Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Problem & Chrome Browser Redirects and Malware Problems


  • This topic is locked This topic is locked
8 replies to this topic

#1 Ylon

Ylon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 21 July 2015 - 12:18 PM

Attached File  Addition FRST.txt   33.15KB   1 downloadsI'm new to the forum and I am having problems with two of my browsers, Firefox and Chrome. Firefox says can't load XPCOM whenever I try to open it and Chrome malware keeps popping up and redirects even though I've ran several malware programs. Can someone please help? The FRST scan results are posted below.

 

Browserless in Chicago.

 

Thanks,

 

Ylon

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by user (administrator) on USER-PC on 21-07-2015 11:35:28
Running from C:\Users\user\AppData\Local\temp\WPDNSE\{00000008-0001-0001-0000-000000000000}
Loaded Profiles: user (Available Profiles: user & whathefk)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Support.com, Inc.) C:\Program Files\AOL Computer Checkup\sdcService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
() C:\Program Files\Extensive Red\Extensive Red.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
( ) C:\Windows\System32\lxebcoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Support.com, Inc.) C:\Program Files\AOL Computer Checkup\sdcCont.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Support.com, Inc.) C:\Program Files\AOL Computer Checkup\sdcConta.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-03-16] (RealNetworks, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MakiwaraNotify] => C:\Program Files\AOL Computer Checkup\sdccont.exe [84056 2015-06-15] (Support.com, Inc.)
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-06] (SUPERAntiSpyware)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2014-09-25]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\Hp\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-02-06]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDCDisabled [2015-07-12] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-03-16] (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-03-31] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-03-31] (Sun Microsystems, Inc.)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-06-23] (AOL Inc.)
Toolbar: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [231424 2015-07-20] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{05303D2B-58F1-4070-8D1D-9D4A599A3D73}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{3EF2D24F-D63A-4355-8303-349911A896D4}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{41B14D91-DA84-44E4-9C61-05AF25EC2834}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{8FADE04F-3F10-4A97-B1E0-69DD80102ECE}: [NameServer] 10.177.0.34 10.161.171.220
Tcpip\..\Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}: [DhcpNameServer] 192.168.5.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{AD0A4693-C8DF-4B0E-B032-064D5C98FA51}: [NameServer] 10.177.0.34 10.164.103.44
Tcpip\..\Interfaces\{E713BB66-CB1D-40BD-B561-3514CFAD31E2}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{E894B967-EB02-4129-9133-C36FABC135A7}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FA66B9C7-50E8-4819-83D0-F3F7B3CC6EA2}: [NameServer] 10.177.0.34 10.163.103.140

