Jump to content

Search the Community

Showing results for tags 'bikiniland'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 7 results

  1. To anyone who can assist! I have come across an issue with my internet being increasingly slow. Upon further investigation, and using Malwarebytes excellent detection software, i have found that malware (pup bikiniland, pup ask) being continually being reinstalled and present every time i reopen chrome. I have tried resetting the "account sync" for Chrome per the instructions of the post that solution regards, to no avail. Attached are multiple scans done that were outlined in the post created indicating how to inquire for assistance. "scan.txt" indicates a scan done without the rootkit scan function enabled, and "root.txt" indicates a scan done with the rootkit scan function enabled. Blessings! Ryan S. FRST.txt scan.txt root.txt Addition.txt
  2. okay so i have seen that other people also have had this issue. so i have windows 8, just got the computer in november. Bikiniland is stuck on my home page of chrome and i can't get rid of it. everything is uninstalled that i didnt need and I tried to uninstall google chrome but it wont let me. if someone could please help me this thing is starting to take over my computer!!! thanks in advance!
  3. I naively downloaded FileZilla from SourceForge (it used to be ok when I used SourceForge for Pidgin client). After starting that up, I was accosted by BikiniLand and Optimizer Pro 3.38. I downloaded MalWareBytes Trail version which apparently got rid of all traces of BikiniLand, but I appear to be stuck with Optimizer Pro 3.38, which I cannot get rid of. Actually, I've deleted all the files in the C:\Program Files (x86)\Optimizer Pro 3.38 directory except OptProMon.dll. Attempting to delete those give me the error "The action can't be completed because the file is open in Optimizer Pro Crash Monitor" -- something I cannot find. Following your instructions, here are the files from FRST: FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015 Ran by rbrinega (administrator) on RBRINEGA-LAP on 23-02-2015 18:21:53 Running from C:\Users\rbrinega.ORADEV\Documents\frst Loaded Profiles: rbrinega (Available profiles: rbrinega & support & rbrinega & rbrinega) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe ( ) C:\Windows\System32\lxbmcoms.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (Oracle Corporation) C:\ProgramData\Oracle\MyDesktop\mydesktopservice.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Oracle) C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe () C:\Program Files (x86)\Tether\TBService.exe (GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Google Inc.) C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe (RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe (Cisco Systems) C:\Program Files (x86)\Cisco Systems\Click to Call\main\exe\clicktocall.exe (Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Oracle) C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\smarttag\communicator\communicator.exe (Oracle) C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-02-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-02-21] (IDT, Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [lxbmmon.exe] => C:\Program Files (x86)\Lexmark 4200 Series\lxbmmon.exe [230056 2009-04-27] (Lexmark International, Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [180224 2011-04-15] (RealNetworks, Inc.) HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.) HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-23] (Google) HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Cisco ClickToCall] => C:\Program Files (x86)\Cisco Systems\Click to Call\main\exe\clicktocall.exe [882016 2011-02-25] (Cisco Systems) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337768 2014-02-20] (McAfee, Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [Google Update] => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-16] (Google Inc.) HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [GoogleChromeAutoLaunch_EC56814605A5402EDF141134199A8E84] => "C:\Users\rbrinega.ORADEV\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\RunOnce: [Adobe Speed Launcher] => 1424712509 HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {44cd653c-696c-11e2-9796-5c260a69d9d3} - E:\TL-Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {5d77d173-19a1-11e1-b7f6-5c260a69d9d3} - E:\TL_Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {6e4c2f65-8cf7-11e3-9925-5c260a69d9d3} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {713836bd-0fa4-11e1-b8bb-5c260a69d9d3} - E:\TL_Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {9074e1a7-e7e8-11e2-97f0-5c260a69d9d3} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {a6831b47-4f06-11e2-a543-5c260a69d9d3} - E:\TL_Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {b3b64599-86bd-11e2-962b-5c260a69d9d3} - E:\TL-Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {c053c27c-cf9c-11e1-b9cb-5c260a69d9d3} - E:\MotoCastSetup.exe -a HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {c1ce400c-4c33-11e1-b75c-5c260a69d9d3} - F:\LaunchU3.exe -a HKU\S-1-5-18\...