Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Astromenda removal, proving difficult


  • This topic is locked This topic is locked
5 replies to this topic

#1 sphynx88

sphynx88

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 20 October 2014 - 11:40 PM

Google chrome keeps redirecting to an astromeda search page. Have tried JRT, Hitman, MalwareBytes and Adwcleaner as well as uninstall and reinstall of Chrome.

 

Ready to try running some logs for you kind folks and trying to tackle that way.

Thanks,
Brad

 



BC AdBot (Login to Remove)

 


#2 sphynx88

sphynx88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 20 October 2014 - 11:53 PM

And just for the sake of speeding things up:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by Bradley (administrator) on BRADLEY-PC on 20-10-2014 21:45:12
Running from C:\Users\Bradley\Downloads
Loaded Profiles: Bradley &  (Available profiles: Bradley)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Spotify Ltd) C:\Users\Bradley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Bradley\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3997061168-810134595-3592678447-1000\...\Run: [Spotify Web Helper] => C:\Users\Bradley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-12] (Spotify Ltd)
HKU\S-1-5-21-3997061168-810134595-3592678447-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-3997061168-810134595-3592678447-1000\...\Run: [GoogleChromeAutoLaunch_EBF629C6F3171B55CDF4CC4D84718725] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-21-3997061168-810134595-3592678447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Bradley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-12] (Spotify Ltd)
HKU\S-1-5-21-3997061168-810134595-3592678447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-3997061168-810134595-3592678447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_EBF629C6F3171B55CDF4CC4D84718725] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
AppInit_DLLs: C:\PROGRA~3\CONTEN~1\CONTEN~2.DLL => C:\ProgramData\Content Accelerator\ContentAccelerator_x64.dll [4206080 2013-12-31] ()
Startup: C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 194.28.8.139:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA41980AD9068CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Bradley\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Bradley\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ir_14_42_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtAzz0ByDzz0BtD0E0A0F0C0A0DtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyC0F0AyCyBtDtGyCtAtCtDtGyDtAtDyEtGyE0CtAzytGyDyEtAtDyDyCtB0EyByD0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtD0D0F0FtC0AtGtByEzz0FtGyEtAtAtAtGzy0FyDyDtG0EyDzztC0Dzz0C0B0CtCyDyD2Q&cr=1377102621&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-02]
CHR Extension: (Google Docs) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-24]
CHR Extension: (Google Drive) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (YouTube) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google Cast) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-02]
CHR Extension: (Adblock Plus) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-02]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-09-02]
CHR Extension: (Google Search) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (sellhack) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmcmgkmooimomjcinimbhfoephdhmgbc [2014-09-02]
CHR Extension: (Pandora) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-09-02]
CHR Extension: (Google Sheets) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-02]
CHR Extension: (Plex) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2014-09-02]
CHR Extension: (AdBlock) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-02]
CHR Extension: (Google Mail Checker) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24]
CHR Extension: (Hover Zoom) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-09-02]
CHR Extension: (My Chrome Theme) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-09-02]
CHR Extension: (Gmail) - C:\Users\Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKCU\...\Chrome\Extension: [hjmlcodojgjoclpohcpdkngdbkmkihpm] - C:\Users\Bradley\AppData\Local\CRE\hjmlcodojgjoclpohcpdkngdbkmkihpm.crx []
CHR HKLM-x32\...\Chrome\Extension: [hjmlcodojgjoclpohcpdkngdbkmkihpm] - C:\Users\Bradley\AppData\Local\CRE\hjmlcodojgjoclpohcpdkngdbkmkihpm.crx []
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-09-05] (Adobe Systems) [File not signed]
S4 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
S2 27961eae; "C:\Windows\system32\rundll32.exe" "c:\progra~3\conten~1\ContentAcceleratorSvc.dll",service
S2 Update AdvanceElite; "C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-05] (DT Soft Ltd)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-20] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-20] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 21:45 - 2014-10-20 21:45 - 00013710 _____ () C:\Users\Bradley\Downloads\FRST.txt
2014-10-20 21:45 - 2014-10-20 21:45 - 00000000 ____D () C:\FRST
2014-10-20 21:44 - 2014-10-20 21:44 - 02110976 _____ (Farbar) C:\Users\Bradley\Downloads\FRST64.exe
2014-10-20 21:32 - 2014-10-20 21:32 - 00000635 _____ () C:\Users\Bradley\Desktop\JRT.txt
