Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with browser re-direct and unideal ads


  • This topic is locked This topic is locked
8 replies to this topic

#1 bitterb

bitterb

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 17 February 2015 - 02:56 PM

Hi ...I am new to this forum and my computer is infected with some sort of malware.....the ads that keep popping up say "powered by unideal" and clickng on a link will re-direct me to an unwanted page or tab.  Thanks

 
 


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:28 PM

Posted 20 February 2015 - 03:08 PM

:welcome:

 

Lets run a few scans and see whats going on

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #3 bitterb

    bitterb
    • Topic Starter

    • Members
    • 4 posts
    • OFFLINE
    •  
    • Local time:11:28 AM

    Posted 22 February 2015 - 10:17 AM

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-02-22 07:39:03
    -----------------------------
    07:39:04.045    OS Version: Windows 6.1.7601 Service Pack 1
    07:39:04.046    Number of processors: 2 586 0x301
    07:39:04.050    ComputerName: BRIAN-PC  UserName: Brian
    07:40:58.879    Initialize success
    07:41:02.195    VM: initialized successfully
    07:41:02.197    VM: Amd CPU BiosDisabled
    07:48:38.282    AVAST engine defs: 15022201
    07:55:04.514    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
    07:55:04.520    Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40F Size: 152627MB BusType: 3
    07:55:04.697    Disk 0 MBR read successfully
    07:55:04.703    Disk 0 MBR scan
    07:55:04.861    Disk 0 Windows 7 default MBR code
    07:55:04.879    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
    07:55:04.898    Disk 0 default boot code
    07:55:05.002    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       141940 MB offset 206848
    07:55:05.104    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        10583 MB offset 290899968
    07:55:05.153    Disk 0 scanning sectors +312573952
    07:55:05.457    Disk 0 scanning C:\Windows\system32\drivers
    07:55:35.809    Service scanning
    07:56:08.575    Service MpKsld385f514 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC258571-7C90-476F-B763-E7CAB416E202}\MpKsld385f514.sys **LOCKED** 32
    07:56:44.239    Modules scanning
    07:56:44.254    Disk 0 trace - called modules:
    07:56:44.282    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    07:56:44.292    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85889a38]
    07:56:44.305    3 CLASSPNP.SYS[8859b59e] -> nt!IofCallDriver -> [0x84af0580]
    07:56:44.317    5 ACPI.sys[833783d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85789030]
    07:56:45.762    AVAST engine scan C:\Windows
    07:56:50.111    AVAST engine scan C:\Windows\system32
    08:04:02.643    AVAST engine scan C:\Windows\system32\drivers
    08:04:37.591    AVAST engine scan C:\Users\Brian
    08:24:35.886    File: C:\Users\Brian\Downloads\Gone Girl (2014) 720p BrRip x264 - YIFY.exe  **INFECTED** Win32:Dropper-gen [Drp]
    08:27:55.971    AVAST engine scan C:\ProgramData
    08:31:01.582    File: C:\ProgramData\{fe4db219-fd1a-e82a-fe4d-db219fd1c867}\Gone Girl (2014) 720p BrRip x264 - YIFY.exe  **INFECTED** Win32:Dropper-gen [Drp]
    08:31:01.603    Disk 0 statistics 2991091/0/0 @ 1.51 MB/s
    08:31:01.615    Scan finished successfully
    09:07:40.034    Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
    09:07:40.115    The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-02-2015
    Ran by Brian (administrator) on BRIAN-PC on 22-02-2015 09:08:07
    Running from C:\Users\Brian\Desktop
    Loaded Profiles: Brian (Available profiles: Brian)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Lexar Media, Inc.) C:\Windows\System32\LxrSII1s.exe
    () C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\JOSrv.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\ProgramData\{fe4db219-fd1a-e82a-fe4d-db219fd1c867}\Gone Girl (2014) 720p BrRip x264 - YIFY.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    () C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\nsn9F42.tmp
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM\...\Run: [DelaypluginInstall] => [X]
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\RunOnce: [Update] => \VOPackage.exe /runonce
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
    AppInit_DLLs: c:/progra~2/{2307c~1/191~1.1/tafa.dll => c:/progra~2/{2307c~1/191~1.1/tafa.dll [964608 2015-02-04] ()
    Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gone Girl (2014) 720p BrRip x264 - YIFY.lnk
    ShortcutTarget: Gone Girl (2014) 720p BrRip x264 - YIFY.lnk -> C:\ProgramData\{fe4db219-fd1a-e82a-fe4d-db219fd1c867}\Gone Girl (2014) 720p BrRip x264 - YIFY.exe ()