\RunOnce: [ClickToCallConfig] => C:\ProgramData\Oracle\BaseImage\config\config_cisco_clicktocall.exe [169453 2011-06-13] () HKU\S-1-5-18\...\RunOnce: [iPCConfig] => C:\ProgramData\Oracle\BaseImage\config\cisco_ipcommunicator-cfg.exe [215519 2011-03-07] () AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-09-23] (Google) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileCopier.lnk ShortcutTarget: ProfileCopier.lnk -> C:\Program Files\Profile Copier\ProfileCopier.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta () Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe () Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri () Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe () Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri () Startup: C:\Users\rbrinega.ST-USERS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe () Startup: C:\Users\rbrinega.ST-USERS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri () Startup: C:\Users\support\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-3138815620-4253048750-3916773603-50764] => http://wpad/wpad.dat HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLG_en URLSearchHook: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKLM -> DefaultScope {59C2215F-74F9-4B21-A776-F27FE99CF887} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM -> {59C2215F-74F9-4B21-A776-F27FE99CF887} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKLM -> {C37BBE81-5CF4-4826-812D-52BC377FBE2C} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> DefaultScope {407D9884-164B-486A-B6EF-E3299576834E} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir= SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131014&p={searchTerms} SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {407D9884-164B-486A-B6EF-E3299576834E} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir= SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=XFhmI9B67eZ63y2PqBfPungU6M4?q={searchTerms} SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {D55F3D85-A6E0-484D-8A9E-964DE5A2E395} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLD_en BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140713135551.dll (McAfee, Inc.) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140713135553.dll (McAfee, Inc.) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: HKLM-x32 {00191E4B-49C2-48E2-A548-8F702D75622A} https://strtc.oracle.com/imtapp/res/jar/cnsload.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {EB01EBAB-25F9-4C5B-A704-BB532C6B0A24} http://emgc.us.oracle.com/em/console/monitoring/website/txn/lib/OraDHTMLRec.CAB Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{DD0F31FA-BE92-4AE2-B2E5-75B6A8A08E09}: [NameServer] 198.17.210.130,144.24.23.18 Tcpip\..\Interfaces\{F6758CBC-D36D-4030-A4B1-0C70087D054B}: [NameServer] 208.67.222.222,208.67.220.220 FireFox: ======== FF ProfilePath: C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF NetworkProxy: "autoconfig_url", "http://wpad/wpad.dat" FF NetworkProxy: "backup.ftp", "www-proxy.us.oracle.com" FF NetworkProxy: "backup.ftp_port", 80 FF NetworkProxy: "backup.gopher", "adc-proxy.oracle.com" FF NetworkProxy: "backup.gopher_port", 80 FF NetworkProxy: "backup.socks", "www-proxy.us.oracle.com" FF NetworkProxy: "backup.socks_port", 80 FF NetworkProxy: "backup.ssl", "www-proxy.us.oracle.com" FF NetworkProxy: "backup.ssl_port", 80 FF NetworkProxy: "ftp", "www-proxy.us.oracle.com" FF NetworkProxy: "ftp_port", 80 FF NetworkProxy: "gopher", "www-proxy.us.oracle.com" FF NetworkProxy: "gopher_port", 80 FF NetworkProxy: "http", "www-proxy.us.oracle.com" FF NetworkProxy: "http_port", 80 FF NetworkProxy: "no_proxies_on", ".oracle.com, .us.oracle.com, .oraclecorp.com, .oracleads.com, .oracleportal.com, 140.87.245.22, 140.87.245.21, 127.0.0.1, crmondemand.com,192.168.0.1" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "www-proxy.us.oracle.com" FF NetworkProxy: "socks_port", 80 FF NetworkProxy: "ssl", "www-proxy.us.oracle.com" FF NetworkProxy: "ssl_port", 80 FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.11.3012 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=1.0.2.3070 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1830 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @tools.google.com/Google Update;version=3 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @tools.google.com/Google Update;version=9 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @zoom.us/ZoomVideoPlugin -> C:\Users\rbrinega.ORADEV\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\rbrinega.ORADEV\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF SearchPlugin: C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\searchplugins\oracle-bug-number.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: Flashblock - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-11] FF Extension: Firebug - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\firebug@software.joehewitt.com.xpi [2014-11-07] FF Extension: Better Bug - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\{7cad0727-da80-44e6-ab41-2fe3875883fe}.xpi [2014-11-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-14] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-14] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} [2015-01-14] FF HKLM-x32\...