Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 Brandon00

Brandon00

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 22 December 2014 - 11:50 AM

Hi, i have this very irritating redirect virus which prevents me from browsing.


Edited by Brandon00, 22 December 2014 - 12:04 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 23 December 2014 - 12:08 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Brandon00

Brandon00
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 23 December 2014 - 08:31 AM

Hi, sorry for the delay. Bear in mind I have tried to fix this my self and nothing seems to work. I have also removed my second name from the Administrator. I no longer use Firefox or Internet explorer.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Brandon (administrator) on BRANDON on 23-12-2014 13:08:31
Running from C:\Users\Brandon\Downloads
Loaded Profile: Brandon (Available profiles: Brandon)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spotify Ltd) C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Akamai Technologies, Inc.) C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
() C:\Windows\System32\PnkBstrA.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Brandon\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\Run: [Google Update] => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\Run: [Spotify Web Helper] => C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-20] (Spotify Ltd)
HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP68
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/120
HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP68
HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\.DEFAULT -> {E32429A9-5542-4F92-A7BF-97C7435DBD78} URL = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000 -> {28042516-35C3-41C6-9533-DB9972B41B10} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000 -> {53E4E34F-AC6B-4940-855C-A43609BF3BB9} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20131109&p={SearchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {80F6F9BF-9FD1-4F41-9DDF-6DD070F4F62F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000 -> No Name - {80F6F9BF-9FD1-4F41-9DDF-6DD070F4F62F} -  No File
Toolbar: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{70F851B8-7738-474A-9FC7-87364B8EFD2F}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\n4btd92d.default-1398518874367
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1106171686-1973982065-2742739167-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKU\S-1-5-21-1106171686-1973982065-2742739167-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Brandon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1106171686-1973982065-2742739167-1000: @talk.google.com/O1DPlugin -> C:\Users\Brandon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1106171686-1973982065-2742739167-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1106171686-1973982065-2742739167-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1106171686-1973982065-2742739167-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Brandon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Brandon\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: DirectSoundCompressorDMO - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\n4btd92d.default-1398518874367\Extensions\{EEF3A49F-9AA8-A7E8-0FD2-4C49F3D600A0} [2014-12-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-12-27]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-23]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-17]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Battlefield Heroes) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-07-21]
CHR Extension: (SiteAdvisor) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-05-27]
CHR Extension: (AdBlock) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-12-27]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 mi-raysat_3dsmax2011_32; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [86016 2010-03-10] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3975544 2012-05-09] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-11-20] ()
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-29] (SupportSoft, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-22] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140213.002\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140214.001\NAVENG.SYS [93272 2013-11-28] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140214.001\NAVEX15.SYS [1612376 2013-11-28] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1506000.020\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1506000.020\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1506000.020\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-23 12:59 - 2014-12-23 12:59 - 01114112 _____ (Farbar) C:\Users\Brandon\Downloads\FRST (1).exe