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default
FF NewTab: about:blank
FF Homepage: about:home
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-03-31] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-03-31] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3282449068-2354428585-3331247383-1000: @citrixonline.com/appdetectorplugin -> C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-21] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Extension: AOL Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2015-07-12]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-07-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-07-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-16]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-01]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841} [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-18]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-18]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-18]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-18]
CHR Extension: (SearchLock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2015-04-08]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-03-18]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-18]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-15] (ArcSoft Inc.)
R2 AOL Computer Checkup; C:\Program Files\AOL Computer Checkup\SDCService.exe [587352 2015-06-15] (Support.com, Inc.)
R2 Extensive Red; C:\Program Files\Extensive Red\Extensive Red.exe [8016637 2015-07-12] () [File not signed] <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 lxci_device; C:\Windows\system32\lxcicoms.exe [491520 2005-10-24] ( )
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe [98984 2009-07-29] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [602792 2009-07-29] ( )
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 a2AntiMalware; "C:\Program Files\Emsisoft Anti-Malware\a2service.exe" [X]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Nero BackItUp Scheduler 4.0; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
R0 ksbus; C:\Windows\System32\DRIVERS\ksbus.sys [24880 2013-12-17] (KernSafe Technologies)
R0 KScsiPrt; C:\Windows\System32\DRIVERS\KScsiPrt.sys [125232 2013-12-17] (KernSafe Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [X]
S1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [X]
S1 a2injectiondriver; \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [X]
S1 a2util; \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S0 uksrwji; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 11:24 - 2015-07-21 11:36 - 00000000 ____D C:\FRST
2015-07-20 23:14 - 2015-07-20 23:15 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-07-20 23:10 - 2015-07-20 23:10 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-20 23:10 - 2015-07-20 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-20 23:10 - 2015-07-20 23:10 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-07-20 23:10 - 2015-07-20 23:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-20 23:10 - 2015-07-20 23:10 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-20 23:10 - 2015-07-20 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-07-20 23:07 - 2015-07-20 23:07 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-20 23:07 - 2015-07-20 23:07 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-20 23:06 - 2015-07-20 23:06 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-07-20 23:06 - 2015-07-20 23:06 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-07-20 23:06 - 2015-07-20 23:06 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-07-20 22:58 - 2015-07-20 22:58 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-07-20 22:54 - 2015-07-20 23:15 - 00016526 _____ C:\Windows\IE11_main.log
2015-07-20 22:08 - 2015-07-20 22:08 - 00000397 _____ C:\Users\user\Documents\kai.txt
2015-07-17 13:53 - 2015-07-17 13:53 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-07-17 13:53 - 2015-07-17 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-17 10:43 - 2015-07-17 10:43 - 00014659 _____ C:\ComboFix.txt
2015-07-17 10:13 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-17 10:13 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-17 10:13 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-16 20:09 - 2015-07-19 22:07 - 00000024 _____ C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-07-13 09:54 - 2015-07-20 19:27 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 09:54 - 2015-07-13 09:54 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-13 09:54 - 2015-07-13 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-13 09:53 - 2015-07-13 09:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-13 09:53 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 09:53 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 09:53 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 09:49 - 2015-07-13 09:52 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 22:04 - 2015-07-12 22:31 - 00000000 ____D C:\Windows\SystemRepair
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\Users\user\AppData\Roaming\AOL
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\Users\user\AppData\Local\AOL Toolbar
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-12 22:02 - 2015-07-12 22:02 - 00000000 ____D C:\ProgramData\AOL Toolbar
2015-07-12 22:01 - 2015-07-12 22:03 - 00000000 ____D C:\Program Files\AOL Toolbar
2015-07-12 22:01 - 2015-07-12 22:01 - 00002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Computer Checkup.lnk
2015-07-12 22:01 - 2015-07-12 22:01 - 00002206 _____ C:\Users\Public\Desktop\AOL Computer Checkup.lnk
2015-07-12 22:01 - 2015-07-12 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Computer Checkup
2015-07-12 22:00 - 2015-07-12 22:00 - 00000000 ____D C:\Program Files\Extensive Red
2015-07-12 21:53 - 2015-07-12 21:53 - 00000000 ____D C:\ProgramData\AOL Computer Checkup
2015-07-12 21:40 - 2015-07-12 22:37 - 00000000 ____D C:\Program Files\AOL Computer Checkup
2015-07-12 21:27 - 2015-07-12 21:33 - 00775680 _____ (AOL) C:\Users\user\Downloads\AOLComputerCheckupDM.exe
2015-07-05 23:46 - 2015-07-16 22:16 - 00000000 ____D C:\ProgramData\{bb6a814c-3aae-6278-bb6a-a814c3aa0530}
2015-07-05 23:15 - 2015-07-05 23:15 - 00022171 _____ C:\Users\user\Desktop\Meeting of creditors.pl
2015-06-27 21:57 - 2015-07-14 15:58 - 00000000 ____D C:\ProgramData\{0128b264-d6bb-e655-0128-8b264d6bc993}
2015-06-26 23:56 - 2015-07-14 12:02 - 00000000 ____D C:\ProgramData\{a67f41cd-ceab-03f1-a67f-f41cdcea0737}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 11:35 - 2011-02-24 18:41 - 01251320 _____ C:\Windows\WindowsUpdate.log
2015-07-21 11:13 - 2013-04-06 20:18 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-07-21 08:55 - 2011-08-20 19:30 - 00000000 ____D C:\ProgramData\TEMP
2015-07-20 23:29 - 2011-02-24 16:48 - 00006228 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 23:29 - 2009-07-13 23:34 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 23:29 - 2009-07-13 23:34 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 23:25 - 2011-02-24 22:44 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-07-20 23:23 - 2011-02-24 18:38 - 00000000 ____D C:\Windows\Panther
2015-07-20 23:21 - 2015-02-15 22:14 - 00013512 _____ C:\Windows\setupact.log
2015-07-20 23:21 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-TW
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-HK
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-CN
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\sv-SE
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ru-RU
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pt-PT
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pl-PL
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\nl-NL
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\nb-NO
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ko-KR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ja-JP
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\it-IT
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\hu-HU
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\fr-FR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\fi-FI
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\el-GR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-07-18 23:49 - 2011-06-15 01:11 - 05215744 ___SH C:\Users\user\Downloads\Thumbs.db
2015-07-18 23:45 - 2013-12-20 17:26 - 00032932 _____ C:\Windows\PFRO.log
2015-07-17 13:54 - 2015-02-14 18:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-17 10:44 - 2012-10-05 11:41 - 00000000 ____D C:\Qoobox
2015-07-17 10:38 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2015-07-17 10:12 - 2015-05-23 19:32 - 05634275 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-07-16 22:19 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\IME
2015-07-16 22:16 - 2014-07-15 02:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-16 21:08 - 2015-06-09 11:46 - 00000000 ____D C:\ProgramData\{c6216b22-bf88-bd46-c621-16b22bf8ac8a}
2015-07-14 12:03 - 2015-06-18 23:57 - 00000000 ____D C:\ProgramData\{2168808c-4a45-37d6-2168-8808c4a40231}
2015-07-14 11:50 - 2015-06-17 05:47 - 00000000 ____D C:\ProgramData\{74ab371d-f970-23c2-74ab-b371df97dc77}
2015-07-14 10:48 - 2015-04-15 03:18 - 00000000 ____D C:\Users\user\Desktop\Wdocs
2015-07-14 10:44 - 2015-03-18 11:32 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-12 22:52 - 2014-11-05 16:04 - 00000000 ____D C:\found.000
2015-07-12 22:44 - 2011-11-06 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
2015-07-12 22:44 - 2011-09-05 11:26 - 00000000 ____D C:\Users\user\Desktop\Sovereignty
2015-07-12 22:20 - 2013-01-16 19:52 - 00000000 ____D C:\Windows\pss
2015-07-12 20:28 - 2015-02-18 12:00 - 00021354 _____ C:\ProgramData\lxebscan.log
2015-07-05 23:29 - 2012-11-24 00:40 - 00000000 ____D C:\Users\user\AppData\Roaming\PrimoPDF
2015-07-05 05:11 - 2011-02-24 16:56 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-01-27 18:02 - 2014-01-27 18:02 - 0001206 _____ () C:\Program Files\REDX Lead Manager.lnk
2015-07-16 20:09 - 2015-07-19 22:07 - 0000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2014-08-03 00:37 - 2014-08-03 00:37 - 0000039 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan
2013-01-02 13:59 - 2013-01-02 13:59 - 0146700 _____ () C:\Users\user\AppData\Local\ars.cache
2013-01-02 14:00 - 2013-01-02 14:00 - 0242809 _____ () C:\Users\user\AppData\Local\census.cache
2011-08-19 00:38 - 2014-02-28 21:54 - 0073728 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-02 13:32 - 2013-01-02 13:32 - 0000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2011-03-02 21:57 - 2011-03-02 21:57 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2011-05-16 16:29 - 2011-05-16 16:30 - 0000000 _____ () C:\Users\user\AppData\Local\{9D33895A-0356-4C97-A60B-B4EC3946DD52}
2011-06-24 12:06 - 2011-06-24 12:06 - 0000000 _____ () C:\Users\user\AppData\Local\{DE525DB3-132F-4306-8738-2E1166DD3FC5}
2014-09-25 09:34 - 2014-09-25 09:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-10 11:23 - 2015-04-10 11:23 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-06-21 18:16 - 2011-06-21 18:16 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-02-18 12:06 - 2015-02-18 12:06 - 0000252 _____ () C:\ProgramData\FastPics.log
2015-02-18 12:03 - 2015-02-18 12:04 - 0000160 _____ () C:\ProgramData\lxeb.log
2015-04-10 11:24 - 2015-04-10 11:25 - 0000248 _____ () C:\ProgramData\lxebDiagnostics.log
2015-02-18 12:00 - 2015-07-12 20:28 - 0021354 _____ () C:\ProgramData\lxebscan.log
2015-04-10 11:23 - 2015-04-10 11:23 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2015-02-18 11:52 - 2015-02-18 11:52 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 16:39

==================== End of log ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 23 July 2015 - 08:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This program Extensive Red.exe is suspicious.
Unless you have installed it and know what it does you decide if you want to keep it.

If you wish to keep it remove these 3 lines from my fix below before saving the Fixlist.txt file.

() C:\Program Files\Extensive Red\Extensive Red.exe
C:\Program Files\Extensive Red\Extensive Red.exe
R2 Extensive Red; C:\Program Files\Extensive Red\Extensive Red.exe [8016637 2015-07-12] () [File not signed] <==== ATTENTION




Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files\Extensive Red\Extensive Red.exe
C:\Program Files\Extensive Red\Extensive Red.exe
R2 Extensive Red; C:\Program Files\Extensive Red\Extensive Red.exe [8016637 2015-07-12] () [File not signed] <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841} [not found]
CHR Extension: (SearchLock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2015-04-08]
S2 a2AntiMalware; "C:\Program Files\Emsisoft Anti-Malware\a2service.exe" [X]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Nero BackItUp Scheduler 4.0; No ImagePath
S3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [X]
S1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [X]
S1 a2injectiondriver; \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [X]
S1 a2util; \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [X]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S0 uksrwji; No ImagePath

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:612B5BD9
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION


Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#3 Ylon

Ylon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 23 July 2015 - 08:12 PM

Dear Nasdaq,

 

    Thank you for responding to my post. I followed your instructions for Chrome, saved the bookmarks and deleted the program. Have not reinstalled yet, as for Firefox, can't open it to follow your instructions. Also, in IE, I can't download anything.