\Firefox\Extensions: [{be327679-1381-4aaa-93b3-4495c36762c5}] - C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\firefox FF Extension: Cisco Click to Call - C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\firefox [2011-12-30] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-05-11] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-10-08] Chrome: ======= CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir= CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir=" CHR DefaultSearchKeyword: Default -> binkiland.com CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-11-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07] CHR Extension: (Google Cast) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-31] CHR Extension: (Google Calendar) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-11-07] CHR Extension: (SiteAdvisor) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-07] CHR Extension: (Search Center) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf [2014-11-07] CHR Extension: (Google Wallet) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-19] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 0084541424741323mcinstcleanup; C:\windows\TEMP\008454~1.EXE [827456 2012-01-09] (McAfee, Inc.) R2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1652280 2015-02-20] () R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed] R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.) S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-23] (Google) R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.) R2 lxbm_device; C:\windows\system32\lxbmcoms.exe [566192 2007-01-30] ( ) R2 lxbm_device; C:\windows\SysWOW64\lxbmcoms.exe [537520 2007-01-30] ( ) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [226624 2010-03-25] (McAfee, Inc.) R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-02-12] (McAfee, Inc.) R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127848 2014-02-20] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-07-13] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208416 2014-01-15] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-07-13] (McAfee, Inc.) R2 MyDesktopWindows; C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [5778304 2014-08-08] (Oracle Corporation) R2 QOSMyDesktop; C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [470016 2009-10-13] (Oracle) [File not signed] R2 Tether; C:\Program Files (x86)\Tether\TBService.exe [50416 2011-09-29] () [File not signed] R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.) R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.) R3 firelm01; C:\windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.) R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.) R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.) R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.) R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.) R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-07-13] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-07-13] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-07-13] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-07-13] (McAfee, Inc.) S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2010-10-22] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-07-13] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd) R3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 18:19 - 2015-02-23 18:21 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\frst 2015-02-23 16:58 - 2015-02-08 13:23 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2015-02-23 16:57 - 2015-02-23 16:57 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2015-02-23 16:57 - 2015-02-23 16:57 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-23 16:52 - 2015-02-23 16:55 - 85906432 _____ () C:\Users\rbrinega.ORADEV\Downloads\oracle-jre-7.0.75-win.exe 2015-02-23 09:27 - 2015-02-23 09:27 - 00134169 _____ () C:\windows\SysWOW64\api_hook_list.dat 2015-02-23 09:27 - 2015-02-23 09:27 - 00002033 _____ () C:\windows\system32\api_hook_list.dat 2015-02-23 09:19 - 2015-02-23 09:19 - 06111012 _____ () C:\Program Files (x86)\delme.zip 2015-02-21 01:48 - 2015-02-21 01:48 - 04437680 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2015-02-20 17:06 - 2015-02-23 11:49 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-20 17:05 - 2015-02-20 17:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\rbrinega.ORADEV\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-02-20 17:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-02-20 17:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-02-20 17:05 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-02-20 16:58 - 2015-02-23 18:22 - 00000000 ____D () C:\FRST 2015-02-20 16:12 - 2015-02-20 16:12 - 00000046 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\WB.CFG 2015-02-20 15:17 - 2015-02-23 18:20 