2014-12-21 21:31 - 2014-12-21 21:31 - 02173952 _____ () C:\Users\Brandon\Downloads\AdwCleaner (1).exe
2014-12-21 21:17 - 2014-12-21 21:17 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Brandon\Downloads\rkill.exe
2014-12-20 18:48 - 2014-12-20 18:48 - 00001854 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-20 18:48 - 2014-12-20 18:48 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-20 18:48 - 2014-12-20 18:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-20 18:40 - 2014-12-20 18:40 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-20 18:37 - 2014-12-20 18:37 - 00638888 _____ (Oracle Corporation) C:\Users\Brandon\Downloads\chromeinstall-8u25.exe
2014-12-20 18:28 - 2014-12-20 18:28 - 00000000 ____D () C:\Windows\ERUNT
2014-12-20 18:23 - 2014-12-20 18:23 - 01707646 _____ (Thisisu) C:\Users\Brandon\Downloads\JRT.exe
2014-12-20 18:13 - 2014-12-23 12:42 - 00001636 _____ () C:\Windows\PFRO.log
2014-12-20 18:03 - 2014-12-20 18:04 - 00032192 _____ () C:\Users\Brandon\Downloads\Addition.txt
2014-12-20 18:02 - 2014-12-23 13:08 - 00025220 _____ () C:\Users\Brandon\Downloads\FRST.txt
2014-12-20 18:02 - 2014-12-23 13:08 - 00000000 ____D () C:\FRST
2014-12-20 18:01 - 2014-12-20 18:01 - 01114112 _____ (Farbar) C:\Users\Brandon\Downloads\FRST.exe
2014-12-20 17:55 - 2014-12-20 17:56 - 00852505 _____ () C:\Users\Brandon\Downloads\SecurityCheck.exe
2014-12-20 17:26 - 2014-12-21 21:34 - 00000000 ____D () C:\AdwCleaner
2014-12-20 17:26 - 2014-12-20 17:26 - 02166272 _____ () C:\Users\Brandon\Downloads\adwcleaner_4.105.exe
2014-12-20 17:24 - 2014-12-20 17:24 - 02166272 _____ () C:\Users\Brandon\Downloads\AdwCleaner.exe
2014-12-11 20:38 - 2014-12-23 12:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 20:34 - 2014-12-11 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-11 20:34 - 2014-12-11 20:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-11 20:34 - 2014-12-11 20:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-11 20:34 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 20:34 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-11 20:34 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-11 20:31 - 2014-12-11 20:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Brandon\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-10 23:50 - 2014-11-04 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 23:49 - 2014-11-07 01:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 23:36 - 2014-12-03 02:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 20:10 - 2014-11-24 20:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 20:10 - 2014-11-24 20:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 20:10 - 2014-11-24 20:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 20:10 - 2014-11-24 20:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 20:10 - 2014-11-24 20:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 20:10 - 2014-11-24 20:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 20:10 - 2014-11-24 20:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 20:10 - 2014-11-24 20:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 20:10 - 2014-11-24 20:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 20:10 - 2014-11-24 20:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 20:10 - 2014-11-24 20:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 20:10 - 2014-11-24 20:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 20:10 - 2014-11-24 20:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 20:10 - 2014-11-24 20:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 20:10 - 2014-11-24 20:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 20:10 - 2014-11-24 20:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 20:10 - 2014-11-24 20:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 20:10 - 2014-11-24 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 20:10 - 2014-11-24 20:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 20:10 - 2014-11-24 20:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 20:10 - 2014-11-24 20:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 20:10 - 2014-11-24 20:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-10 18:41 - 2014-12-20 13:45 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Umkmedia
2014-12-10 18:40 - 2014-12-20 13:45 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Ikrssoft
2014-12-10 18:39 - 2014-12-10 18:39 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-10 18:29 - 2014-12-12 16:56 - 00000000 ____D () C:\ProgramData\MuxrIluk
