Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malicious File Download 12 Help [Solved]


  • This topic is locked This topic is locked

#1
Azreide

Azreide

    Member

  • Member
  • PipPip
  • 21 posts

Okay, well what it's doing, is it seems to be redirecting me shortly after I click to go to a new page. To be more specifically, it's like it's "changing" the current page to that certain page, because hitting back returns to the page before that one. It redirects to something telling me to update my video drivers, and that I'm using Google Chrome.

The problem is that I have removed it according to the Norton, have removed it with several other things too (adwcleaner and JRT) but it still redirects me. It says down the bottom that it's blocked it, but it redirects to a page saying that the page can't be displayed, like it's only half doing it. Any solutions?


Edited by Azreide, 08 January 2015 - 06:22 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi first I will need to look at the system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here ya go.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Mason (administrator) on MASON-PC on 10-01-2015 03:08:34
Running from C:\Users\Mason\Desktop
Loaded Profile: Mason (Available profiles: Mason)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(BitTorrent Inc.) C:\Users\Mason\AppData\Roaming\BitTorrent\BitTorrent.exe
(Akamai Technologies, Inc.) C:\Users\Mason\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\puush\puush.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Akamai Technologies, Inc.) C:\Users\Mason\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) H:\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) H:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) H:\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-08-01] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-09] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-40517483-3242870874-2281284425-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-40517483-3242870874-2281284425-1000\...\Run: [BitTorrent] => C:\Users\Mason\AppData\Roaming\BitTorrent\BitTorrent.exe [1381208 2014-12-11] (BitTorrent Inc.)
HKU\S-1-5-21-40517483-3242870874-2281284425-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mason\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-40517483-3242870874-2281284425-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-40517483-3242870874-2281284425-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-11-18] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-40517483-3242870874-2281284425-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.c....aspx?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-40517483-3242870874-2281284425-1000 -> {44880015-BCAE-48E7-A546-FCEA7C2EDF9D} URL = https://au.search.ya...p={searchTerms}
BHO: ccopunok -> {4b8e006c-d705-4c34-82c0-7dab8b0f5a05} -> C:\ProgramData\ccopunok\R4ddgJpY5vr4k0.x64.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-40517483-3242870874-2281284425-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Tcpip\..\Interfaces\{430007CC-0FAE-4F6D-90A4-387DB11A7009}: [NameServer] 61.9.134.49 61.9.226.33