 

I also ran FRST and the post is as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by user (administrator) on USER-PC on 23-07-2015 19:27:41
Running from C:\Users\user\AppData\Local\temp\WPDNSE
Loaded Profiles: user (Available Profiles: user & whathefk)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Support.com, Inc.) C:\Program Files\AOL Computer Checkup\sdcService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Support.com, Inc.) C:\Program Files\AOL Computer Checkup\sdcCont.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
( ) C:\Windows\System32\lxebcoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-03-16] (RealNetworks, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MakiwaraNotify] => C:\Program Files\AOL Computer Checkup\sdccont.exe [84056 2015-06-15] (Support.com, Inc.)
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-06] (SUPERAntiSpyware)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2014-09-25]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\Hp\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-02-06]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDCDisabled [2015-07-12] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-03-16] (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-03-31] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-03-31] (Sun Microsystems, Inc.)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-06-23] (AOL Inc.)
Toolbar: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [231424 2015-07-20] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{05303D2B-58F1-4070-8D1D-9D4A599A3D73}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{3EF2D24F-D63A-4355-8303-349911A896D4}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{41B14D91-DA84-44E4-9C61-05AF25EC2834}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{8FADE04F-3F10-4A97-B1E0-69DD80102ECE}: [NameServer] 10.177.0.34 10.161.171.220
Tcpip\..\Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}: [DhcpNameServer] 192.168.5.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{AD0A4693-C8DF-4B0E-B032-064D5C98FA51}: [NameServer] 10.177.0.34 10.164.103.44
Tcpip\..\Interfaces\{E713BB66-CB1D-40BD-B561-3514CFAD31E2}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{E894B967-EB02-4129-9133-C36FABC135A7}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FA66B9C7-50E8-4819-83D0-F3F7B3CC6EA2}: [NameServer] 10.177.0.34 10.163.103.140

