07-14 00:45 - 00013648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 18:39 - 2009-07-14 00:45 - 00013648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 18:37 - 2009-07-14 01:13 - 00795834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 18:34 - 2014-08-05 18:34 - 00003878 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 18:31 - 2013-06-08 14:54 - 00065443 ____N () C:\Windows\mlkumidi.log
2014-08-05 18:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 17:20 - 2013-09-06 04:18 - 00000000 ____D () C:\Users\mutant\AppData\Local\CrashDumps
2014-08-05 16:46 - 2014-08-05 16:46 - 00006423 _____ () C:\Users\mutant\Downloads\3d-carousel-gallery-ii.zip
2014-08-05 16:36 - 2014-08-05 16:36 - 00012695 _____ () C:\Users\mutant\Downloads\css-3d-carousel.zip
2014-08-05 16:23 - 2012-01-02 20:17 - 00000600 _____ () C:\Users\mutant\AppData\Local\PUTTY.RND
2014-08-05 04:26 - 2014-08-05 04:26 - 00036233 _____ () C:\Users\mutant\Downloads\clanceyp-youtube-video-gallery-1.3.0-2-gb1c9c34.zip
2014-08-05 04:16 - 2014-08-05 04:16 - 00064683 _____ () C:\Users\mutant\Downloads\swipebox-master.zip
2014-08-05 03:55 - 2014-08-05 03:55 - 00072753 _____ () C:\Users\mutant\Downloads\Gallery-2.15.1.zip
2014-08-05 03:49 - 2014-08-05 03:49 - 01732457 _____ () C:\Users\mutant\Downloads\slick-master.zip
2014-08-05 03:47 - 2014-08-05 03:46 - 21728152 _____ () C:\Users\mutant\Downloads\amazingcarousel-win.zip
2014-08-05 03:18 - 2014-08-05 03:18 - 00010961 _____ () C:\Users\mutant\Downloads\simple-css3-jquery-carousel.zip
2014-08-05 03:10 - 2014-08-05 03:10 - 01005496 _____ () C:\Users\mutant\Downloads\3dcarousel-master.zip
2014-08-04 23:02 - 2014-08-04 23:01 - 00056450 _____ () C:\Users\mutant\Downloads\jquery.mb.YTPlayer-master.zip
2014-08-04 16:55 - 2014-08-04 16:55 - 00166897 _____ () C:\Users\mutant\Downloads\ThumbnailGridExpandingPreview.zip
2014-08-04 16:38 - 2014-08-04 16:38 - 00248595 _____ () C:\Users\mutant\Downloads\3DGridEffect.zip
2014-08-04 13:31 - 2014-08-04 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-08-04 02:53 - 2014-08-04 02:53 - 00001156 _____ () C:\Users\mutant\Desktop\bleepit - Shortcut.lnk
2014-08-03 22:41 - 2010-12-30 09:13 - 00007657 _____ () C:\Users\mutant\AppData\Local\Resmon.ResmonCfg
2014-08-03 21:44 - 2014-08-03 21:41 - 30222610 _____ () C:\Users\mutant\Downloads\Babylon.js-master.zip
2014-08-03 16:42 - 2012-01-02 16:21 - 00000600 _____ () C:\Users\mutant\AppData\Roaming\winscp.rnd
2014-08-03 03:43 - 2014-08-03 03:43 - 00000967 _____ () C:\Users\mutant\Desktop\r1 - Shortcut.lnk
2014-08-03 01:46 - 2014-08-03 01:46 - 00786201 _____ () C:\Users\mutant\Downloads\timeline-2.9.0.zip
2014-08-02 21:56 - 2014-08-02 21:56 - 08660963 _____ () C:\Users\mutant\Downloads\template(2).zip
2014-08-02 21:47 - 2014-08-02 21:47 - 08658046 _____ () C:\Users\mutant\Downloads\template(1).zip
2014-08-02 21:46 - 2014-08-02 21:46 - 08464643 _____ () C:\Users\mutant\Downloads\bundle.zip
2014-08-02 21:26 - 2014-08-02 21:26 - 08655350 _____ () C:\Users\mutant\Downloads\template.zip
2014-08-02 19:49 - 2014-08-02 19:49 - 02751806 _____ () C:\Users\mutant\Downloads\3DJSGallery.zip
2014-08-02 19:19 - 2014-08-02 19:19 - 00001170 _____ () C:\Users\mutant\Desktop\index3 - Shortcut.lnk
2014-08-02 19:04 - 2014-08-02 19:03 - 02082978 _____ () C:\Users\mutant\Downloads\13-01-embedded-html-basic.zip
2014-08-02 18:20 - 2014-08-02 18:20 - 01190505 _____ () C:\Users\mutant\Downloads\art-gallery.zip
2014-08-01 16:06 - 2014-08-01 16:06 - 00716504 _____ () C:\Users\mutant\Downloads\honeyglobe-master.zip
2014-08-01 16:00 - 2014-08-01 15:59 - 00985011 _____ () C:\Users\mutant\Downloads\globe.js-master.zip
2014-07-31 18:46 - 2014-07-31 18:46 - 00063131 _____ () C:\Users\mutant\Downloads\Dateslider_v1.3.zip