2014-10-20 21:22 - 2014-10-20 21:22 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-10-20 21:20 - 2014-10-20 21:20 - 00002184 _____ () C:\Windows\system32\.crusader
2014-10-20 20:44 - 2014-10-20 21:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-20 20:44 - 2014-10-14 04:43 - 01705698 _____ (Thisisu) C:\Users\Bradley\Desktop\JRT_NEW.exe
2014-10-20 20:36 - 2014-10-20 20:37 - 01962496 _____ () C:\Users\Bradley\Downloads\adwcleaner_4.001 (1).exe
2014-10-20 20:36 - 2014-10-20 20:36 - 01962496 _____ () C:\Users\Bradley\Downloads\adwcleaner_4.001.exe
2014-10-20 20:35 - 2014-10-20 20:36 - 11194928 _____ (SurfRight B.V.) C:\Users\Bradley\Downloads\HitmanPro_x64.exe
2014-10-20 20:33 - 2014-10-20 20:33 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-20 20:33 - 2014-10-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-20 20:24 - 2014-10-20 20:40 - 00000000 ____D () C:\AdwCleaner
2014-10-19 19:59 - 2001-10-07 18:53 - 00000000 ____D () C:\Users\Bradley\Desktop\oregondlx
2014-10-19 19:58 - 2014-10-19 19:58 - 01915930 _____ () C:\Users\Bradley\Downloads\oregon-trail-deluxe.zip
2014-10-19 18:24 - 1996-12-24 23:32 - 16777216 _____ () C:\Users\Bradley\Desktop\Cruis'n Exotica (USA).n64
2014-10-19 18:19 - 2014-10-19 18:20 - 14490549 _____ () C:\Users\Bradley\Downloads\Cruis'n Exotica (USA).zip
2014-10-19 18:19 - 1996-12-24 23:32 - 33554432 _____ () C:\Users\Bradley\Desktop\Star Wars Episode I - Racer (USA).n64
2014-10-19 18:15 - 2014-10-19 18:18 - 25619056 _____ () C:\Users\Bradley\Downloads\Star Wars Episode I - Racer (USA).zip
2014-10-19 18:10 - 2014-10-19 18:11 - 04489075 _____ ( ) C:\Users\Bradley\Downloads\setup Project64 2.1.exe
2014-10-19 16:14 - 2014-10-20 21:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 16:14 - 2014-10-19 16:14 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 16:14 - 2014-10-19 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 16:13 - 2014-10-19 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 16:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 16:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 16:11 - 2014-10-19 16:11 - 00000000 ____D () C:\Users\Bradley\AppData\Local\PerforMax Cleaner
2014-10-19 16:05 - 2014-10-19 16:05 - 03703013 _____ () C:\Users\Bradley\Downloads\Project64 2.1.rar
2014-10-05 21:10 - 2014-10-05 21:17 - 00000000 ____D () C:\Users\Bradley\Desktop\trans am manual
2014-10-05 17:57 - 2014-10-05 18:16 - 528754032 _____ () C:\Users\Bradley\Downloads\TheGoodPack.zip
2014-10-03 17:41 - 2014-10-03 19:09 - 00000000 ____D () C:\Users\Bradley\Downloads\Saving Private Ryan (1998) [1080p]
2014-09-28 20:05 - 2014-09-28 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-09-28 19:27 - 2014-09-28 19:56 - 00000000 ____D () C:\Users\Bradley\Downloads\MOHAA
2014-09-23 21:00 - 2014-09-23 21:00 - 00000106 ____H () C:\Users\Bradley\Downloads\.~lock.Brad Young.docx#
2014-09-23 21:00 - 2014-09-23 21:00 - 00000106 ____H () C:\Users\Bradley\Downloads\.~lock.Brad Young (1).docx#
2014-09-23 21:00 - 2014-06-11 16:43 - 00013628 _____ () C:\Users\Bradley\Documents\U-0266-01_P%20(2).doc_0.odt
2014-09-20 20:23 - 2014-09-20 21:19 - 00000000 ____D () C:\Users\Bradley\Downloads\Star Wars Episode II Attack of the Clones (2002) [1080p]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 21:29 - 2009-07-13 21:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 21:29 - 2009-07-13 21:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 21:26 - 2012-07-22 21:22 - 01982484 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 21:24 - 2013-02-26 18:13 - 00000000 ___RD () C:\Users\Bradley\Dropbox
2014-10-20 21:23 - 2013-02-26 18:08 - 00000000 ____D () C:\Users\Bradley\AppData\Roaming\Dropbox
2014-10-20 21:22 - 2014-07-28 16:08 - 00005162 _____ () C:\Windows\setupact.log
2014-10-20 21:22 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 20:59 - 2012-07-24 21:18 - 00000000 ____D () C:\Users\Bradley\AppData\Roaming\vlc
2014-10-20 20:43 - 2012-07-22 22:31 - 00000000 ____D () C:\Users\Bradley\AppData\Roaming\uTorrent
2014-10-20 20:41 - 2014-09-03 18:05 - 00015750 _____ () C:\Windows\PFRO.log
2014-10-20 20:32 - 2012-07-22 22:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-20 20:09 - 2012-07-22 22:27 - 00000000 ____D () C:\Users\Bradley\AppData\Roaming\Spotify
2014-10-19 17:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\schemas
2014-10-19 16:14 - 2014-01-13 20:21 - 00000000 ____D () C:\Users\Bradley\AppData\Roaming\Malwarebytes
2014-10-19 16:13 - 2014-01-13 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 16:11 - 2012-07-22 22:28 - 00000000 ____D () C:\Users\Bradley\AppData\Local\Spotify
2014-09-28 20:17 - 2013-07-14 19:51 - 00000000 ____D () C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-28 20:03 - 2012-09-05 20:38 - 00000000 ____D () C:\Users\Bradley\AppData\Roaming\DAEMON Tools Lite
2014-09-28 19:23 - 2013-06-08 17:12 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-28 14:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-27 09:38 - 2013-02-26 18:11 - 00000000 ____D () C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-27 09:26 - 2014-03-22 10:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-27 09:25 - 2014-03-22 10:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-21 23:42 - 2010-11-20 20:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 18:52 - 2009-07-13 22:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
 