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default
FF NewTab: about:blank
FF Homepage: about:home
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-03-31] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-03-31] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3282449068-2354428585-3331247383-1000: @citrixonline.com/appdetectorplugin -> C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-21] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Extension: AOL Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2015-07-12]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-07-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-07-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-16]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-01]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841} [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-15] (ArcSoft Inc.)
R2 AOL Computer Checkup; C:\Program Files\AOL Computer Checkup\SDCService.exe [587352 2015-06-15] (Support.com, Inc.)
S2 Extensive Red; C:\Program Files\Extensive Red\Extensive Red.exe [8016637 2015-07-12] () [File not signed] <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 lxci_device; C:\Windows\system32\lxcicoms.exe [491520 2005-10-24] ( )
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe [98984 2009-07-29] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [602792 2009-07-29] ( )
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 a2AntiMalware; "C:\Program Files\Emsisoft Anti-Malware\a2service.exe" [X]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Nero BackItUp Scheduler 4.0; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
R0 ksbus; C:\Windows\System32\DRIVERS\ksbus.sys [24880 2013-12-17] (KernSafe Technologies)
R0 KScsiPrt; C:\Windows\System32\DRIVERS\KScsiPrt.sys [125232 2013-12-17] (KernSafe Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [X]
S1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [X]
S1 a2injectiondriver; \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [X]
S1 a2util; \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S0 uksrwji; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 19:18 - 2015-07-23 19:19 - 02702125 _____ C:\Users\user\Desktop\1bookmarks_7_23_15.html
2015-07-23 19:18 - 2015-07-23 19:18 - 02702125 _____ C:\Users\user\Desktop\bookmarks_7_23_15.html
2015-07-23 19:12 - 2015-07-23 19:12 - 00060141 _____ C:\Users\user\Desktop\Bookmark Manager.html
2015-07-23 18:47 - 2015-07-23 18:47 - 00002025 _____ C:\Users\user\Desktop\fixlist.txt
2015-07-21 15:47 - 2015-07-21 15:47 - 15036416 _____ C:\Users\user\Desktop\abcd2.pub
2015-07-21 13:13 - 2015-07-21 13:57 - 15102464 _____ C:\Users\user\Desktop\abcd.pub
2015-07-21 12:32 - 2015-07-21 11:17 - 01517788 _____ C:\Users\user\Desktop\getPart.jpeg
2015-07-21 12:32 - 2015-07-21 10:43 - 04088945 _____ C:\Users\user\Desktop\getPart-5.jpeg
2015-07-21 12:32 - 2015-07-21 10:43 - 01274247 _____ C:\Users\user\Desktop\getPart-6.jpeg
2015-07-21 12:32 - 2015-07-21 10:42 - 00627074 _____ C:\Users\user\Desktop\getPart-2.jpeg
2015-07-21 12:31 - 2015-07-21 10:42 - 03077877 _____ C:\Users\user\Desktop\getPart-4.jpeg
2015-07-21 12:31 - 2015-07-21 10:42 - 02982416 _____ C:\Users\user\Desktop\getPart-3.jpeg
2015-07-21 12:29 - 2015-07-21 11:01 - 01346827 _____ C:\Users\user\Desktop\ms j.jpeg
2015-07-21 11:49 - 2015-07-21 11:49 - 00033948 _____ C:\Users\user\Desktop\Addition FRST.txt
2015-07-21 11:24 - 2015-07-23 19:28 - 00000000 ____D C:\FRST
2015-07-20 23:14 - 2015-07-20 23:15 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-07-20 23:10 - 2015-07-20 23:10 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-20 23:10 - 2015-07-20 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-20 23:10 - 2015-07-20 23:10 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-07-20 23:10 - 2015-07-20 23:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-20 23:10 - 2015-07-20 23:10 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-20 23:10 - 2015-07-20 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-07-20 23:07 - 2015-07-20 23:07 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-20 23:07 - 2015-07-20 23:07 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-20 23:06 - 2015-07-20 23:06 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-07-20 23:06 - 2015-07-20 23:06 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-07-20 23:06 - 2015-07-20 23:06 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-07-20 22:58 - 2015-07-20 22:58 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-07-20 22:54 - 2015-07-20 23:15 - 00016526 _____ C:\Windows\IE11_main.log
2015-07-20 22:08 - 2015-07-20 22:08 - 00000397 _____ C:\Users\user\Documents\kai.txt
2015-07-17 13:53 - 2015-07-17 13:53 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-07-17 13:53 - 2015-07-17 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-17 10:43 - 2015-07-17 10:43 - 00014659 _____ C:\ComboFix.txt
2015-07-17 10:13 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-17 10:13 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-17 10:13 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-16 20:09 - 2015-07-23 19:03 - 00000024 _____ C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-07-13 09:54 - 2015-07-20 19:27 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 09:54 - 2015-07-13 09:54 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-13 09:54 - 2015-07-13 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-13 09:53 - 2015-07-13 09:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-13 09:53 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 09:53 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 09:53 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 09:49 - 2015-07-13 09:52 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 22:04 - 2015-07-12 22:31 - 00000000 ____D C:\Windows\SystemRepair
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\Users\user\AppData\Roaming\AOL
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\Users\user\AppData\Local\AOL Toolbar
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-12 22:02 - 2015-07-12 22:02 - 00000000 ____D C:\ProgramData\AOL Toolbar
2015-07-12 22:01 - 2015-07-12 22:03 - 00000000 ____D C:\Program Files\AOL Toolbar
2015-07-12 22:01 - 2015-07-12 22:01 - 00002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Computer Checkup.lnk
2015-07-12 22:01 - 2015-07-12 22:01 - 00002206 _____ C:\Users\Public\Desktop\AOL Computer Checkup.lnk
2015-07-12 22:01 - 2015-07-12 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Computer Checkup
2015-07-12 22:00 - 2015-07-12 22:00 - 00000000 ____D C:\Program Files\Extensive Red
2015-07-12 21:53 - 2015-07-12 21:53 - 00000000 ____D C:\ProgramData\AOL Computer Checkup
2015-07-12 21:40 - 2015-07-12 22:37 - 00000000 ____D C:\Program Files\AOL Computer Checkup
2015-07-12 21:27 - 2015-07-12 21:33 - 00775680 _____ (AOL) C:\Users\user\Downloads\AOLComputerCheckupDM.exe
2015-07-05 23:46 - 2015-07-16 22:16 - 00000000 ____D C:\ProgramData\{bb6a814c-3aae-6278-bb6a-a814c3aa0530}
2015-07-05 23:15 - 2015-07-05 23:15 - 00022171 _____ C:\Users\user\Desktop\Meeting of creditors.pl
2015-06-27 21:57 - 2015-07-14 15:58 - 00000000 ____D C:\ProgramData\{0128b264-d6bb-e655-0128-8b264d6bc993}
2015-06-26 23:56 - 2015-07-14 12:02 - 00000000 ____D C:\ProgramData\{a67f41cd-ceab-03f1-a67f-f41cdcea0737}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 19:23 - 2011-03-16 11:53 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-07-23 19:23 - 2011-03-16 11:53 - 00000000 ____D C:\Program Files\Google
2015-07-23 18:49 - 2011-02-24 18:41 - 01748696 _____ C:\Windows\WindowsUpdate.log
2015-07-23 18:44 - 2011-08-20 19:30 - 00000000 ____D C:\ProgramData\TEMP
2015-07-23 18:41 - 2013-04-06 20:18 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-07-23 18:41 - 2009-07-13 23:34 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 18:41 - 2009-07-13 23:34 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 18:33 - 2015-02-15 22:14 - 00013624 _____ C:\Windows\setupact.log
2015-07-23 18:33 - 2011-02-24 22:44 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-07-23 18:33 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 00:47 - 2011-06-15 01:11 - 05215744 ___SH C:\Users\user\Downloads\Thumbs.db
2015-07-21 22:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-07-21 16:53 - 2015-02-14 18:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-21 16:50 - 2014-12-03 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-21 16:47 - 2014-12-03 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-20 23:29 - 2011-02-24 16:48 - 00006228 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 23:23 - 2011-02-24 18:38 - 00000000 ____D C:\Windows\Panther
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-TW
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-HK
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-CN
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\sv-SE
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ru-RU
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pt-PT
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pl-PL
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\nl-NL
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\nb-NO
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ko-KR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ja-JP
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\it-IT
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\hu-HU
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\fr-FR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\fi-FI
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\el-GR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-07-18 23:45 - 2013-12-20 17:26 - 00032932 _____ C:\Windows\PFRO.log
2015-07-17 10:44 - 2012-10-05 11:41 - 00000000 ____D C:\Qoobox
2015-07-17 10:38 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2015-07-17 10:12 - 2015-05-23 19:32 - 05634275 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-07-16 22:19 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\IME
2015-07-16 22:16 - 2014-07-15 02:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-16 21:08 - 2015-06-09 11:46 - 00000000 ____D C:\ProgramData\{c6216b22-bf88-bd46-c621-16b22bf8ac8a}
2015-07-14 12:03 - 2015-06-18 23:57 - 00000000 ____D C:\ProgramData\{2168808c-4a45-37d6-2168-8808c4a40231}
2015-07-14 11:50 - 2015-06-17 05:47 - 00000000 ____D C:\ProgramData\{74ab371d-f970-23c2-74ab-b371df97dc77}
2015-07-14 10:48 - 2015-04-15 03:18 - 00000000 ____D C:\Users\user\Desktop\Wdocs
2015-07-12 22:52 - 2014-11-05 16:04 - 00000000 ____D C:\found.000
2015-07-12 22:44 - 2011-11-06 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
2015-07-12 22:44 - 2011-09-05 11:26 - 00000000 ____D C:\Users\user\Desktop\Sovereignty
2015-07-12 22:20 - 2013-01-16 19:52 - 00000000 ____D C:\Windows\pss
2015-07-12 20:28 - 2015-02-18 12:00 - 00021354 _____ C:\ProgramData\lxebscan.log
2015-07-05 23:29 - 2012-11-24 00:40 - 00000000 ____D C:\Users\user\AppData\Roaming\PrimoPDF
2015-07-05 05:11 - 2011-02-24 16:56 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-01-27 18:02 - 2014-01-27 18:02 - 0001206 _____ () C:\Program Files\REDX Lead Manager.lnk
2015-07-16 20:09 - 2015-07-23 19:03 - 0000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2014-08-03 00:37 - 2014-08-03 00:37 - 0000039 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan
2013-01-02 13:59 - 2013-01-02 13:59 - 0146700 _____ () C:\Users\user\AppData\Local\ars.cache
2013-01-02 14:00 - 2013-01-02 14:00 - 0242809 _____ () C:\Users\user\AppData\Local\census.cache
2011-08-19 00:38 - 2014-02-28 21:54 - 0073728 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-02 13:32 - 2013-01-02 13:32 - 0000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2011-03-02 21:57 - 2011-03-02 21:57 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2011-05-16 16:29 - 2011-05-16 16:30 - 0000000 _____ () C:\Users\user\AppData\Local\{9D33895A-0356-4C97-A60B-B4EC3946DD52}
2011-06-24 12:06 - 2011-06-24 12:06 - 0000000 _____ () C:\Users\user\AppData\Local\{DE525DB3-132F-4306-8738-2E1166DD3FC5}
2014-09-25 09:34 - 2014-09-25 09:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-10 11:23 - 2015-04-10 11:23 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-06-21 18:16 - 2011-06-21 18:16 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-02-18 12:06 - 2015-02-18 12:06 - 0000252 _____ () C:\ProgramData\FastPics.log
2015-02-18 12:03 - 2015-02-18 12:04 - 0000160 _____ () C:\ProgramData\lxeb.log
2015-04-10 11:24 - 2015-04-10 11:25 - 0000248 _____ () C:\ProgramData\lxebDiagnostics.log
2015-02-18 12:00 - 2015-07-12 20:28 - 0021354 _____ () C:\ProgramData\lxebscan.log
2015-04-10 11:23 - 2015-04-10 11:23 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2015-02-18 11:52 - 2015-02-18 11:52 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 16:39

==================== End of log ============================

 

It saved the initial scan to the file in the third line from my initial post, however, during the fix, it deleted the files. There was a file under FRST where the subsequent reports were saved.

 

Let me know about Firefox and IE, I'l download Chrome later.

 

Thanks and I appreciate your time and expertise.

 

Ylon



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 24 July 2015 - 07:55 AM

The fix did not work.

You have placed the Farbar tool in the WPDNSE folder.

C:\Users\user\AppData\Local\temp\WPDNSE

I suggest you copy and move the file to your Desktop.

Place the Fixlist.txt file you created on the Desktop.

Run the Farbar tool and post the log created.

p.s.
Make sure the you have copied and save all the of text in the code box to the fixlist.txt file.