2014-07-31 18:42 - 2014-07-31 18:42 - 00091652 _____ () C:\Users\mutant\Downloads\Lightweight-jQuery-Timeline-Plugin-jqtimeline.zip
2014-07-31 18:38 - 2014-07-31 18:38 - 00042705 _____ () C:\Users\mutant\Downloads\jquery-timecube-master.zip
2014-07-31 18:33 - 2014-07-31 18:33 - 00043792 _____ () C:\Users\mutant\Downloads\ion.rangeSlider-master.zip
2014-07-31 18:31 - 2014-07-31 18:31 - 00091109 _____ () C:\Users\mutant\Downloads\jqtimeline-master.zip
2014-07-31 18:17 - 2014-07-31 18:17 - 00215688 _____ () C:\Users\mutant\Downloads\jQRangeSlider-5.7.0.zip
2014-07-31 18:02 - 2014-07-31 18:00 - 267884203 _____ () C:\Users\mutant\Downloads\cookbook-gh-pages.zip
2014-07-31 16:07 - 2014-07-30 00:00 - 00016190 _____ () C:\Users\mutant\Desktop\attach.txt
2014-07-31 16:06 - 2014-07-30 00:00 - 00012813 _____ () C:\Users\mutant\Desktop\dds.txt
2014-07-31 12:31 - 2014-07-29 23:55 - 00037778 _____ () C:\Users\mutant\Downloads\Result.txt
2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-31 12:29 - 2014-01-25 05:53 - 00000000 ____D () C:\Users\mutant\AppData\Roaming\Element Technologie
2014-07-31 12:19 - 2014-07-31 12:18 - 00401920 _____ (Farbar) C:\Users\mutant\Downloads\MiniToolBox(1).exe
2014-07-31 12:18 - 2014-07-31 12:18 - 00854390 _____ () C:\Users\mutant\Downloads\SecurityCheck(2).exe
2014-07-31 02:18 - 2014-07-29 21:23 - 00000000 ____D () C:\Users\mutant\Desktop\mbar
2014-07-31 02:18 - 2014-05-25 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 02:16 - 2014-05-25 15:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-30 22:08 - 2014-07-30 22:08 - 00000000 ____D () C:\Users\mutant\AppData\Roaming\Adersoft
2014-07-30 21:59 - 2014-07-30 21:59 - 00000000 ____D () C:\Users\mutant\AppData\Local\Adersoft
2014-07-30 21:59 - 2014-07-30 21:59 - 00000000 ____D () C:\ProgramData\Vbsedit
2014-07-30 21:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-30 21:58 - 2014-07-30 21:58 - 09069112 _____ (Adersoft) C:\Users\mutant\Downloads\vbsedit.exe
2014-07-30 21:38 - 2014-07-30 21:38 - 00854390 _____ () C:\Users\mutant\Downloads\SecurityCheck(1).exe
2014-07-30 17:11 - 2014-07-30 17:11 - 00012824 _____ () C:\ComboFix.txt
2014-07-30 17:11 - 2014-05-24 01:26 - 00000000 ____D () C:\Qoobox
2014-07-30 17:09 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-30 16:49 - 2014-07-30 16:49 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-30 16:49 - 2014-07-30 16:49 - 00004650 _____ () C:\Users\mutant\Desktop\Rkill.txt
2014-07-30 16:49 - 2014-07-30 16:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-30 01:28 - 2014-07-30 01:28 - 00000010 _____ () C:\Users\mutant\AppData\Local\sponge.last.runtime.cache
2014-07-30 01:18 - 2014-07-30 01:18 - 29611712 _____ (Microsoft Corporation) C:\Users\mutant\Downloads\Windows-KB890830-x64-V5.14.exe
2014-07-30 00:05 - 2014-05-30 21:57 - 05563986 ____R (Swearware) C:\Users\mutant\Downloads\ComboFix.exe
2014-07-29 23:59 - 2014-07-29 23:59 - 00002362 _____ () C:\Users\mutant\Downloads\FSS.txt
2014-07-29 23:23 - 2014-07-29 23:23 - 00415232 _____ (Farbar) C:\Users\mutant\Downloads\FSS.exe
2014-07-29 23:19 - 2014-07-29 23:19 - 00688992 ____R (Swearware) C:\Users\mutant\Downloads\dds.com
2014-07-29 23:17 - 2014-07-29 23:17 - 00448512 _____ (OldTimer Tools) C:\Users\mutant\Downloads\TFC.exe
2014-07-29 22:47 - 2014-07-29 22:47 - 04806744 _____ () C:\Users\mutant\Downloads\RogueKiller.exe
2014-07-29 22:47 - 2014-07-29 22:47 - 00401920 _____ (Farbar) C:\Users\mutant\Downloads\MiniToolBox.exe
2014-07-29 22:45 - 2014-07-29 22:45 - 00602112 _____ (OldTimer Tools) C:\Users\mutant\Downloads\OTL.exe
2014-07-29 21:12 - 2014-07-29 21:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\mutant\Downloads\mbar-1.07.0.1012.exe
2014-07-29 21:12 - 2014-07-29 21:12 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\mutant\Downloads\rkill.exe