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\Optimizer Pro 2015-02-20 15:17 - 2015-02-20 15:17 - 00003262 _____ () C:\windows\System32\Tasks\Optimizer Pro Schedule 2015-02-20 15:17 - 2015-02-20 15:17 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Optimizer Pro 2015-02-20 15:13 - 2015-02-20 17:55 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2015-02-20 15:13 - 2015-02-20 15:25 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\FileZilla 2015-02-20 15:13 - 2015-02-20 15:13 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPAM- BLand 2015-02-20 15:13 - 2015-02-20 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2015-02-20 15:11 - 2015-02-23 09:24 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.38 2015-02-20 15:11 - 2015-02-20 18:02 - 00000000 ____D () C:\ProgramData\{a6b76fff-fcd7-2fea-a6b7-76ffffcdbfff} 2015-02-20 15:11 - 2015-02-20 15:11 - 00001109 _____ () C:\Users\rbrinega.ORADEV\Desktop\Optimizer Pro.lnk 2015-02-20 15:11 - 2015-02-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 2015-02-20 15:08 - 2015-02-20 15:08 - 00749000 _____ (Installer Web ) C:\Users\rbrinega.ORADEV\Documents\FileZilla_3.10.1.1_win32-setup.exe 2015-02-20 12:23 - 2015-01-22 20:07 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-02-20 12:23 - 2015-01-22 19:59 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-02-20 12:23 - 2015-01-22 19:00 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-02-20 12:23 - 2015-01-22 18:51 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-02-19 12:34 - 2010-01-26 07:56 - 00040328 _____ (McAfee, Inc.) C:\windows\SysWOW64\HIPIS0e011b5.dll 2015-02-19 12:34 - 2010-01-26 07:44 - 00047080 _____ (McAfee, Inc.) C:\windows\system32\HIPIS0e011b5.dll 2015-02-17 16:57 - 2015-02-17 16:57 - 00013502 _____ () C:\Users\rbrinega.ORADEV\Downloads\Fwd Final Notice Cleanup of BugDB Generic Accounts owned by Email - NARASIMHA.GOGINENI@oracle.com.eml 2015-02-13 14:22 - 2015-02-13 14:21 - 00207578 _____ () C:\Users\rbrinega.ORADEV\Documents\PDIT-DS Instance access.csv 2015-02-13 14:20 - 2015-02-13 14:20 - 00022065 _____ () C:\Users\rbrinega.ORADEV\Documents\PDIT-DS Admin Access.csv 2015-02-12 22:46 - 2015-01-12 19:10 - 01190912 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2015-02-12 22:46 - 2015-01-12 18:49 - 01011200 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2015-02-12 22:46 - 2015-01-06 19:15 - 00104896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys 2015-02-12 22:46 - 2015-01-06 19:10 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll 2015-02-12 22:46 - 2015-01-06 18:44 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll 2015-02-12 22:46 - 2015-01-06 17:49 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys 2015-02-12 22:46 - 2015-01-06 17:49 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2015-02-12 22:46 - 2015-01-06 17:48 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2015-02-12 22:46 - 2015-01-06 17:48 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2015-02-12 22:46 - 2015-01-06 17:48 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys 2015-02-12 22:45 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-02-12 22:45 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-02-12 22:45 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-02-12 22:45 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-02-12 22:45 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-02-12 22:45 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-02-12 22:45 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-02-12 22:45 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-02-12 22:45 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-02-12 22:45 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-02-12 22:45 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-02-12 22:45 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2015-02-12 22:45 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2015-02-12 22:45 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2015-02-12 22:45 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-02-12 22:45 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2015-02-12 22:45 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-02-12 22:45 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-02-12 22:45 - 2015-01-13 19:08 - 17878016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-02-12 22:45 - 2015-01-13 18:49 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-02-12 22:45 - 2015-01-13 18:47 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-02-12 22:45 - 2015-01-13 18:47 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-02-12 22:45 - 2015-01-13 18:45 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-02-12 22:45 - 2015-01-13 18:45 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-02-12 22:45 - 2015-01-13 18:44 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-02-12 22:45 - 2015-01-13 18:44 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-02-12 22:45 - 2015-01-13 18:44 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-02-12 22:45 - 2015-01-13 17:51 - 