How is the computer running now?

#5 Ylon

Ylon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 24 July 2015 - 11:23 PM

Dear Nasdaq, I followed your instruction and posted the files to the desktop and ran it from there.

Thanks again  for your assistance and it seems to be ok, but take a look and let me know. Also in the IE restricted sites on the Additional List, it states 11K sites. How can I delete this listing off my computer?

The results are as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by user (administrator) on USER-PC on 24-07-2015 22:36:50
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & whathefk)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Support.com, Inc.) C:\Program Files\AOL Computer Checkup\sdcService.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
( ) C:\Windows\System32\lxebcoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Support.com, Inc.) C:\Program Files\AOL Computer Checkup\sdcCont.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-03-16] (RealNetworks, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MakiwaraNotify] => C:\Program Files\AOL Computer Checkup\sdccont.exe [84056 2015-06-15] (Support.com, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2014-09-25]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\Hp\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-02-06]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDCDisabled [2015-07-12] ()
CHR HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-03-16] (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-03-31] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-03-31] (Sun Microsystems, Inc.)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-06-23] (AOL Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [231424 2015-07-20] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{05303D2B-58F1-4070-8D1D-9D4A599A3D73}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{3EF2D24F-D63A-4355-8303-349911A896D4}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{41B14D91-DA84-44E4-9C61-05AF25EC2834}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{8FADE04F-3F10-4A97-B1E0-69DD80102ECE}: [NameServer] 10.177.0.34 10.161.171.220
Tcpip\..\Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}: [DhcpNameServer] 192.168.5.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{AD0A4693-C8DF-4B0E-B032-064D5C98FA51}: [NameServer] 10.177.0.34 10.164.103.44
Tcpip\..\Interfaces\{E713BB66-CB1D-40BD-B561-3514CFAD31E2}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{E894B967-EB02-4129-9133-C36FABC135A7}: [NameServer] 10.177.0.34 10.168.187.116
Tcpip\..\Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FA66B9C7-50E8-4819-83D0-F3F7B3CC6EA2}: [NameServer] 10.177.0.34 10.163.103.140