    BootExecute: autocheck autochk * sdnclean.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://mytoba.ca/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1511418393-2390573130-3487323023-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://www.google.com/search?q={searchTerms}
    Toolbar: HKU\S-1-5-21-1511418393-2390573130-3487323023-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
    Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
    Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
    Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
    Winsock: Catalog9 23 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
    Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\uakw3au7.default-1424213235987
    FF DefaultSearchEngine: Google
    FF Homepage: hxxp://mytoba.ca/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1511418393-2390573130-3487323023-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
    CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
    CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
    CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
    CHR Extension: (Google Wallet) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
    CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 dibudyzy; C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\nsn9F42.tmp [223744 2015-02-18] () [File not signed]
    R2 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 serverjo; C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\JOSrv.exe [128000 2015-02-17] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-08-30] (GFI Software)
    R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
    R2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
    R1 MpKsld385f514; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC258571-7C90-476F-B763-E7CAB416E202}\MpKsld385f514.sys [39464 2015-02-22] (Microsoft Corporation)
    R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [31616 2007-01-15] ()
    R3 VC0130Afx; C:\Windows\System32\Drivers\C0130Afx.sys [142656 2007-06-10] (Creative Technology Ltd.)
    R3 VC0130Aud; C:\Windows\System32\Drivers\C0130Aud.sys [94976 2007-03-27] (Creative Technology Ltd.)
    R3 VC0130Dev; C:\Windows\System32\DRIVERS\C0130Vid.sys [690656 2007-04-17] (Creative Technology Ltd.)
    R3 VC0130Vfx; C:\Windows\System32\DRIVERS\C0130VFx.sys [6912 2006-06-19] (EyePower Games Pte. Ltd.)
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
    S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    U3 aswMBR; \??\C:\Users\Brian\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\Brian\AppData\Local\Temp\aswVmm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-22 09:08 - 2015-02-22 09:08 - 00012665 _____ () C:\Users\Brian\Desktop\FRST.txt
    2015-02-22 09:07 - 2015-02-22 09:07 - 00002720 _____ () C:\Users\Brian\Desktop\aswMBR.txt
    2015-02-22 09:07 - 2015-02-22 09:07 - 00000512 _____ () C:\Users\Brian\Desktop\MBR.dat
    2015-02-22 07:37 - 2015-02-22 07:38 - 05198336 _____ (AVAST Software) C:\Users\Brian\Downloads\aswMBR.exe
    2015-02-22 07:16 - 2015-02-22 07:16 - 06958304 _____ (Microsoft Corporation) C:\Users\Brian\Downloads\Silverlight(1).exe
    2015-02-18 09:19 - 2015-02-18 09:19 - 00001322 _____ () C:\Windows\wininit.ini
    2015-02-18 08:26 - 2015-02-18 09:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-02-18 08:26 - 2015-02-18 08:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2015-02-18 08:26 - 2015-02-18 08:26 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-02-18 08:26 - 2015-02-18 08:26 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-02-18 08:26 - 2015-02-18 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-02-18 08:26 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2015-02-18 08:19 - 2015-02-18 08:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Brian\Downloads\spybot-2.4.exe
    2015-02-17 20:36 - 2015-02-17 20:36 - 00347816 _____ (Microsoft Corporation) C:\Users\Brian\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.134765415615679.1.1.Run.exe
    2015-02-17 16:58 - 2015-02-17 16:58 - 00000000 _____ () C:\autoexec.bat
    2015-02-17 16:54 - 2015-02-17 16:54 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Brian\Downloads\SpyHunter-Installer.exe
    2015-02-17 16:54 - 2015-02-17 16:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2015-02-17 15:53 - 2015-02-17 15:53 - 01388274 _____ (Thisisu) C:\Users\Brian\Downloads\JRT(1).exe
    2015-02-17 13:40 - 2015-02-20 18:01 - 00001091 _____ () C:\Users\Brian\Desktop\Continue Live Installation.lnk
    2015-02-17 11:48 - 2015-02-17 11:48 - 02112512 _____ () C:\Users\Brian\Downloads\AdwCleaner(2).exe
    2015-02-17 09:34 - 2015-02-17 09:34 - 00000000 ____D () C:\Program Files\Sy2zmntg1mziwzdb