2014-12-10 18:28 - 2014-12-12 16:29 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2014-12-09 18:27 - 2014-12-09 18:31 - 123144440 _____ (Microsoft Corporation) C:\Users\Brandon\Downloads\msert (2).exe
2014-12-09 18:22 - 2014-12-09 18:25 - 123144440 _____ (Microsoft Corporation) C:\Users\Brandon\Downloads\msert (1).exe
2014-12-09 18:22 - 2014-12-09 18:22 - 01048576 _____ () C:\Users\Brandon\Downloads\msert.exe
2014-12-07 16:56 - 2014-12-07 16:56 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-12-06 15:16 - 2014-12-06 15:16 - 06152192 _____ () C:\Users\Brandon\Downloads\Believing_in_God_-_2009.ppt
2014-12-03 16:23 - 2014-12-10 18:52 - 87633735 _____ () C:\Windows\system32\debug.log
2014-12-02 23:01 - 2014-12-10 18:37 - 00000112 _____ () C:\ProgramData\nXy6Y8Cd0.dat
2014-12-02 18:04 - 2014-12-11 21:16 - 00000000 ____D () C:\Program Files\mediainformationaccess
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-23 13:02 - 2009-07-04 14:46 - 01707596 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 12:54 - 2011-07-23 19:16 - 00000000 ____D () C:\Program Files\Steam
2014-12-23 12:45 - 2011-05-22 14:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1106171686-1973982065-2742739167-1000UA.job
2014-12-23 12:43 - 2010-12-27 13:19 - 00000000 ____D () C:\Program Files\McAfee
2014-12-23 12:43 - 2010-01-29 21:32 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 12:43 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 12:43 - 2006-11-02 12:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 12:43 - 2006-11-02 12:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 23:22 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-22 22:44 - 2011-05-22 14:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1106171686-1973982065-2742739167-1000Core.job
2014-12-22 22:38 - 2010-01-29 21:32 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 22:35 - 2012-04-08 16:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 20:48 - 2011-07-03 14:30 - 00282296 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-12-22 20:48 - 2011-07-03 13:56 - 00282296 _____ () C:\Windows\system32\PnkBstrB.exe
2014-12-22 19:27 - 2011-07-03 13:57 - 00139648 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-12-22 19:27 - 2011-07-03 13:56 - 00282296 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-12-20 19:58 - 2009-09-06 21:35 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Spotify
2014-12-20 18:49 - 2014-10-13 19:33 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Adobe
2014-12-20 18:48 - 2009-07-04 12:59 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-20 18:48 - 2009-07-04 12:59 - 00000000 ____D () C:\Program Files\Adobe
2014-12-20 18:39 - 2014-10-18 17:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-20 18:39 - 2014-10-18 17:25 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-20 18:39 - 2014-10-18 17:25 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-20 18:39 - 2014-10-18 17:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-20 18:39 - 2013-10-19 11:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-20 18:38 - 2009-07-04 12:57 - 00000000 ____D () C:\Program Files\Java
2014-12-18 21:26 - 2009-09-06 21:35 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Spotify
2014-12-12 16:29 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\MSAgent
2014-12-11 22:34 - 2011-09-26 10:49 - 00000680 _____ () C:\Users\Brandon\AppData\Local\d3d9caps.dat
2014-12-11 20:20 - 2011-04-15 14:31 - 00000000 ____D () C:\Users\Brandon\AppData\Local\CrashDumps
2014-12-11 17:42 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 23:52 - 2012-01-12 19:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 23:45 - 2013-07-12 17:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 23:39 - 2006-11-02 10:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-10 16:47 - 2013-11-14 20:24 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Research In Motion
2014-12-10 16:47 - 2013-11-14 20:22 - 00000000 ____D () C:\Program Files\Common Files\XCPCSync.OEM
2014-12-10 16:44 - 2013-11-14 20:23 - 00002009 _____ () C:\Users\Brandon\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-12-09 18:36 - 2012-04-08 16:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 18:36 - 2011-06-07 17:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-07 23:27 - 2013-04-10 14:46 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Skype
2014-12-03 17:43 - 2011-07-03 14:14 - 00000000 ____D () C:\Users\Brandon\Documents\Battlefield Heroes
2014-12-03 16:30 - 2006-11-02 10:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
 