FireFox:
========
FF ProfilePath: C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default
FF Keyword.URL: https://au.search.ya...&type=242154&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-40517483-3242870874-2281284425-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\searchplugins\yahoo_ff.xml
FF Extension: coinsave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-19]
FF Extension: takesave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-22]
FF Extension: shoppi - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-19]
FF Extension: coinsave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-22]
FF Extension: DownloadHelper - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2015-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-01-10]
FF HKU\S-1-5-21-40517483-3242870874-2281284425-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (YouTube) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google Search) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Google Sheets) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]
CHR Extension: (Gmail) - C:\Users\Mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-10] (McAfee, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-02] (AVG Technologies)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2013-05-07] (Qualcomm Atheros, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-12-09] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-01-07] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-07] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150107.001\IDSvia64.sys [637656 2015-01-07] (Symantec Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19952 2013-02-01] (Windows ® Win 7 DDK provider)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-05-07] (Qualcomm Atheros, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150108.001\ENG64.SYS [129752 2015-01-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150108.001\EX64.SYS [2137304 2015-01-07] (Symantec Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-10] ()
S3 cpuz134; \??\C:\Users\Mason\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 03:08 - 2015-01-10 03:08 - 02124288 _____ (Farbar) C:\Users\Mason\Downloads\FRST64.exe
2015-01-10 03:08 - 2015-01-10 03:08 - 02124288 _____ (Farbar) C:\Users\Mason\Desktop\FRST64.exe
2015-01-10 03:08 - 2015-01-10 03:08 - 00027351 _____ () C:\Users\Mason\Desktop\FRST.txt
2015-01-10 03:08 - 2015-01-10 03:08 - 00000000 ____D () C:\FRST
2015-01-09 19:49 - 2015-01-09 20:21 - 473884188 ____R () C:\Users\Mason\Downloads\Archer.2009.S06E01.720p.HDTV.x264-KILLERS.mkv
2015-01-09 19:48 - 2015-01-09 19:48 - 00018623 _____ () C:\Users\Mason\Downloads\FA98B7E411FF1D6AC420D4405AEBA00DD03ECB54.torrent
2015-01-09 04:19 - 2015-01-09 04:19 - 00002519 _____ () C:\Users\Mason\Desktop\Norton Internet Security.lnk
2015-01-08 20:23 - 2015-01-08 20:23 - 00000633 _____ () C:\Users\Mason\Desktop\JRT.txt
2015-01-08 17:32 - 2015-01-08 20:14 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2015-01-08 17:32 - 2015-01-08 17:32 - 06379208 _____ (MyTurboPC.com) C:\Users\Mason\Downloads\Myturbopc.exe
2015-01-08 17:32 - 2015-01-08 17:32 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\MyTurboPC.com
2015-01-08 06:30 - 2015-01-08 06:30 - 00000000 ____D () C:\NPE
2015-01-08 06:29 - 2015-01-08 06:34 - 00000000 ____D () C:\Users\Mason\AppData\Local\NPE
2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-01-08 05:11 - 2015-01-08 05:11 - 01707939 _____ (Thisisu) C:\Users\Mason\Desktop\JRT.exe
2015-01-08 05:11 - 2015-01-08 05:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-08 05:05 - 2015-01-08 20:17 - 00000000 ____D () C:\AdwCleaner
2015-01-08 05:05 - 2015-01-08 05:05 - 02173952 _____ () C:\Users\Mason\Downloads\adwcleaner_4.106.exe
2015-01-08 05:05 - 2015-01-08 05:05 - 00013358 _____ () C:\Users\Mason\Desktop\Adware Cleaner.lnk
2015-01-08 03:53 - 2015-01-08 05:54 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-01-08 03:53 - 2015-01-08 03:53 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-01-08 03:53 - 2015-01-08 03:53 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-01-08 03:53 - 2015-01-08 03:53 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-08 03:52 - 2015-01-08 05:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-01-08 03:52 - 2015-01-08 03:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2015-01-08 03:33 - 2015-01-08 03:39 - 223165336 ____N (Symantec Corporation) C:\Users\Mason\Downloads\NIS_21.1.0.18_SYMTB_PROMO_4_MRFTT_829_10144-AU1.exe
2015-01-08 03:29 - 2015-01-08 03:30 - 00896048 _____ () C:\Users\Mason\Downloads\Norton_Removal_Tool.exe
2015-01-08 03:28 - 2015-01-08 03:31 - 39553083 _____ (Symantec Corporation) C:\Users\Mason\Downloads\Unconfirmed 821618.crdownload
2015-01-08 03:18 - 2015-01-08 03:18 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-08 03:18 - 2015-01-08 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-08 03:17 - 2015-01-08 06:14 - 00000000 ____D () C:\Users\Mason\AppData\Local\Apps\2.0
2015-01-08 03:17 - 2015-01-08 03:17 - 00000000 ____D () C:\Users\Mason\AppData\Local\Deployment
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\NekoWorks
2015-01-07 16:29 - 2015-01-07 16:47 - 327869784 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E12.HDTV.x264-ASAP.mp4
2015-01-07 16:29 - 2015-01-07 16:29 - 00013046 _____ () C:\Users\Mason\Downloads\Sleepy Hollow S02E12 HDTV x264-ASAP [eztv]-[rarbg.com].torrent