    2015-02-17 09:32 - 2015-02-17 10:18 - 00000000 ___HD () C:\Users\Public\Temp
    2015-02-17 09:32 - 2015-02-17 09:40 - 00000000 ____D () C:\Users\Brian\AppData\Local\BrowserHelper
    2015-02-17 09:31 - 2015-02-22 07:08 - 00001334 _____ () C:\Windows\Tasks\SKNX.job
    2015-02-17 09:31 - 2015-02-17 09:31 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
    2015-02-17 09:30 - 2015-02-22 07:08 - 00001686 _____ () C:\Windows\Tasks\AOEMUXJK.job
    2015-02-17 09:27 - 2015-02-17 09:27 - 00000000 ____D () C:\ProgramData\SearchModulePlus
    2015-02-17 09:25 - 2015-02-18 10:00 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C
    2015-02-17 09:21 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
    2015-02-17 09:20 - 2015-02-17 09:20 - 00000882 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\JunkCleaner.lnk
    2015-02-17 09:20 - 2015-02-17 09:20 - 00000864 _____ () C:\ProgramData\JunkCleaner.lnk
    2015-02-17 09:19 - 2015-02-17 09:20 - 00000000 ____D () C:\ProgramData\All copyright reserved - 2014
    2015-02-17 09:19 - 2015-02-17 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC
    2015-02-17 09:19 - 2015-02-17 09:19 - 00000000 ____D () C:\Program Files\download Manager
    2015-02-17 08:55 - 2015-02-17 08:56 - 10288040 _____ (SurfRight B.V.) C:\Users\Brian\Downloads\HitmanPro(1).exe
    2015-02-17 08:54 - 2015-02-17 08:54 - 00001226 _____ () C:\Users\Brian\Desktop\Revo Uninstaller.lnk
    2015-02-17 08:53 - 2015-02-17 08:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Brian\Downloads\revosetup.exe
    2015-02-17 07:49 - 2015-02-17 07:49 - 02112512 _____ () C:\Users\Brian\Downloads\adwcleaner_4.110(1).exe
    2015-02-15 21:11 - 2015-02-15 21:11 - 00056200 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\y2jmnzg4mzywyjb.sys
    2015-02-14 18:29 - 2015-02-14 18:29 - 00000000 ____D () C:\Program Files\LibrarySystem
    2015-02-14 18:28 - 2015-02-14 19:42 - 00000000 ____D () C:\Users\Brian\Downloads\Gone Girl (2014)
    2015-02-14 18:25 - 2015-02-17 00:03 - 00000000 ____D () C:\ProgramData\{fe4db219-fd1a-e82a-fe4d-db219fd1c867}
    2015-02-14 18:24 - 2015-02-14 18:24 - 01113600 _____ () C:\Users\Brian\Downloads\Gone Girl (2014) 720p BrRip x264 - YIFY.exe
    2015-02-14 18:22 - 2015-02-17 13:41 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\uTorrent
    2015-02-14 18:22 - 2015-02-14 18:22 - 01742416 _____ (BitTorrent Inc.) C:\Users\Brian\Downloads\uTorrent(1).exe
    2015-02-14 08:46 - 2015-02-14 08:46 - 02112512 _____ () C:\Users\Brian\Downloads\AdwCleaner(1).exe
    2015-02-14 08:43 - 2015-02-22 09:08 - 00000000 ____D () C:\Users\Brian\Desktop\FRST-OlderVersion
    2015-02-13 11:16 - 2015-02-13 11:16 - 00019179 _____ () C:\Users\Brian\Downloads\Addition.txt
    2015-02-13 11:15 - 2015-02-13 11:21 - 00029111 _____ () C:\Users\Brian\Downloads\FRST.txt
    2015-02-13 11:14 - 2015-02-22 09:08 - 01126400 _____ (Farbar) C:\Users\Brian\Desktop\FRST.exe
    2015-02-13 11:14 - 2015-02-22 09:08 - 00000000 ____D () C:\FRST
    2015-02-13 09:18 - 2015-02-17 10:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-13 09:18 - 2015-02-13 09:18 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-13 09:18 - 2015-02-13 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-13 09:18 - 2015-02-13 09:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-02-13 09:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-13 09:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-13 09:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-13 09:17 - 2015-02-13 09:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-2.0.4.1028(1).exe
    2015-02-13 09:03 - 2015-02-13 09:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-2.0.4.1028.exe
    2015-02-13 07:11 - 2015-01-22 21:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-13 07:11 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 15:32 - 2015-02-12 15:32 - 00000000 ____D () C:\Program Files\ESET
    2015-02-12 15:11 - 2015-02-17 11:53 - 00000000 ____D () C:\AdwCleaner
    2015-02-12 15:10 - 2015-02-12 15:10 - 02112512 _____ () C:\Users\Brian\Downloads\adwcleaner_4.110.exe
    2015-02-12 15:05 - 2015-02-12 15:06 - 38804664 _____ (Microsoft Corporation) C:\Users\Brian\Downloads\Windows-KB890830-V5.21.exe
    2015-02-12 13:54 - 2015-02-12 13:54 - 00509440 _____ (Tech Support Guy System) C:\Users\Brian\Downloads\SysInfo.exe
    2015-02-12 13:47 - 2015-02-12 13:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Brian\Downloads\HijackThis.exe
    2015-02-12 13:47 - 2015-02-12 13:47 - 00005688 _____ () C:\Users\Brian\Downloads\hijackthis.log