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default
FF NewTab: about:blank
FF Homepage: about:home
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-03-31] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-03-31] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3282449068-2354428585-3331247383-1000: @citrixonline.com/appdetectorplugin -> C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-21] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2011-03-16] (RealNetworks, Inc.)
FF Extension: AOL Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2015-07-12]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-07-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-07-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-16]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-01]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841} [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-15] (ArcSoft Inc.)
R2 AOL Computer Checkup; C:\Program Files\AOL Computer Checkup\SDCService.exe [587352 2015-06-15] (Support.com, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 lxci_device; C:\Windows\system32\lxcicoms.exe [491520 2005-10-24] ( )
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe [98984 2009-07-29] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [602792 2009-07-29] ( )
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 22:36 - 2015-07-24 22:48 - 00014407 _____ C:\Users\user\Desktop\FRST.txt
2015-07-24 22:05 - 2015-07-21 11:11 - 01638912 ____N (Farbar) C:\Users\user\Desktop\FRST.exe
2015-07-23 19:18 - 2015-07-23 19:19 - 02702125 _____ C:\Users\user\Desktop\1bookmarks_7_23_15.html
2015-07-23 19:18 - 2015-07-23 19:18 - 02702125 _____ C:\Users\user\Desktop\bookmarks_7_23_15.html
2015-07-23 19:12 - 2015-07-23 19:12 - 00060141 _____ C:\Users\user\Desktop\Bookmark Manager.html
2015-07-21 15:47 - 2015-07-21 15:47 - 15036416 _____ C:\Users\user\Desktop\abcd2.pub
2015-07-21 13:13 - 2015-07-21 13:57 - 15102464 _____ C:\Users\user\Desktop\abcd.pub
2015-07-21 12:32 - 2015-07-21 11:17 - 01517788 _____ C:\Users\user\Desktop\getPart.jpeg
2015-07-21 12:32 - 2015-07-21 10:43 - 04088945 _____ C:\Users\user\Desktop\getPart-5.jpeg
2015-07-21 12:32 - 2015-07-21 10:43 - 01274247 _____ C:\Users\user\Desktop\getPart-6.jpeg
2015-07-21 12:32 - 2015-07-21 10:42 - 00627074 _____ C:\Users\user\Desktop\getPart-2.jpeg
2015-07-21 12:31 - 2015-07-21 10:42 - 03077877 _____ C:\Users\user\Desktop\getPart-4.jpeg
2015-07-21 12:31 - 2015-07-21 10:42 - 02982416 _____ C:\Users\user\Desktop\getPart-3.jpeg
2015-07-21 12:29 - 2015-07-21 11:01 - 01346827 _____ C:\Users\user\Desktop\ms j.jpeg
2015-07-21 11:49 - 2015-07-21 11:49 - 00033948 _____ C:\Users\user\Desktop\Addition FRST.txt
2015-07-21 11:24 - 2015-07-24 22:37 - 00000000 ____D C:\FRST
2015-07-20 23:14 - 2015-07-20 23:15 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-07-20 23:10 - 2015-07-20 23:10 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-20 23:10 - 2015-07-20 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-20 23:10 - 2015-07-20 23:10 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-07-20 23:10 - 2015-07-20 23:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-20 23:10 - 2015-07-20 23:10 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-20 23:10 - 2015-07-20 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-20 23:10 - 2015-07-20 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-20 23:10 - 2015-07-20 23:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-07-20 23:07 - 2015-07-20 23:07 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-20 23:07 - 2015-07-20 23:07 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-20 23:07 - 2015-07-20 23:07 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-20 23:06 - 2015-07-20 23:06 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-07-20 23:06 - 2015-07-20 23:06 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-07-20 23:06 - 2015-07-20 23:06 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-07-20 22:58 - 2015-07-20 22:58 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-07-20 22:54 - 2015-07-20 23:15 - 00016526 _____ C:\Windows\IE11_main.log
2015-07-20 22:08 - 2015-07-20 22:08 - 00000397 _____ C:\Users\user\Documents\kai.txt
2015-07-17 10:43 - 2015-07-17 10:43 - 00014659 _____ C:\ComboFix.txt
2015-07-17 10:13 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-17 10:13 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-17 10:13 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-17 10:13 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-16 20:09 - 2015-07-23 19:03 - 00000024 _____ C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-07-13 09:54 - 2015-07-20 19:27 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 09:54 - 2015-07-13 09:54 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-13 09:54 - 2015-07-13 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-13 09:53 - 2015-07-13 09:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-13 09:53 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 09:53 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 09:53 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 09:49 - 2015-07-13 09:52 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 22:04 - 2015-07-12 22:31 - 00000000 ____D C:\Windows\SystemRepair
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\Users\user\AppData\Roaming\AOL
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\Users\user\AppData\Local\AOL Toolbar
2015-07-12 22:03 - 2015-07-12 22:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-12 22:02 - 2015-07-12 22:02 - 00000000 ____D C:\ProgramData\AOL Toolbar
2015-07-12 22:01 - 2015-07-12 22:03 - 00000000 ____D C:\Program Files\AOL Toolbar
2015-07-12 22:01 - 2015-07-12 22:01 - 00002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Computer Checkup.lnk
2015-07-12 22:01 - 2015-07-12 22:01 - 00002206 _____ C:\Users\Public\Desktop\AOL Computer Checkup.lnk
2015-07-12 22:01 - 2015-07-12 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Computer Checkup
2015-07-12 22:00 - 2015-07-23 19:42 - 00000000 ____D C:\Program Files\Extensive Red
2015-07-12 21:53 - 2015-07-12 21:53 - 00000000 ____D C:\ProgramData\AOL Computer Checkup
2015-07-12 21:40 - 2015-07-12 22:37 - 00000000 ____D C:\Program Files\AOL Computer Checkup
2015-07-12 21:27 - 2015-07-12 21:33 - 00775680 _____ (AOL) C:\Users\user\Downloads\AOLComputerCheckupDM.exe
2015-07-05 23:46 - 2015-07-16 22:16 - 00000000 ____D C:\ProgramData\{bb6a814c-3aae-6278-bb6a-a814c3aa0530}
2015-07-05 23:15 - 2015-07-05 23:15 - 00022171 _____ C:\Users\user\Desktop\Meeting of creditors.pl
2015-06-27 21:57 - 2015-07-14 15:58 - 00000000 ____D C:\ProgramData\{0128b264-d6bb-e655-0128-8b264d6bc993}
2015-06-26 23:56 - 2015-07-14 12:02 - 00000000 ____D C:\ProgramData\{a67f41cd-ceab-03f1-a67f-f41cdcea0737}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 22:44 - 2011-02-24 18:41 - 01960186 _____ C:\Windows\WindowsUpdate.log
2015-07-24 22:41 - 2009-07-13 23:34 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-24 22:41 - 2009-07-13 23:34 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-24 22:39 - 2011-08-20 19:30 - 00000000 ____D C:\ProgramData\TEMP
2015-07-24 22:34 - 2011-02-24 22:44 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-07-24 22:33 - 2015-02-15 22:14 - 00013904 _____ C:\Windows\setupact.log
2015-07-24 22:33 - 2013-12-20 17:26 - 00034110 _____ C:\Windows\PFRO.log
2015-07-24 22:33 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-24 21:49 - 2014-01-03 23:42 - 00000000 ____D C:\Program Files\KernSafe
2015-07-24 21:43 - 2015-02-14 18:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-24 21:40 - 2012-09-14 12:18 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-07-24 21:40 - 2011-02-24 16:59 - 00000000 ___RD C:\Program Files\Skype
2015-07-24 21:40 - 2011-02-24 16:59 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-07-24 21:40 - 2011-02-24 16:59 - 00000000 ____D C:\ProgramData\Skype
2015-07-23 19:55 - 2013-10-28 14:21 - 00016896 ___SH C:\Users\user\Thumbs.db
2015-07-23 19:23 - 2011-03-16 11:53 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-07-23 19:23 - 2011-03-16 11:53 - 00000000 ____D C:\Program Files\Google
2015-07-23 18:41 - 2013-04-06 20:18 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-07-23 00:47 - 2011-06-15 01:11 - 05215744 ___SH C:\Users\user\Downloads\Thumbs.db
2015-07-21 22:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-07-21 16:50 - 2014-12-03 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-21 16:47 - 2014-12-03 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-20 23:29 - 2011-02-24 16:48 - 00006228 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 23:23 - 2011-02-24 18:38 - 00000000 ____D C:\Windows\Panther
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-TW
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-HK
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\zh-CN
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\sv-SE
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ru-RU
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pt-PT
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\pl-PL
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\nl-NL
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\nb-NO
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ko-KR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ja-JP
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\it-IT
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\hu-HU
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\fr-FR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\fi-FI
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\el-GR
2015-07-20 23:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-07-17 10:44 - 2012-10-05 11:41 - 00000000 ____D C:\Qoobox
2015-07-17 10:38 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2015-07-17 10:12 - 2015-05-23 19:32 - 05634275 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-07-16 22:19 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\IME
2015-07-16 22:16 - 2014-07-15 02:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-16 21:08 - 2015-06-09 11:46 - 00000000 ____D C:\ProgramData\{c6216b22-bf88-bd46-c621-16b22bf8ac8a}
2015-07-14 12:03 - 2015-06-18 23:57 - 00000000 ____D C:\ProgramData\{2168808c-4a45-37d6-2168-8808c4a40231}
2015-07-14 11:50 - 2015-06-17 05:47 - 00000000 ____D C:\ProgramData\{74ab371d-f970-23c2-74ab-b371df97dc77}
2015-07-14 10:48 - 2015-04-15 03:18 - 00000000 ____D C:\Users\user\Desktop\Wdocs
2015-07-12 22:52 - 2014-11-05 16:04 - 00000000 ____D C:\found.000
2015-07-12 22:44 - 2011-11-06 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
2015-07-12 22:44 - 2011-09-05 11:26 - 00000000 ____D C:\Users\user\Desktop\Sovereignty
2015-07-12 22:20 - 2013-01-16 19:52 - 00000000 ____D C:\Windows\pss
2015-07-12 20:28 - 2015-02-18 12:00 - 00021354 _____ C:\ProgramData\lxebscan.log
2015-07-05 23:29 - 2012-11-24 00:40 - 00000000 ____D C:\Users\user\AppData\Roaming\PrimoPDF
2015-07-05 05:11 - 2011-02-24 16:56 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-01-27 18:02 - 2014-01-27 18:02 - 0001206 _____ () C:\Program Files\REDX Lead Manager.lnk
2015-07-16 20:09 - 2015-07-23 19:03 - 0000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2014-08-03 00:37 - 2014-08-03 00:37 - 0000039 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan
2013-01-02 13:59 - 2013-01-02 13:59 - 0146700 _____ () C:\Users\user\AppData\Local\ars.cache
2013-01-02 14:00 - 2013-01-02 14:00 - 0242809 _____ () C:\Users\user\AppData\Local\census.cache
2011-08-19 00:38 - 2014-02-28 21:54 - 0073728 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-02 13:32 - 2013-01-02 13:32 - 0000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2011-03-02 21:57 - 2011-03-02 21:57 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2011-05-16 16:29 - 2011-05-16 16:30 - 0000000 _____ () C:\Users\user\AppData\Local\{9D33895A-0356-4C97-A60B-B4EC3946DD52}
2011-06-24 12:06 - 2011-06-24 12:06 - 0000000 _____ () C:\Users\user\AppData\Local\{DE525DB3-132F-4306-8738-2E1166DD3FC5}
2014-09-25 09:34 - 2014-09-25 09:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-10 11:23 - 2015-04-10 11:23 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-06-21 18:16 - 2011-06-21 18:16 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-02-18 12:06 - 2015-02-18 12:06 - 0000252 _____ () C:\ProgramData\FastPics.log
2015-02-18 12:03 - 2015-02-18 12:04 - 0000160 _____ () C:\ProgramData\lxeb.log
2015-04-10 11:24 - 2015-04-10 11:25 - 0000248 _____ () C:\ProgramData\lxebDiagnostics.log
2015-02-18 12:00 - 2015-07-12 20:28 - 0021354 _____ () C:\ProgramData\lxebscan.log
2015-04-10 11:23 - 2015-04-10 11:23 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2015-02-18 11:52 - 2015-02-18 11:52 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-23 22:00