Files to move or delete:
====================
C:\ProgramData\nXy6Y8Cd0.dat
C:\Users\Brandon\jagex_cl_runescape_LIVE.dat
C:\Users\Brandon\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Brandon\AppData\Local\Temp\Quarantine.exe
C:\Users\Brandon\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-23 12:49
 
==================== End Of Log ============================

 

 

 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Brandon at 2014-12-23 13:09:06
Running from C:\Users\Brandon\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Norton 360 (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk 3ds Max 2011 32-bit (HKLM\...\{67574624-BF0F-0409-AF6D-19FBD86FF7F7}) (Version: 13.0 - Autodesk)
Autodesk 3ds Max 2011 32-bit Components (HKLM\...\{99F80251-DAE8-0409-BD08-DCBBEF56B8CB}) (Version: 13.0 - Autodesk)
Autodesk Backburner 2008.1 (HKLM\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2008.1.1 - Autodesk, Inc.)
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 (HKLM\...\Autodesk FBX Plug-in 2011.1 - 3ds Max 2011) (Version:  - Autodesk)
Autodesk Material Library 2011 (HKLM\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.100 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
Battlefield Heroes (HKLM\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Composite 2011 (HKLM\...\{6406E3EA-9777-45B7-A0C0-89741E629352}) (Version: 6.0.0 - Autodesk)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Dragonica version TEST (HKLM\...\{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1) (Version: TEST - Gala Networks Europe Ltd.)
EA Download Manager (HKLM\...\EA Download Manager) (Version: 6.0.4.10 - Electronic Arts, Inc.)
EA Download Manager UI (HKLM\...\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 6.0.4.10 - Electronic Arts)
EA Download Manager UI (Version: 6.0.4 - Electronic Arts) Hidden
Google Chrome (HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKLM\...\Spotify) (Version: 0.3.23 - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-1106171686-1973982065-2742739167-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Brandon\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\neth.dll No File
CustomCLSID: HKU\S-1-5-21-1106171686-1973982065-2742739167-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
10-12-2014 23:36:20 Windows Update
13-12-2014 00:07:08 Scheduled Checkpoint
13-12-2014 23:16:42 Scheduled Checkpoint
14-12-2014 18:19:00 Windows Update
15-12-2014 18:55:19 Scheduled Checkpoint
17-12-2014 21:17:42 Scheduled Checkpoint
18-12-2014 23:13:36 Scheduled Checkpoint
19-12-2014 14:40:29 Windows Update
20-12-2014 18:42:25 Removed Java 7 Update 71
20-12-2014 18:50:08 Removed Spelling Dictionaries Support For Adobe Reader 9.
22-12-2014 18:51:57 Scheduled Checkpoint
23-12-2014 12:54:21 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 10:23 - 2014-12-10 18:38 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.79.92 www.google-analytics.com.
85.25.79.92 google-analytics.com.
85.25.79.92 connect.facebook.net.
162.247.13.54 www.google-analytics.com.
162.247.13.54 google-analytics.com.
162.247.13.54 connect.facebook.net.
95.141.32.66 www.google-analytics.com.
95.141.32.66 google-analytics.com.
95.141.32.66 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0CA7A1BF-B8D3-4D2D-90FA-E6098859B839} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0E101BDD-7D1C-437D-A872-05BE9D2832F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1106171686-1973982065-2742739167-1000Core => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {2078489D-25CA-4480-B7FA-EE68FA6863D8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2BF603F0-11D3-4F87-A5CC-F9D4DAAD8B58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {3F5958DC-58F8-431A-84C2-E646DCCACA8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1106171686-1973982065-2742739167-1000UA => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {5D91BC48-C9F1-4B5C-8BE8-B75B889D5296} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {84A1DD8F-CF9E-41D3-9A52-90922B62664F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {91B9FE24-2612-48B7-8548-328779AA3B84} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {92897E00-EB9D-44A6-9B5E-96E8C011C4B1} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BC870A12-C665-4001-A48B-20201E5D3BE5} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C4809DEC-D994-49A0-AE96-C1182858C1A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1106171686-1973982065-2742739167-1000Core.job => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1106171686-1973982065-2742739167-1000UA.job => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{B227A5F4-AD56-47F7-8E24-EE03A99BC5AB}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-17 18:07 - 2014-10-17 18:07 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\2d0d6a3fb1ef094ef224bb8adbcf8f33\VistaBridgeLibrary.ni.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-10 02:10 - 2010-03-10 02:10 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
2011-07-03 13:56 - 2014-11-20 18:01 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-10 22:18 - 2014-12-06 01:50 - 09009480 _____ () C:\Users\Brandon\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 22:18 - 2014-12-06 01:50 - 01677128 _____ () C:\Users\Brandon\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: updater => 2
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1106171686-1973982065-2742739167-500 - Administrator - Disabled)
Brandon (S-1-5-21-1106171686-1973982065-2742739167-1000 - Administrator - Enabled) => C:\Users\Brandon
Guest (S-1-5-21-1106171686-1973982065-2742739167-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/23/2014 00:44:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 00:45:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2014 09:37:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2014 02:27:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/23/2014 00:44:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (12/23/2014 00:44:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/23/2014 00:43:04 PM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482
 
Error: (12/22/2014 00:45:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/22/2014 00:45:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (12/22/2014 00:43:59 PM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482
 
Error: (12/21/2014 09:37:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (12/21/2014 09:37:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/21/2014 09:36:20 PM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482
 