    2015-02-11 09:27 - 2015-01-15 01:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 09:27 - 2015-01-15 01:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 09:27 - 2015-01-15 01:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 09:27 - 2015-01-15 01:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 09:27 - 2015-01-15 01:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 09:27 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 09:27 - 2015-01-15 01:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 09:27 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 09:27 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 09:27 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 09:27 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 09:27 - 2015-01-14 22:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 09:27 - 2015-01-08 20:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-11 09:27 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-11 09:27 - 2015-01-08 20:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-11 09:27 - 2015-01-08 19:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-11 09:26 - 2015-02-03 20:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 09:26 - 2015-02-03 20:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-11 09:26 - 2015-02-03 20:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 09:26 - 2015-01-27 17:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 09:26 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-02-11 09:26 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 09:26 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 09:25 - 2015-01-13 23:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 09:25 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 09:25 - 2015-01-11 20:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 09:25 - 2015-01-11 20:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 09:25 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 09:25 - 2015-01-11 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 09:25 - 2015-01-11 20:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 09:25 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 09:25 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 09:25 - 2015-01-11 20:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 09:25 - 2015-01-11 19:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 09:25 - 2015-01-11 19:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 09:25 - 2015-01-11 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 09:25 - 2015-01-11 19:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 09:25 - 2015-01-11 19:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 09:25 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 09:25 - 2015-01-11 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 09:25 - 2015-01-11 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 09:25 - 2015-01-11 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 09:25 - 2015-01-11 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 09:25 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 09:25 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 09:25 - 2015-01-11 19:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 09:25 - 2015-01-11 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 09:25 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 09:25 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 09:25 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 09:25 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 09:25 - 2015-01-10 00:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 09:24 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 09:24 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-11 09:24 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-04 11:59 - 2015-02-13 07:45 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\NCH Software
    2015-02-04 11:59 - 2015-02-04 11:59 - 00000000 ____D () C:\ProgramData\NCH Software
    2015-02-04 11:49 - 2015-02-04 11:54 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Audacity
    2015-02-04 11:48 - 2015-02-04 11:48 - 22892794 _____ (Audacity Team ) C:\Users\Brian\Downloads\audacity-win-2.0.6.exe
    2015-02-04 11:44 - 2015-02-04 11:44 - 00000000 ____D () C:\ProgramData\85e17b600005157
    2015-02-04 11:41 - 2015-02-04 11:41 - 00000000 ____D () C:\Users\Brian\AppData\Local\GGEmpire
    2015-02-04 11:40 - 2015-02-04 11:40 - 00000000 ____D () C:\ProgramData\{2307CBC4-7385-1A42-C203-6AC01281B94E}
    2015-02-04 09:24 - 2015-02-04 09:24 - 00000000 ____D () C:\Users\Brian\VideoPlayer Picture
    2015-02-01 17:33 - 2015-02-01 18:45 - 00000000 ____D () C:\Users\Brian\Desktop\pics
    2015-01-26 20:31 - 2015-01-26 20:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-25 10:12 - 2015-01-25 10:12 - 00002086 _____ () C:\Users\Brian\AppData\Roaming\SKNX
    2015-01-25 10:12 - 2015-01-25 10:12 - 00001248 _____ () C:\Users\Brian\AppData\Roaming\AOEMUXJK