==================== End of log ============================

 

 

Also the Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by user at 2015-07-24 22:55:01
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3282449068-2354428585-3331247383-500 - Administrator - Disabled)
Guest (S-1-5-21-3282449068-2354428585-3331247383-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3282449068-2354428585-3331247383-1006 - Limited - Enabled)
user (S-1-5-21-3282449068-2354428585-3331247383-1000 - Administrator - Enabled) => C:\Users\user
whathefk (S-1-5-21-3282449068-2354428585-3331247383-1007 - Limited - Enabled) => C:\Users\whathefk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader 9.4.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.5 - Adobe Systems Incorporated)
AI Viewer (HKLM\...\{8C8292F3-7D93-4D40-9738-B24165D7E7CD}_is1) (Version:  - IdeaMK)
Akamai NetSession Interface (HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\...\Amazon Kindle) (Version:  - Amazon)
AOL Computer Checkup (HKLM\...\AOL Computer Checkup) (Version: 4.0.1.3 - AOL)
AOL Toolbar (HKLM\...\AOL Toolbar) (Version:  - AOL Inc.)
ArcSoft MediaConverter 7.5 (HKLM\...\{69039A13-9ABB-4264-A570-0023FB2D4F18}) (Version: 7.5.0.114 - ArcSoft, Inc.)
Assist by AOL PC Scan (HKLM\...\Assist by AOL PC Scan) (Version: 1.0.0.9 - Sutherland Global Services Inc)
Assist by AOL PC Scan (Version: 1.0.0.9 - Sutherland Global Services Inc) Hidden
BrokerMetrics (HKLM\...\BrokerMetrics) (Version: 1.0.0.0 - Terradatum)
Camtasia Studio 8 (HKLM\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Carleton H. Sheets Real Estate ToolKit version 7.2 (HKLM\...\InstallShield_{C6A75800-03D3-4AC7-9563-A17B654F83B9}) (Version: 7.2.0 - The Professional Education Institute)
Carleton H. Sheets Real Estate ToolKit version 7.2 (Version: 7.2.0 - The Professional Education Institute) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java™ 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
K-Lite Codec Pack 5.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Lexmark 7300 Series (HKLM\...\Lexmark 7300 Series) (Version:  - )
Lexmark Printable Web (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.29.0.0 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version:  - )
PdaNet+ for Android 4.15 (HKLM\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
REDX Lead Manager (HKLM\...\{ABE5CB06-73DD-4F61-B936-B414F647C273}) (Version: 6.1.61 - Real Estate Data X-Change)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SolveigMM AVI Trimmer (HKLM\...\SolveigMM AVI Trimmer) (Version: 2.0.1106.20 - Solveig Multimedia)
Subliminal Flash 3.0 (HKLM\...\Law of Attraction_is1) (Version:  - Ded Pyhto, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veoh Web Player (HKLM\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Workspace Desktop (HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\...\workspacedesktop) (Version:  - Starfield Technologies)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.01B03 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\user\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3282449068-2354428585-3331247383-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\SHELL32.dll (Microsoft Corporation)

==================== Restore Points =========================

17-07-2015 10:13:52 ComboFix created restore point
20-07-2015 22:56:48 Windows Modules Installer
23-07-2015 19:41:33 Restore Point Created by FRST
24-07-2015 21:38:15 Removed Skype™ 5.10
24-07-2015 21:41:14 Removed Skype Toolbars
24-07-2015 21:47:41 Revo Uninstaller's restore point - TotalMounter V2.01 (Remove only)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-07-17 10:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06C3C489-8E44-4894-A428-2DEBCA0DB814} - System32\Tasks\RNUpgradeHelperLogonPrompt_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-11] (RealNetworks, Inc.)
Task: {38A4F12E-BBB7-41A5-B3AF-AAB32DE81D30} - System32\Tasks\{47238C55-FF54-44F6-917A-A8757BD1B5C7} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {3CF812EB-C723-41C6-9569-44DD0C90CAD4} - System32\Tasks\{7427FAA3-9DC6-4806-99A6-B6FE8A2336E3} => pcalua.exe -a D:\setup.exe -d D:\
Task: {441773C2-DA8C-4F15-BDD0-251C5C1A0ABB} - System32\Tasks\RealCreateProcessScheduledTask77470S-1-5-21-3282449068-2354428585-3331247383-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-03-16] (RealNetworks, Inc.)
Task: {550BD911-C104-4C43-9AA0-2CCAE58A3080} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3282449068-2354428585-3331247383-1007 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {560A28CC-A8FF-4673-9597-966EC0DDC489} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3282449068-2354428585-3331247383-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {6F817AB6-FDD0-4603-95FD-DCF0C844D477} - System32\Tasks\{E356A937-304E-487A-A812-AFB8B29CF6DD} => pcalua.exe -a "C:\Program Files\T-Mobile\webConnect Manager\InstallModem.exe" -d "C:\Program Files\T-Mobile\webConnect Manager"
Task: {77971042-EA19-4BD4-8879-D66850A14FDA} - System32\Tasks\RNUpgradeHelperResumePrompt_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-11] (RealNetworks, Inc.)
Task: {9114BEAD-D528-43EA-B8A9-8624429A6CA2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3282449068-2354428585-3331247383-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {91CD754C-8DDB-4BAC-8752-C7870D2FDAC8} - System32\Tasks\ReclaimerUpdateFiles_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-11] (RealNetworks, Inc.)
Task: {9400982D-B8FE-4A54-9CEB-631E66B8FA45} - System32\Tasks\{E078BFAB-9772-4059-946E-165A9251DB43} => pcalua.exe -a C:\Users\user\Downloads\cjb7300EN(1).exe -d C:\Users\user\Downloads
Task: {964A8EE5-2EE4-4ACA-A6D7-4AE4C21A8EAF} - System32\Tasks\{462787B6-72E1-4A0D-A5BC-D6C57E186154} => Firefox.exe
Task: {98865968-2AB8-4F1B-828F-D4BAC1BEE472} - System32\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7} => C:\Program Files\AOL Computer Checkup\sdccont.exe [2015-06-15] (Support.com, Inc.)
Task: {A8BADA68-A10C-4B0B-B267-18CB66E22B62} - System32\Tasks\{F0E70F4D-8C8A-4B0F-AFA3-B07E29B6D181} => pcalua.exe -a C:\Users\user\Downloads\AutodeskDesignRevSetup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {B6C43E4F-A45E-47B2-A58B-2CCC10EC7677} - System32\Tasks\ReclaimerUpdateXML_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-11] (RealNetworks, Inc.)
Task: {BB6C746F-1152-45C0-AB6D-4F8464CD45EC} - System32\Tasks\RealCreateProcessScheduledTask66701519S-1-5-21-3282449068-2354428585-3331247383-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-03-16] (RealNetworks, Inc.)
Task: {CF8C84E7-E879-4EAD-AB9D-64AE8DF2A891} - System32\Tasks\RealCreateProcessScheduledTask781763520S-1-5-21-3282449068-2354428585-3331247383-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-03-16] (RealNetworks, Inc.)
Task: {D8A4881A-A3D2-4AA0-ADB3-EC7C7D809362} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3282449068-2354428585-3331247383-1007 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {F12D6F2E-DF1E-4600-A9EC-A041A4C3F30E} - System32\Tasks\{36506054-3619-4C99-81AF-276526AF8225} => pcalua.exe -a C:\Users\user\Downloads\wlsetup-web.exe -d C:\Users\user\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2015-06-15 01:53 - 2015-06-15 01:53 - 00088152 _____ () C:\Program Files\AOL Computer Checkup\taskPlugins\makBatteryLevelMonitorTask.dll
2015-06-15 01:53 - 2015-06-15 01:53 - 00103512 _____ () C:\Program Files\AOL Computer Checkup\taskPlugins\makDiskSpaceManager.dll
2015-06-15 01:53 - 2015-06-15 01:53 - 00442456 _____ () C:\Program Files\AOL Computer Checkup\taskPlugins\makiwaraDynamicContentDownloadTask.dll
2015-06-15 01:53 - 2015-06-15 01:53 - 00350296 _____ () C:\Program Files\AOL Computer Checkup\taskPlugins\makiwaraSubscriptionInfoFetcher.dll
2015-06-15 01:53 - 2015-06-15 01:53 - 00439896 _____ () C:\Program Files\AOL Computer Checkup\taskPlugins\makStartupManagerWatcherTask.dll
2012-11-24 00:38 - 2011-02-28 17:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll
2015-02-18 12:00 - 2009-06-19 03:58 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxebdrpp.dll
2010-09-22 22:12 - 2010-09-22 22:12 - 00016832 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
2015-02-06 10:20 - 2014-01-07 17:30 - 01054432 _____ () C:\Program Files\PdaNet for Android\PdaNetPC.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:612B5BD9