12371456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-02-12 22:45 - 2015-01-13 17:42 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-02-12 22:45 - 2015-01-13 17:41 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-02-12 22:45 - 2015-01-13 17:40 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-02-12 22:45 - 2015-01-13 17:40 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-02-12 22:45 - 2015-01-13 17:40 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-02-12 22:45 - 2015-01-13 17:40 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-02-12 22:45 - 2015-01-13 17:40 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-02-12 22:44 - 2015-01-13 18:59 - 10924032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-02-12 22:44 - 2015-01-13 18:59 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-02-12 22:44 - 2015-01-13 18:49 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-02-12 22:44 - 2015-01-13 18:47 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-02-12 22:44 - 2015-01-13 18:47 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2015-02-12 22:44 - 2015-01-13 18:46 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-02-12 22:44 - 2015-01-13 18:46 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-02-12 22:44 - 2015-01-13 18:45 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-02-12 22:44 - 2015-01-13 18:44 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2015-02-12 22:44 - 2015-01-13 18:44 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2015-02-12 22:44 - 2015-01-13 18:44 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2015-02-12 22:44 - 2015-01-13 17:49 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-02-12 22:44 - 2015-01-13 17:46 - 09742336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-02-12 22:44 - 2015-01-13 17:43 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-02-12 22:44 - 2015-01-13 17:42 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-02-12 22:44 - 2015-01-13 17:41 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-02-12 22:44 - 2015-01-13 17:41 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-02-12 22:44 - 2015-01-13 17:41 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2015-02-12 22:44 - 2015-01-13 17:41 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-02-12 22:44 - 2015-01-13 17:41 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-02-12 22:44 - 2015-01-13 17:40 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2015-02-12 22:44 - 2015-01-13 17:40 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2015-02-12 22:44 - 2015-01-13 17:40 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2015-02-12 22:43 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-02-12 22:43 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-02-12 22:43 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-02-12 22:43 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-02-12 22:43 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-02-12 22:43 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-02-12 22:43 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-02-12 22:43 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll 2015-02-12 22:43 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll 2015-02-12 22:42 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-02-12 15:09 - 2015-02-12 15:09 - 00001032 _____ () C:\Users\rbrinega.ORADEV\Documents\Expense Report W40734405 pre.log 2015-02-09 19:41 - 2015-02-09 19:41 - 00001030 _____ () C:\Users\rbrinega.ORADEV\Documents\View Role_ LIBERTE_OPER - Oracle Enterprise Manager.log 2015-02-08 13:21 - 2015-02-08 13:22 - 93427112 _____ (Oracle Corporation) C:\Users\rbrinega.ST-USERS\Downloads\jre-8u31-windows-x64.exe 2015-02-06 18:01 - 2015-02-06 18:01 - 00000218 _____ () C:\Users\rbrinega.ORADEV\.recently-used.xbel 2015-02-06 09:49 - 2013-06-04 17:00 - 00022909 _____ () C:\Users\rbrinega.ORADEV\Documents\grep-v2 2015-02-06 09:30 - 2015-02-06 09:30 - 00001787 _____ () C:\Users\rbrinega.ORADEV\Desktop\Zoom.lnk 2015-02-06 09:30 - 2015-02-06 09:30 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Zoom 2015-02-06 09:30 - 2015-02-06 09:30 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2015-02-06 09:29 - 2015-02-06 09:29 - 00133528 _____ (Zoom Video Communications, Inc.) C:\Users\rbrinega.ST-USERS\Downloads\Zoom_launcher.exe 2015-02-04 16:20 - 2015-02-04 16:20 - 01062496 _____ () C:\Users\rbrinega.ST-USERS\Downloads\108012__ryansnook__klaxon4.wav 2015-02-04 09:30 - 2014-03-17 11:48 - 01943329 _____ () C:\Users\rbrinega.ORADEV\Documents\EM12.1.0.4-MonitoringEnhancements4.pptx 2015-02-03 04:50 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2015-02-03 04:50 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2015-02-02 13:57 - 2015-02-02 13:57 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Deployment 2015-02-02 13:56 - 2015-02-02 13:56 - 00009004 _____ () C:\Users\rbrinega.ST-USERS\Downloads\RightNow.Installer.application 2015-01-29 18:35 - 2015-01-29 18:35 - 00001075 _____ () C:\Users\rbrinega.ORADEV\Documents\Provider Lookup Online.log 2015-01-26 15:31 - 2015-01-26 15:34 - 85912186 _____ () C:\Users\rbrinega.ST-USERS\Downloads\apex_4.2.6_en.