Error: (12/21/2014 02:27:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (12/23/2014 00:44:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 00:45:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2014 09:37:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2014 02:27:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-23 13:09:02.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:09:01.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:09:01.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:09:01.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:08:48.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:08:48.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:08:48.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:08:47.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:08:39.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-23 13:08:38.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 52%
Total physical RAM: 3316.27 MB
Available physical RAM: 1562.09 MB
Total Pagefile: 6862.54 MB
Available Pagefile: 4831.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.69 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:298.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 98000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 23 December 2014 - 12:45 PM

Please do this next:

icon11.gif  You have more than one antivirus (AV) program running.  Your logs show both Norton 360 and Microsoft Security Essentials running.  Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer.  Please uninstall all but one of the AV applications.

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

Folder: C:\Users\Brandon\AppData\Local\Umkmedia
Folder: C:\Users\Brandon\AppData\Local\Ikrssoft
Folder: C:\ProgramData\MuxrIluk
Folder: C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
C:\ProgramData\nXy6Y8Cd0.dat
Hosts:
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Brandon00

Brandon00
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 23 December 2014 - 02:56 PM

Fix log.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2014 01
Ran by Brandon at 2014-12-23 19:10:57 Run:1
Running from C:\Users\Brandon\Downloads
Loaded Profile: Brandon (Available profiles: Brandon)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Folder: C:\Users\Brandon\AppData\Local\Umkmedia
Folder: C:\Users\Brandon\AppData\Local\Ikrssoft
Folder: C:\ProgramData\MuxrIluk
Folder: C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
C:\ProgramData\nXy6Y8Cd0.dat
Hosts:
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
EmptyTemp:
*****************
 
 
========================= Folder: C:\Users\Brandon\AppData\Local\Umkmedia ========================
 
2014-12-10 18:41 - 2014-12-10 18:41 - 0237076 _____ () C:\Users\Brandon\AppData\Local\Umkmedia\shellCommsInterval.dat
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Brandon\AppData\Local\Ikrssoft ========================
 
2014-12-10 18:40 - 2014-12-10 18:40 - 0000000 _____ () C:\Users\Brandon\AppData\Local\Ikrssoft\{CAFCEACE-8148-E117-6C15-F5CD12325C63}
2014-12-10 23:01 - 2014-12-10 23:01 - 0051220 _____ () C:\Users\Brandon\AppData\Local\Ikrssoft\MSNHelpMon2.dat
2014-12-10 23:01 - 2014-12-11 17:22 - 0033792 _____ () C:\Users\Brandon\AppData\Local\Ikrssoft\MSNHelpMon2.dll
2014-12-11 17:22 - 2014-12-11 17:22 - 0051220 _____ () C:\Users\Brandon\AppData\Local\Ikrssoft\MSNHelpMon2.dll.dat
2014-12-10 23:01 - 2014-12-10 23:01 - 0033792 _____ () C:\Users\Brandon\AppData\Local\Ikrssoft\MSNHelpMon2.dll.old
2014-12-11 18:37 - 2014-12-11 18:37 - 0051220 _____ () C:\Users\Brandon\AppData\Local\Ikrssoft\shellCommsInterval.dat
 
====== End of Folder: ======
 
 
========================= Folder: C:\ProgramData\MuxrIluk ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C} ========================
 
2014-12-10 18:28 - 2014-12-11 17:18 - 0228168 ____H () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\460d5dd19d67d
2014-12-10 18:28 - 2014-12-10 18:28 - 0000000 ____H () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\qoqcaaaigm.tmp
 
====== End of Folder: ======
 
C:\ProgramData\nXy6Y8Cd0.dat => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
EmptyTemp: => Removed 1.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:12:15 ====


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 23 December 2014 - 05:55 PM

Please do this next:
 
icon11.gif  Download Combofix from HERE, and save it to your desktop.  
 
**Note:  It is important that it is saved directly to your desktop**
 
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------
 
Double click on ComboFix.exe & follow the prompts. 
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
  • .
    Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.
     
    Please include the following in your next post:
    • ComboFix log

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #7 Brandon00

    Brandon00
    • Topic Starter

    • Members
    • 11 posts
    • OFFLINE
    •  
    • Local time:11:54 AM

    Posted 24 December 2014 - 10:29 AM

    ComboFix log         It has also created a internet explorer shortcut on my desktop.