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-22 09:06 - 2014-06-24 07:34 - 00209664 _____ () C:\Windows\setupact.log
    2015-02-22 08:30 - 2013-07-15 21:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-22 07:34 - 2013-07-14 18:59 - 01855223 _____ () C:\Windows\WindowsUpdate.log
    2015-02-21 07:25 - 2009-07-13 22:34 - 00026368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-21 07:25 - 2009-07-13 22:34 - 00026368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-19 18:48 - 2013-08-27 09:05 - 00000000 ____D () C:\Users\Brian\Documents\Recipes
    2015-02-17 20:47 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-17 20:46 - 2010-11-20 15:48 - 00279478 _____ () C:\Windows\PFRO.log
    2015-02-17 16:47 - 2014-01-21 08:25 - 00000000 ____D () C:\Users\Brian\Desktop\Old Firefox Data
    2015-02-17 15:54 - 2014-02-02 08:17 - 00000000 ____D () C:\Users\Brian\AppData\Local\CrashDumps
    2015-02-17 11:20 - 2014-10-21 09:17 - 00000000 ____D () C:\Windows\Minidump
    2015-02-17 09:52 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-02-17 09:47 - 2014-11-02 08:53 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-17 09:47 - 2013-07-15 21:00 - 00000000 ____D () C:\Users\Brian\AppData\Local\Adobe
    2015-02-17 09:47 - 2013-07-14 20:09 - 00001417 _____ () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-02-17 09:36 - 2014-11-03 07:33 - 00000000 ____D () C:\Program Files\VS Revo Group
    2015-02-17 09:32 - 2009-07-13 20:37 - 00000000 ___RD () C:\Users\Public
    2015-02-17 09:32 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\System
    2015-02-17 09:31 - 2013-12-11 07:52 - 00000000 ____D () C:\Program Files\Google
    2015-02-17 00:02 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Branding
    2015-02-14 19:07 - 2010-11-20 15:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-14 09:59 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
    2015-02-13 11:18 - 2013-10-12 15:01 - 00000000 ____D () C:\Users\Brian\Documents\New folder
    2015-02-13 07:13 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-02-12 13:47 - 2013-07-14 20:08 - 00000000 ____D () C:\Users\Brian\AppData\Local\VirtualStore
    2015-02-12 08:34 - 2009-07-13 22:33 - 00335440 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-12 08:33 - 2014-11-02 08:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-12 08:30 - 2014-12-12 06:35 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-12 08:30 - 2014-05-07 07:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-12 08:30 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
    2015-02-12 08:11 - 2013-07-15 17:53 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-12 07:41 - 2013-09-01 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-12 07:22 - 2013-07-15 21:08 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-12 07:22 - 2013-07-15 21:07 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-12 07:21 - 2013-07-15 21:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-05 08:30 - 2013-07-15 21:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-05 08:30 - 2013-07-15 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-05 00:54 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
    2015-02-04 11:40 - 2014-11-02 08:53 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-04 09:24 - 2013-07-14 19:08 - 00000000 ____D () C:\Users\Brian
    2015-02-02 05:55 - 2013-07-19 12:56 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Skype
    2015-01-29 17:49 - 2013-07-15 16:51 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2015-01-25 10:12 - 2015-01-25 10:12 - 0001248 _____ () C:\Users\Brian\AppData\Roaming\AOEMUXJK
    2014-01-18 19:25 - 2014-01-18 19:25 - 0087608 _____ () C:\Users\Brian\AppData\Roaming\inst.exe
    2014-01-18 19:25 - 2014-01-18 19:25 - 0007887 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.cat
    2014-01-18 19:25 - 2014-01-18 19:25 - 0001144 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.inf
    2014-01-18 19:26 - 2014-01-18 19:26 - 0000034 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.log
    2014-01-18 19:25 - 2014-01-18 19:25 - 0047360 _____ (VSO Software) C:\Users\Brian\AppData\Roaming\pcouffin.sys
    2015-01-25 10:12 - 2015-01-25 10:12 - 0002086 _____ () C:\Users\Brian\AppData\Roaming\SKNX
    2014-01-18 19:27 - 2014-08-16 14:28 - 0001041 _____ () C:\Users\Brian\AppData\Roaming\vso_ts_preview.xml
    2013-12-27 19:45 - 2014-01-22 04:52 - 0000081 _____ () C:\Users\Brian\AppData\Roaming\WB.CFG
    2014-08-28 22:06 - 2014-08-28 22:06 - 0007618 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
    2015-02-17 09:20 - 2015-02-17 09:20 - 0000864 _____ () C:\ProgramData\JunkCleaner.lnk