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 11211 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: TeamViewer6 => 2
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{308E8839-2FD7-4E88-8D0F-A1C7AC89791B}] => (Allow) C:\Windows\System32\lxcicoms.exe
FirewallRules: [{AB440A03-B130-4557-9289-8B31747E07B3}] => (Allow) C:\Windows\System32\lxcicoms.exe
FirewallRules: [TCP Query User{7AA5AB1A-8108-4DD3-9F32-7DC27C9F9F8F}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{511D1EB9-3E2D-46D6-A28F-077222706E96}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{89D5665B-7756-4FA8-8B91-65961212B029}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe] => (Allow) C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [UDP Query User{57558D89-91B2-49EE-9D64-43647E027E14}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe] => (Allow) C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [{C5E8905E-DB9C-4DDD-BD52-3CEB8F05AD77}] => (Allow) C:\Users\user\AppData\Local\temp\7zS0C0C\hppiw.exe
FirewallRules: [{0481279C-0698-48D7-A61C-10D2894D2C2E}] => (Allow) C:\Users\user\AppData\Local\temp\7zS0C0C\hppiw.exe
FirewallRules: [{27FE201B-A563-4665-BB96-342740A79F53}] => (Allow) LPort=135
FirewallRules: [{FC9A41B7-A3D2-4D24-9EBE-820F19794AF8}] => (Allow) LPort=135
FirewallRules: [{AA712F7C-6E4C-4048-8334-37785E446A4F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{1CEE1B6C-ADA7-459C-9B8E-C1FF8DCC82A6}C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{C284C019-BAC4-48D2-B9DB-B6233E6B0AD7}C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{856E1153-C00C-4C19-9259-D5F5AAAA2ACA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{811F7328-C506-4ABC-A8C2-C80A6E6B011A}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{3F53D928-6C46-4F51-8692-71F09998014B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{A8F70BF2-6E48-4410-AB6F-5F9D0F1E5A76}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{BBE07B9B-5CC4-4B74-8B16-8B4423EF57D6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{CA8F2688-A773-450C-9A73-D4DA8DEB1995}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{9133845C-D6CA-44DB-A25D-7CE45179BBDD}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D9C2CC4A-1FC7-4BDC-BF92-9E3CD9209B36}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F4BE5667-2C3B-4535-9553-FB6F0397B11E}] => (Allow) C:\Windows\system32\lxebcoms.exe
FirewallRules: [{9DA86AC1-525B-4A83-B99A-417858F5EF6C}] => (Allow) C:\Windows\system32\LXEBcoms.exe
FirewallRules: [{96F07C59-EBF3-41E4-848B-FBE8F7519992}] => (Allow) C:\Windows\system32\LXEBcoms.exe
FirewallRules: [{065EBCE1-F313-4D42-AC3F-36DF9D8FA996}] => (Allow) C:\Windows\System32\lxcicoms.exe
FirewallRules: [{75B10467-2B6B-4227-AB89-3B693572B945}] => (Allow) C:\Windows\System32\lxcicoms.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2015 10:33:33 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 10:33:33 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 10:33:33 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 10:33:33 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 10:33:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 10:33:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 10:33:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 10:33:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=13, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 09:53:48 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=23678, vendorId=0, vendorType=0

Error: (07/24/2015 09:53:48 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=23678, vendorId=0, vendorType=0

System errors:
=============
Error: (07/24/2015 10:34:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/24/2015 10:34:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/24/2015 10:33:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxebCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (07/24/2015 10:33:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.

Error: (07/24/2015 10:31:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.201.2284.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.2.0223.00

 Source Path: 4.2.0223.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/24/2015 10:31:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3C95361A-DF8A-49D0-828A-1308E56E52EB}

Error: (07/24/2015 10:31:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/24/2015 09:55:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/24/2015 09:55:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/24/2015 09:54:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxebCATSCustConnectService service failed to start due to the following error:
%%1053

Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of memory in use: 91%
Total physical RAM: 2046.12 MB
Available physical RAM: 181.75 MB
Total Virtual: 4092.24 MB
Available Virtual: 1446.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:10.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 9C8259A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End of log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 25 July 2015 - 07:12 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [231424 2015-07-20] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841} [not found]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
AlternateDataStreams: C:\ProgramData\TEMP:612B5BD9

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#7 Ylon

Ylon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 29 July 2015 - 04:39 AM

Dear Nasdaq,

 

     Thanks for your patience and sorry for the delay. I followed your instructions and the fixlog is below. Also, Chrome was removed from my computer on a previous post. I don't know why its giving us an "attention alert." Thanks for your help and let me know if I need to do anything else and I'll let you know if I experience any further issues.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by user at 2015-07-29 04:17:05 Run:3
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & whathefk)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Google: Policy restriction <=======
ATTENTION
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [231424 2015-07-20] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841} [not found]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
AlternateDataStreams: C:\ProgramData\TEMP:612B5BD9

End

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3282449068-2354428585-3331247383-1000\SOFTWARE\Policies\Google" => key removed successfully.
ATTENTION => Error: No automatic fix found for this entry.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrv21wc5.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841} => not found.
gupdatem => service removed successfully.
C:\ProgramData\TEMP => ":612B5BD9" ADS removed successfully..
EmptyTemp: => 384.7 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 04:21:12 ====



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 29 July 2015 - 08:13 AM

If you are referring to this remark
ATTENTION => Error: No automatic fix found for this entry.

I suspect that the format of the fix is the cause.

The line with just ATTENTION is the culprit.
Nothing to worry about.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 04 August 2015 - 08:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users