     

     

    ComboFix 14-12-23.01 - Brandon 24/12/2014  15:11:19.1.4 - x86

    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3316.1272 [GMT 0:00]
    Running from: c:\users\Brandon\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Autorun.inf
    C:\Setup.exe
    c:\users\Brandon\videos\iLividSetupV1.exe
    c:\windows\msdownld.tmp
    c:\windows\system32\DEBUG.log
    c:\windows\system32\drivers\etc\hosts.txt
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-11-24 to 2014-12-24  )))))))))))))))))))))))))))))))
    .
    .
    2014-12-24 15:19 . 2014-12-24 15:19 -------- d-----w- c:\users\Brandon\AppData\Local\temp
    2014-12-24 15:19 . 2014-12-24 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-24 15:07 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0B3D298-AF4C-480A-92CB-4D7759C9C687}\mpengine.dll
    2014-12-23 12:56 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-12-20 18:48 . 2014-12-20 18:48 -------- d-----w- c:\program files\Common Files\Adobe
    2014-12-20 18:40 . 2014-12-20 18:40 -------- d-----w- c:\program files\Common Files\Java
    2014-12-20 18:28 . 2014-12-20 18:28 -------- d-----w- c:\windows\ERUNT
    2014-12-20 18:02 . 2014-12-23 19:16 -------- d-----w- C:\FRST
    2014-12-20 17:26 . 2014-12-21 21:34 -------- d-----w- C:\AdwCleaner
    2014-12-19 14:45 . 2014-09-16 16:32 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A22807E-F320-447D-8022-A39E5791E41A}\gapaengine.dll
    2014-12-11 20:38 . 2014-12-24 14:50 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-11 20:34 . 2014-12-11 20:34 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-12-11 20:34 . 2014-12-11 20:34 -------- d-----w- c:\programdata\Malwarebytes
    2014-12-11 20:34 . 2014-11-21 06:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-12-11 20:34 . 2014-11-21 06:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-11 20:34 . 2014-11-21 06:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-12-10 23:50 . 2014-11-04 00:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-12-10 23:49 . 2014-11-07 01:33 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-12-10 23:36 . 2014-12-03 02:06 278528 ----a-w- c:\windows\system32\schannel.dll
    2014-12-10 18:41 . 2014-12-20 13:45 -------- d-----w- c:\users\Brandon\AppData\Local\Umkmedia
    2014-12-10 18:40 . 2014-12-20 13:45 -------- d-----w- c:\users\Brandon\AppData\Local\Ikrssoft
    2014-12-10 18:29 . 2014-12-12 16:56 -------- d-----w- c:\programdata\MuxrIluk
    2014-12-10 18:28 . 2014-12-12 16:29 -------- d--h--w- c:\programdata\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
    2014-12-07 16:56 . 2014-12-07 16:56 -------- d-----w- c:\programdata\WindowsSearch
    2014-12-02 18:04 . 2014-12-11 21:16 -------- d-----w- c:\program files\mediainformationaccess
    2014-11-25 13:59 . 2014-11-25 13:59 18638520 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-23 21:48 . 2011-07-03 14:30 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2014-12-23 21:48 . 2011-07-03 13:56 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
    2014-12-23 20:35 . 2011-07-03 13:57 139648 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2014-12-23 20:35 . 2011-07-03 13:56 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2014-12-23 17:39 . 2011-07-03 13:56 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
    2014-12-23 17:35 . 2011-07-03 13:57 138056 ----a-w- c:\users\Brandon\AppData\Roaming\PnkBstrK.sys
    2014-12-20 18:39 . 2014-10-18 17:25 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-12-09 18:36 . 2012-04-08 16:48 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-09 18:36 . 2011-06-07 17:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-19 04:31 . 2014-11-19 04:31 1217192 ----a-w- c:\windows\system32\FM20.DLL