2014-07-29 21:09 - 2014-07-29 21:08 - 00854390 _____ () C:\Users\mutant\Downloads\SecurityCheck.exe
2014-07-29 21:08 - 2014-07-29 21:08 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\mutant\Downloads\tdsskiller.exe
2014-07-29 01:06 - 2014-07-29 01:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 01:06 - 2014-07-29 01:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 01:04 - 2014-07-29 01:04 - 00000624 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 01:04 - 2014-07-29 01:04 - 00000624 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 01:03 - 2014-07-29 01:03 - 00244120 _____ () C:\Users\mutant\Downloads\Firefox Setup Stub 31.0.exe
2014-07-29 01:03 - 2013-07-25 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 21:33 - 2014-07-28 21:33 - 02347384 _____ (ESET) C:\Users\mutant\Downloads\esetsmartinstaller_enu.exe
2014-07-28 19:20 - 2012-02-29 18:39 - 00069632 ___SH () C:\Users\mutant\Thumbs.db
2014-07-28 19:13 - 2014-07-28 19:13 - 00851632 _____ (Adobe Systems Incorporated) C:\Users\mutant\Downloads\uninstall_flash_player.exe
2014-07-28 00:12 - 2012-10-08 21:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-27 19:48 - 2014-07-27 19:48 - 01016261 _____ (Thisisu) C:\Users\mutant\Downloads\JRT.exe
2014-07-27 16:13 - 2014-07-27 16:13 - 01223774 _____ () C:\Users\mutant\Downloads\ChordMem_v1.zip
2014-07-27 16:13 - 2011-05-07 15:28 - 00000000 ____D () C:\Program Files\VstPlugins
2014-07-27 16:03 - 2014-07-27 16:03 - 02173923 _____ () C:\Users\mutant\Downloads\ChordSpace.zip
2014-07-27 15:57 - 2014-07-27 15:57 - 04634989 _____ () C:\Users\mutant\Downloads\Chordit.zip
2014-07-27 14:26 - 2014-07-27 14:26 - 08455116 _____ () C:\Users\mutant\Downloads\hah!.zip
2014-07-26 17:40 - 2014-07-26 17:40 - 05209028 _____ () C:\Users\mutant\Downloads\midibag.zip
2014-07-26 17:23 - 2014-07-26 17:23 - 00430508 _____ () C:\Users\mutant\Downloads\ndcMIDI.zip
2014-07-26 17:11 - 2011-05-08 15:23 - 00000000 ____D () C:\Users\mutant\AppData\Roaming\REAPER
2014-07-26 16:36 - 2014-07-26 16:36 - 00220250 _____ () C:\Users\mutant\Downloads\S-Note-Matrix.zip
2014-07-26 16:33 - 2014-07-26 16:33 - 00776762 _____ () C:\Users\mutant\Downloads\midiChords.zip
2014-07-24 21:14 - 2014-07-24 21:14 - 00001138 _____ () C:\Users\mutant\Desktop\alone - Shortcut.lnk
2014-07-21 00:05 - 2014-07-20 23:23 - 461223613 _____ () C:\Users\mutant\Downloads\v.mp4.flv
2014-07-20 21:53 - 2014-07-20 20:41 - 417401432 _____ () C:\Users\mutant\Downloads\video.flv
2014-07-18 20:31 - 2012-06-21 05:48 - 00000000 ____D () C:\Users\mutant\AppData\Roaming\Audacity
2014-07-17 21:32 - 2014-07-17 21:32 - 00013385 _____ () C:\Users\mutant\Desktop\youtubefear720 - Shortcut.lnk
2014-07-17 11:38 - 2014-07-17 11:38 - 00014013 _____ () C:\Users\mutant\Desktop\mr - Shortcut.lnk
2014-07-15 20:40 - 2014-07-15 20:39 - 43636912 _____ () C:\Users\mutant\Downloads\Comcastic service disconnection (levelated).wav
2014-07-13 19:15 - 2009-07-14 01:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-11 16:53 - 2014-07-11 16:53 - 00000840 _____ () C:\Users\mutant\Desktop\cmd - Shortcut (2).lnk
2014-07-11 16:44 - 2014-07-11 16:44 - 00000000 ____D () C:\PortQryV2
2014-07-10 03:32 - 2011-10-01 19:33 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-07-09 13:19 - 2013-11-14 21:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-07-09 13:19 - 2011-12-27 17:37 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-09 13:19 - 2011-12-27 17:37 - 00002397 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-07-09 13:19 - 2011-12-27 17:36 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-07-09 12:13 - 2014-07-09 12:13 - 00000978 _____ () C:\Users\mutant\Desktop\CoC - Shortcut.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-30 02:18