    Some content of TEMP:
    ====================
    C:\Users\Brian\AppData\Local\Temp\CTPBSEQ.EXE


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-13 08:36

    ==================== End Of Log ====================================================================

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-02-2015
    Ran by Brian at 2015-02-22 09:09:25
    Running from C:\Users\Brian\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
    Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version:  - )
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
    ConvertXtoDVD 4.0.3.313 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.3.313 - )
    CopyTrans Suite Remove Only (HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
    Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version:  - )
    Creative Live! Cam Doodling (HKLM\...\Creative Live! Cam Doodling) (Version:  - )
    Creative Live! Cam FX Creator (HKLM\...\Creative Live! Cam FX Creator) (Version:  - )
    Creative Live! Cam Manager (HKLM\...\Creative Live! Cam Manager) (Version:  - )
    Creative Live! Cam Notebook Ultra Driver (1.02.01.00)   (HKLM\...\Creative VC0130) (Version:  - )
    Creative Live! Cam Notebook Ultra User's Guide (English) (HKLM\...\Creative Live! Cam Notebook Ultra User's Guide English) (Version:  - )
    Creative Photo Calendar (HKLM\...\Creative Photo Calendar) (Version:  - )
    Creative Photo Manager (HKLM\...\Creative Photo Manager) (Version:  - )
    Creative System Information (HKLM\...\SysInfo) (Version:  - )
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Junk Cleaner (Version: 1.1.6.1 - Pandaje Group) Hidden
    Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
    Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Media Go (HKLM\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
    Media Go Network Downloader (HKLM\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
    Media Go Video Playback Engine 2.4.104.12040 (HKLM\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.104.12040 - Sony)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    NWZ-E380 WALKMAN Guide (HKLM\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
    PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.21 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    StudioTax 2013 (HKLM\...\{A02B37F4-26DA-454A-9997-B006D3587102}) (Version: 9.1.9.2 - BHOK IT Consulting)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1511418393-2390573130-3487323023-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Brian\AppData\Local\Temp\0585bB\temp\Gone Girl (2014) 720p BrRip x264 - YIFY.exe No File

    ==================== Restore Points  =========================

    13-02-2015 18:44:28 Removed Java 7 Update 45
    14-02-2015 07:42:17 Windows Update
    17-02-2015 09:08:46 Checkpoint by HitmanPro
    17-02-2015 09:39:39 Removed iRip
    17-02-2015 19:41:36 Revo Uninstaller's restore point - SpyHunter 4
    17-02-2015 20:59:57 Windows Update
    21-02-2015 19:34:12 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-02-17 16:58 - 2015-02-17 16:58 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1A0CE612-64A9-4F93-A6FE-DC22D216F7AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {1A4064C9-AA0F-4107-9605-9C9DECEDBD67} - System32\Tasks\SKNX => C:\Users\Brian\AppData\Roaming\SKNX.exe <==== ATTENTION
    Task: {250C00C7-A064-41BF-898B-E3EF02991B6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {3E88F7DB-E11B-4349-9A5B-7FF5FD37191B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {3FD864D4-D12E-4666-976B-F087D4525260} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {5285CCB4-42FE-4A5B-90D8-9F8204D9E9A6} - System32\Tasks\Launch 1171 => C:\Program Files\YTDownloader\YTDownloader.exe
    Task: {55B69203-1CB7-416F-97AF-FB31ACC352B6} - System32\Tasks\AOEMUXJK => C:\Users\Brian\AppData\Roaming\AOEMUXJK.exe <==== ATTENTION
    Task: {663691C9-1668-4E8D-83D4-16A550EA877C} - System32\Tasks\CXFYCNE => C:\ProgramData\2abfacb28a86414db67072195669c416\2abfacb28a86414db67072195669c416.exe
    Task: {72D0DCA0-5F6D-4318-93E3-B4C6054287B4} - System32\Tasks\{632865A6-7C91-4E86-B845-2C31D0802344} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
    Task: {7968AD58-D859-45A1-8FCA-608F51193459} - System32\Tasks\Inst_Rep => C:\Users\Brian\AppData\Local\Installer\Install_28357\DCytdieamo_amodc_setup.exe [2015-02-17] ()
    Task: {7E6F23FB-8459-47F6-9959-78AEC59B5EC2} - \Binkiland tafa No Task File <==== ATTENTION
    Task: {8BB8AA7A-5F79-48B0-8F47-73DFB3F0BCF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {A83BDD52-CEA1-4C13-A373-9C2A9E7FC7DB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {CA871926-FB09-4E19-920B-8F3478828719} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AOEMUXJK.job => C:\Users\Brian\AppData\Roaming\AOEMUXJK.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SKNX.job => C:\Users\Brian\AppData\Roaming\SKNX.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2013-07-15 17:03 - 2014-07-02 13:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-02-18 08:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-02-18 08:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-02-17 09:26 - 2015-02-17 09:26 - 00128000 _____ () C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\JOSrv.exe
    2014-02-14 18:25 - 2014-02-14 18:25 - 01113600 _____ () C:\ProgramData\{fe4db219-fd1a-e82a-fe4d-db219fd1c867}\Gone Girl (2014) 720p BrRip x264 - YIFY.exe
    2015-02-18 08:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-01-26 20:31 - 2015-01-26 20:31 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2015-02-18 08:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-02-18 08:26 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-02-18 10:00 - 2015-02-18 10:00 - 00223744 _____ () C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\nsn9F42.tmp
    2015-02-05 08:30 - 2015-02-05 08:30 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1511418393-2390573130-3487323023-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.100.254 - 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    MSCONFIG\startupreg: Creative Live! Cam Manager => "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: uTorrent => "C:\Users\Brian\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1511418393-2390573130-3487323023-500 - Administrator - Disabled)
    Brian (S-1-5-21-1511418393-2390573130-3487323023-1000 - Administrator - Enabled) => C:\Users\Brian
    Guest (S-1-5-21-1511418393-2390573130-3487323023-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1511418393-2390573130-3487323023-1003 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: MpKslbd0488d8
    Description: MpKslbd0488d8
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKslbd0488d8
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/22/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 553850