2015-01-07 16:29 - 2015-01-07 16:29 - 00011789 _____ () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E11.HDTV.x264-KILLERS.[eztv].torrent
2015-01-07 15:53 - 2015-01-07 15:53 - 00000004 _____ () C:\Users\Mason\AppData\Roaming\appdataFr2.bin
2015-01-07 04:33 - 2015-01-07 04:52 - 304304356 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E07.HDTV.x264.REPACK-LOL.mp4
2015-01-06 21:59 - 2015-01-06 22:56 - 1019248616 ____R () C:\Users\Mason\Downloads\Scorpion.S01E13.720p.HDTV.X264-DIMENSION.mkv
2015-01-06 05:21 - 2015-01-06 05:40 - 296325334 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E11.HDTV.x264-KILLERS.mp4
2015-01-06 05:02 - 2015-01-06 05:20 - 256731119 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E10.HDTV.x264-2HD.mp4
2015-01-06 04:55 - 2015-01-08 03:00 - 00000000 ____D () C:\ProgramData\null
2015-01-06 04:45 - 2015-01-06 05:02 - 315264368 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E09.HDTV.x264-KILLERS.mp4
2015-01-06 04:26 - 2015-01-06 04:44 - 313250373 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E08.HDTV.x264-KILLERS.mp4
2015-01-06 04:07 - 2015-01-06 04:25 - 299586056 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E07.HDTV.x264-LOL.mp4
2015-01-06 03:53 - 2015-01-06 04:06 - 279259779 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E06.HDTV.x264-LOL.mp4
2015-01-06 03:40 - 2015-01-06 03:53 - 333472049 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E05.HDTV.x264-KILLERS.mp4
2015-01-06 03:23 - 2015-01-06 03:40 - 365110639 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E04.HDTV.x264-2HD.mp4
2015-01-06 03:12 - 2015-01-06 03:22 - 283850466 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E03.HDTV.x264-2HD.mp4
2015-01-06 03:03 - 2015-01-06 03:12 - 274055384 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E02.HDTV.x264-LOL.mp4
2015-01-06 02:49 - 2015-01-06 03:02 - 354188401 ____R () C:\Users\Mason\Downloads\Sleepy.Hollow.S02E01.HDTV.x264-KILLERS.mp4
2014-12-30 19:30 - 2014-12-30 19:30 - 00276872 _____ () C:\Windows\Minidump\123014-13119-01.dmp
2014-12-30 13:21 - 2014-12-30 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Factorio
2014-12-30 13:20 - 2015-01-08 03:00 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\Factorio
2014-12-30 13:16 - 2014-12-30 13:19 - 133101165 _____ ( ) C:\Users\Mason\Downloads\Setup_Factorio_x64_0.10.12.exe
2014-12-30 13:10 - 2014-12-30 13:10 - 00000000 ____D () C:\ProgramData\ATI
2014-12-30 13:00 - 2014-12-30 13:09 - 302470552 _____ (AMD Inc.) C:\Users\Mason\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit(1).exe
2014-12-30 12:10 - 2014-12-30 12:10 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412301210110203.log
2014-12-30 12:10 - 2014-12-30 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-30 12:10 - 2014-12-30 12:10 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-30 12:10 - 2014-12-30 12:10 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-30 11:15 - 2014-12-30 11:27 - 302470552 _____ (AMD Inc.) C:\Users\Mason\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2014-12-30 11:14 - 2014-12-30 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-28 18:59 - 2014-12-28 19:34 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\ArcaneWorlds
2014-12-28 09:38 - 2014-12-28 09:38 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 14:03 - 2014-12-26 14:51 - 00000000 ____D () C:\Users\Mason\Documents\Endless Legend
2014-12-22 11:46 - 2015-01-08 06:14 - 00000000 ____D () C:\ProgramData\takesave
2014-12-22 11:46 - 2014-12-22 11:46 - 00000000 ____D () C:\ProgramData\mnhdjnchhdpbbbnogcgedgdoebodccjh
2014-12-21 05:29 - 2014-12-21 06:08 - 00000000 ____D () C:\Users\Mason\Downloads\assets
2014-12-21 05:29 - 2014-12-21 05:29 - 00000000 ____D () C:\Users\Mason\Downloads\versions
2014-12-21 05:28 - 2014-12-21 05:29 - 00000000 ____D () C:\Users\Mason\Downloads\libraries
2014-12-21 05:25 - 2014-12-21 06:08 - 00000000 ____D () C:\Users\Mason\Downloads\AgrarianSkiesHQ
2014-12-21 05:22 - 2014-12-21 05:25 - 00000000 ____D () C:\Users\Mason\AppData\Local\ftblauncher
2014-12-21 05:22 - 2014-12-21 05:22 - 06619054 _____ () C:\Users\Mason\Downloads\FTB_Launcher.exe
2014-12-21 05:22 - 2014-12-21 05:22 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\ftblauncher
2014-12-19 13:52 - 2014-12-19 13:52 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\TownOfSalem
2014-12-19 09:19 - 2015-01-08 03:27 - 00000000 ____D () C:\ProgramData\takeshop
2014-12-19 09:19 - 2014-12-19 09:19 - 00000000 ____D () C:\ProgramData\cimcolldicbaonkidachomihkbdmlnfb
2014-12-19 00:47 - 2014-12-13 16:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 00:47 - 2014-12-13 14:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 10:38 - 2014-12-18 10:38 - 00000000 _____ () C:\Users\Mason\Desktop\New Text Document.txt
2014-12-17 06:50 - 2014-12-17 08:00 - 00000000 ____D () C:\Users\Mason\Downloads\The Big Bang Theory - The Complete Season 7 [HDTV]
2014-12-16 23:47 - 2014-12-16 23:53 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\com.kintogames.bitDungeonII
2014-12-16 05:55 - 2014-12-16 05:57 - 61558365 _____ () C:\Users\Mason\Desktop\Steven Spielberg vs Alfred Hitchcock. Epic Rap Battles of History Season 4..mp4
2014-12-15 23:51 - 2014-12-15 23:52 - 46275417 _____ () C:\Users\Mason\Desktop\Oprah vs Ellen. Epic Rap Battles of History Season 4..mp4