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 PM

Posted 06 August 2014 - 08:57 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicyUsers\S-1-5-21-2222016538-2714971507-2960070370-1006\User: Group Policy restriction detected <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\mutant\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll No File
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download JavaRa

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

If all is well I do not need to see the log of what was removed.
===

Nothing to worry if you keep the entry in the hosts file.

If you want to reset it.

How To reset your Host file.
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.

===

How is the computer running now?

#5 JC45

JC45
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 06 August 2014 - 05:03 PM

So far I have not continued to have the fake Flash Update popups when using Firefox.

 

I did get errors though in removing the old Java, apparently from Firefox. I tried unintalling and reinstalling Firefox but still got the same errors in JavaRa. 

I will post the JavaRa log after the Fixlog

 

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-08-2014
Ran by mutant at 2014-08-06 17:39:09 Run:1
Running from C:\Users\mutant\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicyUsers\S-1-5-21-2222016538-2714971507-2960070370-1006\User: Group Policy restriction detected <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\mutant\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\mutant\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll No File
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]

End
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2222016538-2714971507-2960070370-1006\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
"HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => Key deleted successfully.
C:\Users\mutant\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
C:\Users\mutant\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll not found.
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll not found.
C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll not found.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
catchme => Service deleted successfully.
cpuz135 => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Aug 06 17:42:33 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

------------------------------------

Finished reporting.


 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 PM

Posted 07 August 2014 - 08:52 AM

Javara did a good cleanup.

I would not worry about the few entries that were not removed.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 JC45

JC45
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 07 August 2014 - 03:49 PM

Thank you for your help. Fortunately the Fake Flash Update Popups have not returned, I think since I removed those Firefox addons.

 

However I have recently noticed in Firefox when visiting a couple of different basic news type sites which contain various typical flash banner type ads on the sides of the pages, a small window not pop up but rather slide down the page asking me to take a survey or something with the option to "opt out" or simply close the small window. I dont know if this was something legitimately associated with each of the sites flash banner type ads or perhaps if it was something relating to the Fake Flash Update popup issue. But again fortunately the Fake Flash Update Popups have not returned.

 

But what do you suspect caused the Fake Flash Update Popup issue in the first place? From all of the logs does it look like I have a virus?

 

thanks again.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 PM

Posted 08 August 2014 - 06:54 AM

Try this.

Empty flash cache.
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
<<<>>>

#9 JC45

JC45
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 09 August 2014 - 03:11 PM

Thanks again for your help. From the looks of my logs can you tell if I had a virus? What do you think caused the popups?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 PM

Posted 10 August 2014 - 06:52 AM

Nothing malicious was installed. Just some PUP (Potentially Unwanted Program) installed without your consent.

These are now in almost all free software that you install.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:44 PM

Posted 16 August 2014 - 07:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users