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 18:17 - 2011-08-05 10:29 - 00001552 _____ () C:\windows\system32\config\netlogon.ftl 2015-02-23 18:12 - 2014-12-31 12:01 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-23 18:12 - 2014-11-07 15:56 - 00000600 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\PUTTY.RND 2015-02-23 18:12 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\.purple 2015-02-23 17:48 - 2014-03-17 17:33 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-23 17:28 - 2011-04-15 01:39 - 00000000 ____D () C:\Program Files (x86)\McAfee 2015-02-23 17:27 - 2014-11-14 13:47 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA.job 2015-02-23 17:01 - 2011-08-05 12:18 - 00000000 ____D () C:\Users\rbrinega 2015-02-23 17:01 - 2011-08-05 11:25 - 00000000 ____D () C:\Users\support 2015-02-23 16:58 - 2011-04-15 01:17 - 00000000 ____D () C:\Program Files\Java 2015-02-23 16:57 - 2014-07-22 20:39 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2015-02-23 16:57 - 2014-07-22 20:39 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2015-02-23 16:57 - 2011-04-15 01:17 - 00000000 ____D () C:\Program Files (x86)\Java 2015-02-23 15:47 - 2011-08-05 10:29 - 01088457 _____ () C:\windows\WindowsUpdate.log 2015-02-23 10:27 - 2014-10-16 13:09 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649.job 2015-02-23 10:07 - 2009-07-13 20:45 - 00029936 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-23 10:07 - 2009-07-13 20:45 - 00029936 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-23 09:28 - 2014-11-07 14:43 - 00000000 ____D () C:\Program Files\Profile Copier 2015-02-23 09:27 - 2014-12-31 12:01 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-23 09:27 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-23 09:27 - 2009-07-13 20:51 - 00086576 _____ () C:\windows\setupact.log 2015-02-23 09:26 - 2010-11-20 19:47 - 00497132 _____ () C:\windows\PFRO.log 2015-02-21 15:11 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\Offline Web Pages 2015-02-21 01:48 - 2014-03-17 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-02-21 01:48 - 2014-03-17 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-21 01:48 - 2014-03-17 17:33 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-02-20 16:36 - 2014-11-07 15:55 - 00000600 _____ () C:\Users\rbrinega.ORADEV\PUTTY.RND 2015-02-19 21:13 - 2014-12-31 12:03 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-19 17:52 - 2014-11-07 15:55 - 00002603 _____ () C:\Users\rbrinega.ORADEV\Desktop\Google Chrome.lnk 2015-02-19 14:21 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache 2015-02-19 12:34 - 2009-07-13 20:45 - 00400120 _____ () C:\windows\system32\FNTCACHE.DAT 2015-02-19 12:31 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2015-02-19 12:30 - 2013-08-07 13:52 - 00000000 ____D () C:\Users\rbrinega.ST-USERS\Documents\SQLDev Stuff 2015-02-16 16:07 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\SQL Developer 2015-02-15 07:50 - 2014-11-07 15:55 - 00002390 _____ () C:\Users\rbrinega.ORADEV\Desktop\Cisco Click to Call.lnk 2015-02-15 07:50 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Click to Call 2015-02-13 16:50 - 2014-11-07 16:18 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\SQLDev Stuff 2015-02-12 15:09 - 2014-11-07 15:56 - 00006809 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\PrimoPDFSet.xml 2015-02-08 13:26 - 2014-11-07 15:51 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Adobe 2015-02-08 13:23 - 2014-02-18 10:09 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2015-02-08 13:23 - 2013-02-07 14:41 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2015-02-08 13:23 - 2013-02-07 14:41 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe 2015-02-08 13:14 - 2009-07-13 21:13 - 00726444 _____ () C:\windows\system32\PerfStringBackup.INI 2015-02-06 18:01 - 2014-11-07 15:51 - 00000000 ____D () C:\Users\rbrinega.ORADEV 2015-02-05 14:46 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\gtk-2.0 2015-02-05 01:07 - 2014-12-31 12:01 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 01:07 - 2014-12-31 12:01 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-04 10:22 - 2014-11-14 13:47 - 00003914 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA 2015-02-04 10:22 - 2014-11-14 13:47 - 00003518 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649 2015-02-03 13:55 - 2013-05-13 11:26 - 00000135 _____ () C:\windows\SysWOW64\WebPageInfo.txt 2015-02-03 13:55 - 2011-05-05 10:44 - 00000151 _____ () C:\windows\RSMInst.log 2015-02-02 13:57 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Apps\2.0 2015-02-02 05:30 - 2011-04-15 01:45 - 00143552 _____ (McAfee, Inc.) C:\windows\SysWOW64\KevlarSigs.dll 2015-01-28 15:39 - 2013-03-06 09:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-28 14:00 - 2014-11-07 15:56 - 00003135 _____ () C:\Users\rbrinega.ORADEV\Downloads\untitled.txt ==================== Files in the root of some directories ======= 2015-02-23 09:19 - 2015-02-23 09:19 - 6111012 _____ () C:\Program Files (x86)\delme.zip 