    2014-10-30 11:24 . 2010-08-23 11:57 229000 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-24 01:04 . 2014-11-12 23:58 67072 ----a-w- c:\windows\system32\packager.dll
    2014-10-24 01:03 . 2014-11-19 23:24 499200 ----a-w- c:\windows\system32\kerberos.dll
    2014-10-18 01:08 . 2014-11-12 23:53 564224 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-12 23:34 . 2014-11-12 23:47 2054656 ----a-w- c:\windows\system32\win32k.sys
    2014-10-10 01:01 . 2014-11-12 23:59 449536 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-10 01:00 . 2014-11-12 23:59 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-10 01:00 . 2014-11-12 23:59 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-09 23:22 . 2014-11-12 23:59 619520 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-03 01:18 . 2014-11-12 23:54 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-10-03 01:17 . 2014-11-12 23:54 170496 ----a-w- c:\windows\system32\EncDump.dll
    2014-10-03 01:17 . 2014-11-12 23:54 396800 ----a-w- c:\windows\system32\AudioEng.dll
    2014-10-03 01:17 . 2014-11-12 23:54 316928 ----a-w- c:\windows\system32\audiosrv.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Spotify Web Helper"="c:\users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-20 1676344]
    "Akamai NetSession Interface"="c:\users\Brandon\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
    "Steam"="c:\program files\Steam\Steam.exe" [2014-10-21 1938624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-13 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-13 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-13 141848]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-10-24 12017368]
    .
    c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1106171686-1973982065-2742739167-1000]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:00000001
    .
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:36]
    .
    2014-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:27]
    .
    2014-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:27]
    .
    2014-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1106171686-1973982065-2742739167-1000Core.job
    - c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 21:34]
    .
    2014-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1106171686-1973982065-2742739167-1000UA.job
    - c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 21:34]
    .
    2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{B227A5F4-AD56-47F7-8E24-EE03A99BC5AB}.job
    - c:\windows\system32\msfeedssync.exe [2014-12-10 20:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local;<local>
    Trusted Zone: aeriagames.com
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{70F851B8-7738-474A-9FC7-87364B8EFD2F}: NameServer = 8.8.8.8,8.8.8.8
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    WebBrowser-{80F6F9BF-9FD1-4F41-9DDF-6DD070F4F62F} - (no file)
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-12-24 15:19
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ... 
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,ea,48,b4,97,4d,74,44,a5,76,98,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,ea,48,b4,97,4d,74,44,a5,76,98,\
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.avi"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.M3U"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WMP11.AssocFile.WVX"
    .
    Completion time: 2014-12-24  15:21:16
    ComboFix-quarantined-files.txt  2014-12-24 15:21
    .
    Pre-Run: 320,973,475,840 bytes free
    Post-Run: 320,942,682,112 bytes free
    .
    - - End Of File - - 49DD2BA07C56DC35F643E92AE5FD7EEB
    5C616939100B85E558DA92B899A0FC36