    Error: (02/22/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 553850

    Error: (02/22/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/22/2015 09:06:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 552851

    Error: (02/22/2015 09:06:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 552851

    Error: (02/22/2015 09:06:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/22/2015 09:06:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 551837

    Error: (02/22/2015 09:06:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 551837

    Error: (02/22/2015 09:06:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/22/2015 09:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 550777


    System errors:
    =============
    Error: (02/17/2015 08:47:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error: (02/17/2015 08:31:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Font Portal service failed to start due to the following error:
    %%5

    Error: (02/17/2015 04:58:03 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/17/2015 04:57:52 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (02/17/2015 04:27:27 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================
    Error: (02/22/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 553850

    Error: (02/22/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 553850

    Error: (02/22/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/22/2015 09:06:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 552851

    Error: (02/22/2015 09:06:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 552851

    Error: (02/22/2015 09:06:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/22/2015 09:06:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 551837

    Error: (02/22/2015 09:06:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 551837

    Error: (02/22/2015 09:06:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/22/2015 09:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 550777


    ==================== Memory info ===========================

    Processor: AMD Athlon Dual-Core QL-62
    Percentage of memory in use: 70%
    Total physical RAM: 1790.43 MB
    Available physical RAM: 528.53 MB
    Total Pagefile: 3580.85 MB
    Available Pagefile: 1167.43 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1900.26 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:138.61 GB) (Free:65.52 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:10.33 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 8FB11AD3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=138.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #4 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:01:28 PM

    Posted 22 February 2015 - 11:07 AM

    Lets run some basic cleanup, run these programs in order please and post the log for each one

     

     
     
    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 bitterb

    bitterb
    • Topic Starter

    • Members
    • 4 posts
    • OFFLINE
    •  
    • Local time:11:28 AM

    Posted 22 February 2015 - 01:55 PM

    I checked clean and when my computer re-booted I couldn't open anything in Firefox or Explorer...all I got was a blank browser.....so I restored mycomputer...I'm not sure what happened but this is the log I saved before I hit clean

     

     

     

     

     

     

     AdwCleaner v4.111 - Logfile created 22/02/2015 at 12:17:49

    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x86)
    # Username : Brian - BRIAN-PC
    # Running from : C:\Users\Brian\Downloads\AdwCleaner(3).exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\download Manager
    Folder Deleted : C:\Users\Brian\AppData\Local\BrowserHelper
    File Deleted : C:\Windows\system32\ColorMedia.dll
    File Deleted : C:\Users\Brian\Desktop\Continue Live Installation.lnk