Files to move or delete:
====================
C:\Users\Bradley\RSE Bass.exe
C:\Users\Bradley\RSE Drum.exe
C:\Users\Bradley\RSE Guitar.exe
C:\Users\Bradley\Setup.exe
 
 
Some content of TEMP:
====================
C:\Users\Bradley\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdxv0p8.dll
C:\Users\Bradley\AppData\Local\Temp\Quarantine.exe
C:\Users\Bradley\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-27 10:04
 
==================== End Of Log ============================

Edited by sphynx88, 20 October 2014 - 11:54 PM.


#3 sphynx88

sphynx88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 20 October 2014 - 11:54 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014 01
Ran by Bradley at 2014-10-20 21:46:17
Running from C:\Users\Bradley\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.1.266.0 - Google Inc.)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version:  - Rockstar Games)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS AVCHD Codec (HKLM-x32\...\{FBD8E8CF-3460-4964-9079-9C68860487D4}) (Version: 1.0.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{249AF4F3-0353-4C75-988D-019FCD52B4D4}) (Version: 1.0.2 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{24494BC4-FDB2-4F76-8E3E-2B24DC9A5467}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Oracle VM VirtualBox 4.2.14 (HKLM\...\{AD735182-26CD-42A6-B3F2-4544B23243AF}) (Version: 4.2.14 - Oracle Corporation)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 1.0.1.48 - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Plex Media Server (HKLM-x32\...\{e9921c42-812d-4b39-9c02-612724349e82}) (Version: 0.9.907 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.907 - Plex, Inc.) Hidden
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.5.2 - Rosetta Stone Ltd.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.10 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3997061168-810134595-3592678447-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bradley\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
02-09-2014 01:45:04 Windows Update
03-09-2014 00:42:49 Installed Videostream Port Fix
06-09-2014 16:35:44 Windows Update
09-09-2014 23:15:10 Windows Update
13-09-2014 01:00:10 Windows Update
16-09-2014 01:33:49 Windows Update
17-09-2014 23:31:06 Windows Update
21-09-2014 03:38:50 Windows Update
27-09-2014 16:39:31 Windows Update
29-09-2014 03:04:57 Installed Medal of Honor Allied Assault
01-10-2014 03:51:30 Windows Update
04-10-2014 04:48:25 Windows Update
11-10-2014 01:39:18 Windows Update
16-10-2014 01:15:27 Windows Update
19-10-2014 23:06:10 PerforMax Cleaner
19-10-2014 23:11:55 PerforMax Cleaner
20-10-2014 23:18:58 Windows Update
21-10-2014 02:54:30 Removed Medal of Honor Allied Assault
21-10-2014 03:35:09 Removed Medal of Honor Allied Assault
21-10-2014 04:18:00 Checkpoint by HitmanPro
21-10-2014 04:20:07 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-09-04 22:45 - 2011-04-24 22:58 - 00001211 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {328C9356-2123-486E-93B9-3B274435E258} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {516873A5-8424-47B8-B990-35669AF73C2C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {642DC598-43D2-4C60-B949-807C763E6709} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {68835531-DD8D-4AC4-88B9-9A87D3630C32} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3997061168-810134595-3592678447-1000Core => C:\Users\Bradley\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {B065EC62-C67F-4D82-8884-734AE7DAC66C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3997061168-810134595-3592678447-1000UA => C:\Users\Bradley\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {BA71524F-0A02-4639-B72D-9BD837FFEA10} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F024700E-B7E7-4791-A3A2-FF2824D11B03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997061168-810134595-3592678447-1000Core.job => C:\Users\Bradley\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997061168-810134595-3592678447-1000UA.job => C:\Users\Bradley\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-01 20:02 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-20 21:23 - 2014-10-20 21:23 - 00043008 _____ () c:\users\bradley\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdxv0p8.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Bradley\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-20 20:33 - 2014-10-09 19:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-20 20:33 - 2014-10-09 19:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-20 20:33 - 2014-10-09 19:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-20 20:33 - 2014-10-09 19:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-20 20:33 - 2014-10-09 19:03 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libexif.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: EpsonBidirectionalService => 2