2014-12-13 20:30 - 2014-12-13 21:12 - 286336924 ____R () C:\Users\Mason\Downloads\Grimm.S04E08.HDTV.x264-LOL.mp4
2014-12-11 17:54 - 2014-12-19 08:56 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\Dungeonmans
2014-12-11 07:19 - 2014-12-11 07:19 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:00 - 2014-10-18 13:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:00 - 2014-10-18 12:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 01:38 - 2014-12-11 01:38 - 01578300 _____ () C:\Users\Mason\Downloads\ATLauncher.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 03:08 - 2009-07-14 16:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 03:07 - 2014-04-26 01:50 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\BitTorrent
2015-01-10 03:06 - 2014-08-20 05:23 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\Raptr
2015-01-10 03:06 - 2014-05-06 20:27 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\Skype
2015-01-10 03:05 - 2014-08-20 11:49 - 00000000 ____D () C:\Users\Mason\AppData\Local\Adobe
2015-01-10 03:05 - 2014-04-22 18:49 - 01866659 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 03:02 - 2014-11-13 02:48 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-01-10 03:02 - 2014-09-01 17:50 - 00000000 ____D () C:\Users\Mason\AppData\Local\LogMeIn Hamachi
2015-01-10 03:02 - 2014-04-22 19:16 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-01-10 03:02 - 2014-04-22 19:04 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 03:02 - 2014-04-22 18:56 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-01-10 03:02 - 2010-11-21 14:47 - 00454212 _____ () C:\Windows\PFRO.log
2015-01-10 03:02 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 03:02 - 2009-07-14 15:51 - 00086765 _____ () C:\Windows\setupact.log
2015-01-09 22:11 - 2014-04-22 19:27 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-09 22:09 - 2014-10-11 14:36 - 00000000 ____D () C:\Users\Mason\AppData\Local\Akamai
2015-01-09 21:38 - 2014-04-24 22:58 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\vlc
2015-01-09 21:26 - 2014-04-22 21:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 21:22 - 2014-04-22 19:04 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 10:55 - 2014-11-18 03:49 - 00000000 ____D () C:\Program Files (x86)\puush
2015-01-09 10:55 - 2014-08-20 05:23 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-09 04:25 - 2009-07-14 15:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 04:25 - 2009-07-14 15:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 06:34 - 2014-08-03 18:31 - 00000000 ____D () C:\Program Files (x86)\ernestoRPG
2015-01-08 06:30 - 2014-06-27 02:31 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-08 06:29 - 2014-04-22 19:07 - 00000000 ____D () C:\ProgramData\Norton
2015-01-08 06:14 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-08 05:54 - 2014-04-22 19:08 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-01-08 05:54 - 2014-04-22 19:08 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-01-08 03:18 - 2014-04-22 19:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-08 03:17 - 2014-04-22 19:04 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-08 03:17 - 2014-04-22 19:04 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-08 03:09 - 2014-04-23 11:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-08 03:01 - 2014-04-22 18:50 - 00000000 ____D () C:\Users\Mason
2015-01-08 03:00 - 2014-12-09 15:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-08 03:00 - 2014-11-18 03:49 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\puush
2015-01-08 03:00 - 2014-08-20 11:48 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-08 03:00 - 2014-05-14 18:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-08 03:00 - 2014-04-22 19:07 - 00000000 ___HD () C:\SuperChargerProfile
2015-01-08 03:00 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\registration
2014-12-30 19:30 - 2014-05-11 17:28 - 980335109 _____ () C:\Windows\MEMORY.DMP
2014-12-30 19:30 - 2014-05-11 17:28 - 00000000 ____D () C:\Windows\Minidump
2014-12-30 17:42 - 2014-10-22 12:32 - 00000000 ____D () C:\Users\Mason\Desktop\New folder
2014-12-30 13:23 - 2014-05-07 11:44 - 00000000 ____D () C:\Users\Mason\AppData\Local\CrashDumps
2014-12-30 13:10 - 2014-04-24 20:18 - 00000000 ____D () C:\Program Files\AMD
2014-12-30 12:10 - 2014-04-22 19:26 - 00000000 ____D () C:\ProgramData\AMD
2014-12-30 12:09 - 2014-04-22 19:25 - 00000000 ____D () C:\AMD
2014-12-30 12:09 - 2014-04-22 19:23 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-12-30 12:09 - 2014-04-22 19:23 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-12-23 07:13 - 2014-10-30 16:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-23 07:13 - 2014-05-06 20:26 - 00000000 ____D () C:\ProgramData\Skype
2014-12-12 04:16 - 2014-04-22 21:17 - 00000000 ____D () C:\Users\Mason\Documents\my games
2014-12-11 15:51 - 2014-12-05 14:06 - 00000000 ____D () C:\Users\Mason\Downloads\The Big Bang Theory
2014-12-11 07:45 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 07:19 - 2014-04-23 22:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 07:19 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 07:19 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:02 - 2014-06-08 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 01:40 - 2014-09-01 17:27 - 00000083 _____ () C:\Users\Mason\.atl.properties