    ***** [ Scheduled tasks ] *****

    Task Deleted : Inst_Rep

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    -\\ Google Chrome v


    -\\ Comodo Dragon v


    -\\ Chrome Canary v


    *************************

    AdwCleaner[R2].txt - [3762 bytes] - [12/02/2015 15:14:39]
    AdwCleaner[R3].txt - [945 bytes] - [14/02/2015 08:46:33]
    AdwCleaner[R4].txt - [2763 bytes] - [17/02/2015 08:02:36]
    AdwCleaner[R5].txt - [6296 bytes] - [17/02/2015 11:48:36]
    AdwCleaner[R6].txt - [1629 bytes] - [22/02/2015 12:03:10]
    AdwCleaner[R7].txt - [1688 bytes] - [22/02/2015 12:12:40]
    AdwCleaner[S2].txt - [5376 bytes] - [12/02/2015 15:18:21]
    AdwCleaner[S3].txt - [1010 bytes] - [14/02/2015 09:01:51]
    AdwCleaner[S4].txt - [2925 bytes] - [17/02/2015 08:15:39]
    AdwCleaner[S5].txt - [6520 bytes] - [17/02/2015 11:53:06]
    AdwCleaner[S6].txt - [1627 bytes] - [22/02/2015 12:17:49]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1686  bytes] ##########
     



    #6 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:01:28 PM

    Posted 22 February 2015 - 02:28 PM

    I dont see anything that would create a blank browser, but looks like you have taken care of it

     

    Go ahead and run Junkware and Malwarebytes


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #7 bitterb

    bitterb
    • Topic Starter

    • Members
    • 4 posts
    • OFFLINE
    •  
    • Local time:11:28 AM

    Posted 23 February 2015 - 02:50 PM

    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Ultimate x86
    Ran by Brian on 23/02/2015 at  7:42:06.47
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 23/02/2015 at  7:44:38.84
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 23/02/2015
    Scan Time: 1:01:09 PM
    Logfile: mam.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.23.07
    Rootkit Database: v2015.02.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Brian

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 352011
    Time Elapsed: 28 min, 21 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 2
    PUP.Optional.MultiPlug.A, C:\ProgramData\{fe4db219-fd1a-e82a-fe4d-db219fd1c867}\Gone Girl (2014) 720p BrRip x264 - YIFY.exe, 3920, , [f0f32cf5d0ba7db95ab050d5709219e7]
    PUP.Optional.JOSrv.A, C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\JOSrv.exe, 2444, , [08dbd74a3f4bf5410d2d6d29e122fa06]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.JOSrv.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVERJO, , [08dbd74a3f4bf5410d2d6d29e122fa06],
    PUP.Optional.ObjectBrowser.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Object Browser-nv-ie, , [09daed344347d165ed32fc99847fe51b],
    PUP.Optional.ObjectBrowser.A, HKU\S-1-5-21-1511418393-2390573130-3487323023-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Object Browser-nv-ie, , [f0f3c160216977bf54cb692c43c0f010],

    Registry Values: 1
    PUP.Optional.JOSrv.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVERJO|ImagePath, C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\JOSrv.exe, , [08dbd74a3f4bf5410d2d6d29e122fa06]

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.LibrarySystem.A, C:\Program Files\LibrarySystem, , [fee51b060a80989e78718a0b897a7f81],

    Files: 4
    PUP.Optional.MultiPlug.A, C:\ProgramData\{fe4db219-fd1a-e82a-fe4d-db219fd1c867}\Gone Girl (2014) 720p BrRip x264 - YIFY.exe, , [f0f32cf5d0ba7db95ab050d5709219e7],
    PUP.Optional.MultiPlug.A, C:\Users\Brian\Downloads\Gone Girl (2014) 720p BrRip x264 - YIFY.exe, , [6182ee332f5bd85e977368bdf40e35cb],
    PUP.Optional.LibrarySystem.A, C:\Program Files\LibrarySystem\LibrarySystem.dll, , [fee51b060a80989e78718a0b897a7f81],
    PUP.Optional.JOSrv.A, C:\Users\Brian\AppData\Roaming\00AF7988-1424165137-DD11-995A-D3D3351EF51C\JOSrv.exe, , [08dbd74a3f4bf5410d2d6d29e122fa06],

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    #8 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:01:28 PM

    Posted 23 February 2015 - 03:18 PM

    Good, but did Malwarebytes Quarantine those items ?  They need to be gone, you may have to run Malwarebytes again to make sure its clean, let me know if there gone

     

    Then run a new scan with FRST64, make sure you checkmark Additions and post both new logs please


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #9 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:01:28 PM

    Posted 27 February 2015 - 02:48 PM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users