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Bradley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bradley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Bradley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Bradley\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bradley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3997061168-810134595-3592678447-500 - Administrator - Disabled)
Bradley (S-1-5-21-3997061168-810134595-3592678447-1000 - Administrator - Enabled) => C:\Users\Bradley
Guest (S-1-5-21-3997061168-810134595-3592678447-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3997061168-810134595-3592678447-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 3999.21 MB
Available physical RAM: 1823.84 MB
Total Pagefile: 7996.61 MB
Available Pagefile: 5517.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.62 GB) (Free:75.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (1978_Pontiac) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS
Drive g: (MOHAA_DISK1) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7784295B)
Partition 1: (Active) - (Size=285.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

# AdwCleaner v4.001 - Report created 20/10/2014 at 21:47:47
# Updated 20/10/2014 by Xplode
# Database : 
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bradley - BRADLEY-PC
# Running from : C:\Users\Bradley\Downloads\adwcleaner_4.001 (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16450
 
 
-\\ Google Chrome v38.0.2125.104
 
 
*************************
 
AdwCleaner[R0].txt - [818 octets] - [20/10/2014 20:24:20]
AdwCleaner[R2].txt - [723 octets] - [20/10/2014 21:47:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [900 octets] ##########


#4 sphynx88

sphynx88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 21 October 2014 - 11:53 AM

I probably shot myself in the foot posting logs, showing posts, might make this ignored. 



#5 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 25 October 2014 - 04:05 PM

Hello sphynx88, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
I have a fix here waiting for you. 
Unfortunately, I am unable to provide this fix due to the presence of cracked software on your machine. In order to receive assistance you must remove all cracked software from your machine - including Adobe Photoshop. 
 
Please read about the dangers of cracked software below. 
 

goGMWSt.gifCRACKED SOFTWARE WARNING

------------------------------

One or more of the identified infections is a result of downloading cracked/pirated/keygen software. Participating in the use of such software is a security risk; your infected computer is evidence. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be reinfected otherwise. Simply visiting a cracked software site can result in infection from exploitation of vulnerabilities in software.

Continuing in this practice will ensure your computer is continuously susceptible to malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.

I am prepared to continue providing assistance as long as you agree to remove all traces of cracked software immediately.

 
If you would like to receive assistance, and have removed your cracked software, please run the following two programmes below, and post the three logs generated. 
 
STEP 1
XrDFflh.png CKScanner

  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your DesktopCopy the contents of the log and paste in your next reply.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

Posted Image

#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 28 October 2014 - 07:12 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users