Some content of TEMP:
====================
C:\Users\Mason\AppData\Local\Temp\1_Offer_4.exe
C:\Users\Mason\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Mason\AppData\Local\Temp\AAMHelper.exe
C:\Users\Mason\AppData\Local\Temp\AcDeltree.exe
C:\Users\Mason\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Mason\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Mason\AppData\Local\Temp\devcon64.exe
C:\Users\Mason\AppData\Local\Temp\f.exe
C:\Users\Mason\AppData\Local\Temp\FastDownload.exe
C:\Users\Mason\AppData\Local\Temp\ffmpeg16.exe
C:\Users\Mason\AppData\Local\Temp\flacdec2.exe
C:\Users\Mason\AppData\Local\Temp\gamecapturehook.exe
C:\Users\Mason\AppData\Local\Temp\ICReinstall_vlc-setup.exe
C:\Users\Mason\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Mason\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mason\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Mason\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Mason\AppData\Local\Temp\oi_{32689188-F930-4299-BD92-D533B45CC49D}.exe
C:\Users\Mason\AppData\Local\Temp\OpenComputersMod-1.3.3.547-native.64.dll
C:\Users\Mason\AppData\Local\Temp\ose00000.exe
C:\Users\Mason\AppData\Local\Temp\pixsetup.exe
C:\Users\Mason\AppData\Local\Temp\PreExe_ID_13667.exe
C:\Users\Mason\AppData\Local\Temp\raptrpatch.exe
C:\Users\Mason\AppData\Local\Temp\raptr_stub.exe
C:\Users\Mason\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Mason\AppData\Local\Temp\safeguard.exe
C:\Users\Mason\AppData\Local\Temp\SCC.dll
C:\Users\Mason\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Mason\AppData\Local\Temp\SymCCIS.dll
C:\Users\Mason\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Mason\AppData\Local\Temp\~fvdsuite-3.0.4-hotfix.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 21:18