    #8 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:54 AM

    Posted 24 December 2014 - 04:08 PM

    ComboFix resets a few things to their default settings which puts that icon on your desktop.  Feel free to delete it if you wish.  Please do this next:

    icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    icon11.gif  Open Malwarebytes AntiMalware (MBAM)


    • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • With some infections, you may see this message box.
      • 'Could not load DDA driver'
    • Click 'Yes' to this message, to allow the driver to load after a restart.
    • Allow the computer to restart. Continue with the rest of these instructions.
    • When the scan is complete, click Apply Actions.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    Please include the following in your next post:

    • adwCleaner log
    • MBAM log

    Edited by RPMcMurphy, 24 December 2014 - 04:09 PM.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #9 Brandon00

    Brandon00
    • Topic Starter

    • Members
    • 11 posts
    • OFFLINE
    •  
    • Local time:11:54 AM

    Posted 24 December 2014 - 05:34 PM

    AdwCleaner

     

     

    # AdwCleaner v4.106 - Report created 24/12/2014 at 22:11:41
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Live]
    # Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
    # Username : Brandon
    # Running from : C:\Users\Brandon\Downloads\AdwCleaner (3).exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v9.0.8112.16599
     
     
    -\\ Mozilla Firefox v
     
     
    -\\ Google Chrome v
     
     
    *************************
     
    AdwCleaner[R0].txt - [5150 octets] - [20/12/2014 17:26:58]
    AdwCleaner[R1].txt - [5210 octets] - [20/12/2014 17:29:06]
    AdwCleaner[R2].txt - [1260 octets] - [20/12/2014 18:10:00]
    AdwCleaner[R3].txt - [1082 octets] - [21/12/2014 21:32:26]
    AdwCleaner[R4].txt - [1202 octets] - [24/12/2014 18:36:56]
    AdwCleaner[R5].txt - [1262 octets] - [24/12/2014 22:09:40]
    AdwCleaner[S0].txt - [5375 octets] - [20/12/2014 17:31:21]
    AdwCleaner[S1].txt - [1327 octets] - [20/12/2014 18:12:01]
    AdwCleaner[S2].txt - [1144 octets] - [21/12/2014 21:34:14]
    AdwCleaner[S3].txt - [1184 octets] - [24/12/2014 22:11:41]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1244 octets] ##########

    Malware Bytes

     

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 24/12/2014
    Scan Time: 22:17:57
    Logfile: scan log.txt
    Administrator: Yes
     
    Version: 2.00.4.1028
    Malware Database: v2014.12.24.13
    Rootkit Database: v2014.12.23.02
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Brandon
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 347762
    Time Elapsed: 12 min, 49 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)

    Edited by Brandon00, 24 December 2014 - 05:34 PM.


    #10 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:54 AM

    Posted 24 December 2014 - 11:27 PM

    How is your computer running now?  Please do this next:

    icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

    Please include the following in your next post:
    • How is the computer running now?
    • ESET log


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #11 Brandon00

    Brandon00
    • Topic Starter

    • Members
    • 11 posts
    • OFFLINE
    •  
    • Local time:11:54 AM

    Posted 26 December 2014 - 11:58 AM

    My computer is running fine, no more redirects  :thumbup2:  . However, the ESET scan required me to download some online scanner in order to do the scan and i have not yet done it.



    #12 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:54 AM

    Posted 26 December 2014 - 02:02 PM

    Good!  Please run that scan when you have a chance though.  We want to make sure we have you completely cleaned up!


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #13 Brandon00

    Brandon00
    • Topic Starter

    • Members
    • 11 posts
    • OFFLINE
    •  
    • Local time:11:54 AM

    Posted 27 December 2014 - 11:42 AM

    ESET scan

     

     

     

    C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Rr Savings\CustomActionInstall.vir a variant of Win32/AdWare.Adpeak.I application
    C:\AdwCleaner\Quarantine\C\Program Files\Rr Savings\CustomActionUninstall.vir a variant of Win32/AdWare.Adpeak.I application
    C:\AdwCleaner\Quarantine\C\Program Files\Rr Savings\SendJson.dll.vir Win32/AdWare.Adpeak.H application
    C:\Users\Brandon\AppData\Local\Ikrssoft\MSNHelpMon2.dll a variant of Win32/Boaxxe.CI trojan
    C:\Users\Brandon\AppData\Local\Ikrssoft\MSNHelpMon2.dll.old a variant of Win32/Boaxxe.CI trojan
    C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\n4btd92d.default-1398518874367\extensions\{EEF3A49F-9AA8-A7E8-0FD2-4C49F3D600A0}\components\DirectSoundCompressorDMO.js Win32/Boaxxe.BU trojan
    C:\Users\Brandon\Documents\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


    #14 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:54 AM

    Posted 27 December 2014 - 02:11 PM

    These are the only concerning items in that scan.  The major AV vendors are all split on them - about half say they are fine but the others consider them dangerous.  If it were my computer, I’d remove them, but I’ll leave it up to you.  Let me know what you want do do, please.

    FF Extension: DirectSoundCompressorDMO 
    C:\Users\Brandon\AppData\Local\Ikrssoft\MSNHelpMon2.dll 

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #15 Brandon00

    Brandon00
    • Topic Starter

    • Members
    • 11 posts
    • OFFLINE
    •  
    • Local time:11:54 AM

    Posted 27 December 2014 - 02:18 PM

    I'd like to remove them please.


    Edited by Brandon00, 27 December 2014 - 02:45 PM.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users