2014-11-07 15:56 - 2015-02-12 15:09 - 0006809 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\PrimoPDFSet.xml 2015-02-20 16:12 - 2015-02-20 16:12 - 0000046 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\WB.CFG 2014-11-07 15:56 - 2015-02-23 18:12 - 0000600 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\PUTTY.RND 2014-11-07 15:56 - 2012-07-02 08:41 - 0007627 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\Resmon.ResmonCfg 2012-04-21 21:44 - 2012-04-21 21:44 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-06-28 12:10 - 2013-06-28 12:10 - 0002082 _____ () C:\ProgramData\regid.2002-12.it.k-sol,projectreader_ADBA5736-2070-4B17-8489-5EE61980C4CE.swidtag 2011-09-23 14:44 - 2011-09-23 14:44 - 0001160 _____ () C:\ProgramData\tmp2B2D.log 2011-09-23 14:44 - 2011-09-23 14:44 - 0512078 _____ () C:\ProgramData\tmp2B2D.tmp 2011-09-23 14:39 - 2011-09-23 14:39 - 0001152 _____ () C:\ProgramData\tmp836A.log 2011-09-23 14:39 - 2011-09-23 14:39 - 0431498 _____ () C:\ProgramData\tmp836A.tmp Some content of TEMP: ==================== C:\Users\rbrinega\AppData\Local\Temp\CFGDOM.exe C:\Users\rbrinega\AppData\Local\Temp\rebootnt.exe C:\Users\rbrinega.ORADEV\AppData\Local\Temp\inetutil.dll C:\Users\rbrinega.ORADEV\AppData\Local\Temp\optprosetup.exe C:\Users\rbrinega.ORADEV\AppData\Local\Temp\q8hd4pgd.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\20130918095327393jniverify.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\CSDJavaInstaller.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\DocumentFormat.OpenXml.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\i4jdel0.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Core.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Security.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.SwingAWT.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Text.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Util.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.XML.API.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.XML.Bind.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.Runtime.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\InstallAX_11_7_700_202.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\InstallPlugin_11_7_700_202.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.EnterpriseLibrary.Common.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.EnterpriseLibrary.Logging.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.ServiceLocation.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.Unity.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.Unity.Interception.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\mpxj.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\poi-3.6-20091214.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\ProjectLibrary.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\ProjectViewer.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\pslist.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Ricciolo.Controls.TreeListView.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\System.Windows.Interactivity.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\unzip.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\WPFToolkit.Extended.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-23 00:23 ==================== End Of Log ============================
  4. hello somehow I installed bikiniland hijacker and now I can't seem to get it all off my system. seems like you have a fix that just takes a few custom reports. I'm taking the liberty of attaching the ones from farbar scan tool you linked in other posts. FRST.txt Addition.txt
  5. Hello I hope you can help. Yes, I am part of the growing list of people that are trying to remove Bikiniland malware and others, Can you help? Ive read a few posts and ran Farbar Recovery Scan Tool and have attached the files for your use. Thank you in advance. Paul Addition.txt FRST.txt
  6. I've seen several posts on here about how you were able to fix this. FRST.txt Addition.txt
  7. Hello Everyone, I have ended up with bikiniland malware on my system. I ran a system restore as I was unable to use windows properly and it sorted out some of the problems. However, the malware is still on the system. My chrome browser still opens onto the bikiniland webpage. I was directed here by someone who received help with the same issue here. I have followed the first few steps he was advised to take but am now at the point where he was asked to post results of scans. Any help would be really appreciated. This is my first time experiencing anything like this so I'm at a bit of a loss. I'm new to both forums and windows so I'm not overly sure what I'm doing. Thanks in advance, Conalmc ---------------------------------------------------- I have run both Malwarebytes and Roguekiller: find the reports attached. here is the tread that i started using as a guide: https://forums.malwarebytes.org/index.php?/topic/164839-trouble-with-binkiland-malware/ malwarebytes_log.txt RKreport_SCN_02152015_093236.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.