==================== End Of Log ============================

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if the redirects cease after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:


CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ccopunok -> {4b8e006c-d705-4c34-82c0-7dab8b0f5a05} -> C:\ProgramData\ccopunok\R4ddgJpY5vr4k0.x64.dll No File
FF Extension: coinsave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-19]
FF Extension: takesave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-22]
FF Extension: shoppi - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-19]
FF Extension: coinsave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
2015-01-08 17:32 - 2015-01-08 20:14 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2015-01-08 17:32 - 2015-01-08 17:32 - 06379208 _____ (MyTurboPC.com) C:\Users\Mason\Downloads\Myturbopc.exe
2015-01-08 17:32 - 2015-01-08 17:32 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\MyTurboPC.com
2014-12-22 11:46 - 2015-01-08 06:14 - 00000000 ____D () C:\ProgramData\takesave
2014-12-22 11:46 - 2014-12-22 11:46 - 00000000 ____D () C:\ProgramData\mnhdjnchhdpbbbnogcgedgdoebodccjh
2014-12-19 09:19 - 2015-01-08 03:27 - 00000000 ____D () C:\ProgramData\takeshop
2014-12-19 09:19 - 2014-12-19 09:19 - 00000000 ____D () C:\ProgramData\cimcolldicbaonkidachomihkbdmlnfb
Task: {A0D25177-3BD6-4D04-B179-CDF678B6AE5E} - System32\Tasks\{B722A061-1BCE-435C-9EE1-85063100061B} => pcalua.exe -a C:\Users\Mason\Downloads\jxpiinstall.exe -d C:\Users\Mason\Downloads
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#5
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Redirects still happening. You can see with the attached picture that it says it blocks it each time, but it doesn't, it just redirects to a blank page instead, that's not anything new, it's been doing that since before your suggestion.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Mason at 2015-01-10 05:12:14 Run:1
Running from C:\Users\Mason\Desktop\FRST
Loaded Profile: Mason (Available profiles: Mason)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ccopunok -> {4b8e006c-d705-4c34-82c0-7dab8b0f5a05} -> C:\ProgramData\ccopunok\R4ddgJpY5vr4k0.x64.dll No File
FF Extension: coinsave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-19]
FF Extension: takesave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-22]
FF Extension: shoppi - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-19]
FF Extension: coinsave - C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] [2014-12-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
2015-01-08 17:32 - 2015-01-08 20:14 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2015-01-08 17:32 - 2015-01-08 17:32 - 06379208 _____ (MyTurboPC.com) C:\Users\Mason\Downloads\Myturbopc.exe
2015-01-08 17:32 - 2015-01-08 17:32 - 00000000 ____D () C:\Users\Mason\AppData\Roaming\MyTurboPC.com
2014-12-22 11:46 - 2015-01-08 06:14 - 00000000 ____D () C:\ProgramData\takesave
2014-12-22 11:46 - 2014-12-22 11:46 - 00000000 ____D () C:\ProgramData\mnhdjnchhdpbbbnogcgedgdoebodccjh
2014-12-19 09:19 - 2015-01-08 03:27 - 00000000 ____D () C:\ProgramData\takeshop
2014-12-19 09:19 - 2014-12-19 09:19 - 00000000 ____D () C:\ProgramData\cimcolldicbaonkidachomihkbdmlnfb
Task: {A0D25177-3BD6-4D04-B179-CDF678B6AE5E} - System32\Tasks\{B722A061-1BCE-435C-9EE1-85063100061B} => pcalua.exe -a C:\Users\Mason\Downloads\jxpiinstall.exe -d C:\Users\Mason\Downloads
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b8e006c-d705-4c34-82c0-7dab8b0f5a05}" => Key deleted successfully.
"HKCR\CLSID\{4b8e006c-d705-4c34-82c0-7dab8b0f5a05}" => Key deleted successfully.
C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] => Moved successfully.
C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] => Moved successfully.
C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] => Moved successfully.
C:\Users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\Extensions\[email protected] => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\ProgramData\MyTurboPC.com => Moved successfully.
C:\Users\Mason\Downloads\Myturbopc.exe => Moved successfully.
C:\Users\Mason\AppData\Roaming\MyTurboPC.com => Moved successfully.
C:\ProgramData\takesave => Moved successfully.
C:\ProgramData\mnhdjnchhdpbbbnogcgedgdoebodccjh => Moved successfully.
C:\ProgramData\takeshop => Moved successfully.
C:\ProgramData\cimcolldicbaonkidachomihkbdmlnfb => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0D25177-3BD6-4D04-B179-CDF678B6AE5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0D25177-3BD6-4D04-B179-CDF678B6AE5E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B722A061-1BCE-435C-9EE1-85063100061B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B722A061-1BCE-435C-9EE1-85063100061B}" => Key deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{46DC63E2-0419-402A-9CC8-B92E48B2BF36} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 31.2 GB temporary data.

Attached Thumbnails

  • history.PNG

Edited by Azreide, 09 January 2015 - 12:23 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would like to take a look at the drivers now ... According to Norton that is incoming instead of outgoing, is that correct ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#7
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Still happening, still redirecting. My system itself is running fine other than this severe annoyance. Okay, I'm reading a manga page by page due to not having a store near my house, and it's driving me up the wall having it so often redirect me, because I need to click to go to the next page each time, for each page, okay, personal rant over ;n;

Attached Files

  • Attached File  log.txt   44.09KB   94 downloads

Edited by Azreide, 09 January 2015 - 01:30 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK back to FRST for this fix... Once run could you try the browser again please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
c:\users\Administrator\AppData\Local\Comodo
c:\users\Guest\AppData\Local\Comodo
c:\users\Mason\AppData\Local\Comodo
c:\programdata\takeshop
c:\programdata\ccopunok
c:\programdata\7save
c:\programdata\takesave
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#9
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

So far at least, it seems to of worked. Here's the log for ya. Might need to update the definition on this thing if possible. Thank you for your help :)

 

EDIT: Didn't work, but it seems to of delayed it before it started up again....and now that it's started again, it's happening frequently once more.

Attached Files


Edited by Azreide, 10 January 2015 - 01:15 AM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Which browser does this occur in or is it all ?

Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon avz.JPG
When the tool opens select "File" > "Standards scripts"
avz1.jpg

Place a tick in :

3. Advanced System Analysis with malware removal mode enabled
5. Update signature database


Then press "Execute selected scripts"
avz2.JPG

There will be several warnings, OK them all and the system will reboot on completion of the analysis

After the reboot look in the folder AVZ4 on your desktop
Open the LOG folder
Attach KL_syscure.zip to your next post
vz3.JPG
  • 0

Advertisements


#11
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

It happens in all browsers, also, it didn't reboot after completion if that matters.

Attached Files


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing apparent in that one. Do any other computers that use the router experience the same problem

Could you run a fresh FRST scan for me please
  • 0

#13
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

No other computers on the router are having the problem, and here's the fresh scan.

Attached Files


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will now flush and reset the system DNS
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-40517483-3242870874-2281284425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
015-01-10 07:16 - 2015-01-10 07:16 - 00003106 _____ () C:\Windows\System32\Tasks\{C8F582DE-70F6-4F24-A5B8-186E88515E4A}
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#15
Azreide

Azreide

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Here

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP