Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help on my computer...


  • This topic is locked This topic is locked
4 replies to this topic

#1 doti

doti

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 15 March 2016 - 02:32 AM

First of all Thank you so much for the wonderful people helping us with our virus problems. You guys are the best!

 

This laptop which I used for work was then infected with many 3rd party applications, mostly are unwanted and I did remove everything with the add or remove programs of windows 7 and some malware removals and believed that it was clean. That was about 6 months ago, I then learned recently about BC while cleaning my new laptop and I wanted to make sure this work laptop is also clean of unwanted programs and probably infection. 

 

Below is the FRST.txt copied and Addition.txt attached;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Lenovo (administrator) on LENOVO-G480 (15-03-2016 15:05:50)
Running from C:\Users\Lenovo\Desktop\FRST
Loaded Profiles: Lenovo (Available Profiles: Lenovo & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Input Director\IDWinService.exe
() C:\Program Files\Input Director\InputDirectorSessionHelper.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TechSmith Corporation) C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LAN Messenger) C:\Program Files\LAN Messenger\lmc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Imperative Software Pty Ltd) C:\Program Files\Input Director\InputDirector.exe
() C:\Program Files\Input Director\IDVistaService.exe
(Imperative Software Pty Ltd) C:\Program Files\Input Director\InputDirectorClipboardHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_71\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_71\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_71\bin\jp2launcher.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25122080 2016-02-17] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_71\bin\jusched.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\Run: [LAN Messenger] => C:\Program Files\LAN Messenger\lmc.exe [1721344 2012-07-25] (LAN Messenger)
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\Run: [Messenger] => C:\Program Files\Messenger for Desktop\Messenger.exe [47730823 2015-06-14] ()
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\Run: [InputDirector] => C:\Program Files\Input Director\InputDirector.exe [593920 2012-09-27] (Imperative Software Pty Ltd)
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\Run: [Google Update] => C:\Users\Lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-11] (Google Inc.)
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {0a3e9cae-5397-11e4-b60d-3c970e22226e} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {20c457b3-923b-11e2-bba0-08edb9a74cdc} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {4177da74-9e03-11e2-8fe1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {4177dab3-9e03-11e2-8fe1-08edb9a74cdc} - G:\AutoRun.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {4177db3c-9e03-11e2-8fe1-08edb9a74cdc} - G:\AutoRun.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {641e1124-60a8-11e2-9129-c49cd7031de3} - H:\Autorun.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {91289c1f-b15c-11e2-baf2-08edb9a74cdc} - G:\Startme.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {b0000d6b-c42a-11e2-9a31-08edb9a74cdc} - H:\AutoRun.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {b88c947e-712b-11e3-ac35-3c970e22226e} - F:\AutoRun.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {b8ee406c-7422-11e5-bba3-3c970e22226e} - F:\Start_Here.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {c0fea718-3b9f-11e3-afb0-3c970e22226e} - F:\AutoRun.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {caef440f-b478-11e3-8fc5-3c970e22226e} - F:\AutoRun.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {cd924970-3493-11e3-a824-3c970e22226e} - F:\Startme.exe
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\...\MountPoints2: {dc1216a3-71e1-11e3-ac3d-3c970e22226e} - F:\AutoRun.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2916374465-1908176996-1192237846-1000] => proxy7.upd.edu.ph:8080
AutoConfigURL: [S-1-5-21-2916374465-1908176996-1192237846-1000] => proxy7.upd.edu.ph:8080
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 124.106.6.37 124.106.4.37
Tcpip\..\Interfaces\{4C34DEA2-BD99-497D-A1C2-07B900D85BB3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{57495776-DEBC-40DD-A015-5B18E211AD4E}: [DhcpNameServer] 124.106.6.37 124.106.4.37
Tcpip\..\Interfaces\{90A8E6EF-EE3E-4578-AD97-044B1F7347BB}: [DhcpNameServer] 124.106.6.37 124.106.4.37
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130963446467477751&GUID=255A921F-35CF-4BC6-8FC4-A65B05B49398
HKU\S-1-5-21-2916374465-1908176996-1192237846-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2916374465-1908176996-1192237846-1000 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2916374465-1908176996-1192237846-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-22] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_71-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_71-windows-i586.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\7so8njxi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_71\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-22] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2916374465-1908176996-1192237846-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2916374465-1908176996-1192237846-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2916374465-1908176996-1192237846-1000: @talk.google.com/O1DPlugin -> C:\Users\Lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2916374465-1908176996-1192237846-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2916374465-1908176996-1192237846-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-31] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.ask.com/?l=dis&o=APN10375cr&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^PH&tpid=SGT-SAT&apn_dbr=cr_21.0.1180.89&apn_uid=9523CA73-5044-4DA5-8656-7D792A39C44B&itbv=2.0.0.2131&doi=2012-09-11
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Postman) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-03-30] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-10] (Dropbox, Inc.)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-08-23] (SEIKO EPSON CORPORATION)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R3 IDVistaService; C:\Program Files\Input Director\IDVistaService.exe [13824 2010-07-21] () [File not signed]
R2 InputDirector; C:\Program Files\Input Director\IDWinService.exe [36864 2012-09-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [11053568 2015-07-15] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [49152 2011-08-27] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [69632 2011-08-27] (Oracle Corporation) [File not signed]
S3 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [115773440 2011-08-27] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [12800 2011-08-27] (Oracle Corporation) [File not signed]
S2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [512000 2011-08-27] (Oracle Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 TechSmith Uploader Service; C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 BrlAPI; C:\Users\Kuya Die\bin\cygrunsrv.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [24672 2011-12-15] (Lenovo Corporation)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [61528 2012-04-20] (Alcor Micro, Corp.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [168488 2012-03-20] (Broadcom Corporation.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 vm332avs; C:\Windows\System32\Drivers\vm332avs.sys [930000 2011-12-15] (Vimicro Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKsleaef51b7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0AD48FE-192E-4BA6-A685-00DFB425746B}\MpKsleaef51b7.sys [X]
S3 PTSimBus; system32\DRIVERS\PTSimBus.sys [X]
S3 PTSimHid; system32\DRIVERS\PTSimHid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-15 15:05 - 2016-03-15 15:05 - 00000000 ____D C:\Users\Lenovo\Desktop\FRST
2016-03-15 15:05 - 2016-03-15 15:05 - 00000000 ____D C:\FRST
2016-03-15 14:04 - 2016-03-15 14:04 - 00000256 _____ C:\Users\Lenovo\Downloads\Auto_disable_touchpad_HKCU.reg
2016-03-15 14:04 - 2016-03-15 14:04 - 00000254 _____ C:\Users\Lenovo\Downloads\Auto_disable_touchpad_HKLM.reg
2016-03-15 14:03 - 2016-03-15 14:03 - 00000256 _____ C:\Users\Lenovo\Downloads\Auto_disable_touchpad_HKCU.txt
2016-03-15 14:03 - 2016-03-15 14:03 - 00000254 _____ C:\Users\Lenovo\Downloads\Auto_disable_touchpad_HKLM.txt
2016-03-15 13:36 - 2016-03-15 13:36 - 00297002 _____ C:\Users\Lenovo\Downloads\URR.pdf
2016-03-15 13:15 - 2016-03-15 13:15 - 00297002 _____ C:\Users\Lenovo\Downloads\URR
2016-03-14 16:14 - 2014-12-03 13:53 - 00011052 _____ C:\Users\Lenovo\Desktop\FinishWorkflowTask.class
2016-03-11 15:41 - 2014-12-03 13:52 - 00017363 _____ C:\Users\Lenovo\Desktop\VDMTreeGrid.class
2016-03-11 15:21 - 2016-03-11 15:21 - 00021294 _____ C:\Users\Lenovo\Downloads\DocbaseQueryService (1).java
2016-03-11 15:18 - 2016-03-11 18:01 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-11 15:02 - 2016-03-11 15:17 - 10457272 _____ (SurfRight B.V.) C:\Users\Lenovo\Downloads\HitmanPro.exe
2016-03-11 14:21 - 2016-03-11 14:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-11 13:51 - 2016-03-11 14:11 - 22908888 _____ (Malwarebytes ) C:\Users\Lenovo\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-11 11:18 - 2016-03-11 11:26 - 05943296 _____ (Malwarebytes ) C:\Users\Lenovo\Downloads\Unconfirmed 541892.crdownload
2016-03-11 11:09 - 2016-03-11 18:01 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-11 10:56 - 2016-03-11 10:57 - 01524224 _____ C:\Users\Lenovo\Downloads\adwcleaner_5.101.exe
2016-03-10 17:43 - 2014-12-03 13:53 - 00018734 _____ C:\Users\Lenovo\Desktop\VDMView.class
2016-03-10 16:13 - 2016-03-10 15:50 - 00297002 _____ C:\Users\Lenovo\Desktop\URR.pdf
2016-03-10 14:13 - 2016-03-10 14:13 - 00000000 ____D C:\Program Files\Apple Software Update
2016-03-09 18:03 - 2016-02-09 14:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 18:03 - 2016-02-09 05:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 18:03 - 2016-02-09 04:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 18:03 - 2016-02-09 04:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 18:03 - 2016-02-09 04:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 18:03 - 2016-02-09 04:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 18:03 - 2016-02-09 04:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 18:03 - 2016-02-09 04:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 18:03 - 2016-02-09 04:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 18:03 - 2016-02-09 04:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 18:03 - 2016-02-09 04:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 18:03 - 2016-02-09 04:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 18:03 - 2016-02-09 04:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 18:03 - 2016-02-09 04:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 18:03 - 2016-02-09 04:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 18:03 - 2016-02-09 04:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 18:03 - 2016-02-09 04:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 18:03 - 2016-02-09 04:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 18:03 - 2016-02-09 04:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 18:03 - 2016-02-09 04:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 18:03 - 2016-02-09 04:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 18:03 - 2016-02-09 04:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 18:03 - 2016-02-09 04:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 18:03 - 2016-02-09 04:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 18:03 - 2016-02-09 04:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 18:03 - 2016-02-09 04:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 18:03 - 2016-02-09 04:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 18:03 - 2016-02-09 04:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 18:03 - 2016-02-09 04:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 18:03 - 2016-02-09 04:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 18:03 - 2016-02-09 04:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 18:03 - 2016-02-09 03:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 18:03 - 2016-02-09 03:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 18:03 - 2016-02-09 03:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 18:02 - 2016-02-09 04:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 17:56 - 2016-02-13 02:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 17:56 - 2016-02-13 02:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 17:56 - 2016-02-13 02:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 17:56 - 2016-02-13 02:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 17:56 - 2016-02-13 02:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 17:56 - 2016-02-13 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 17:56 - 2016-02-13 02:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 17:56 - 2016-02-13 02:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 17:56 - 2016-02-13 02:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 17:56 - 2016-02-13 02:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 17:56 - 2016-02-13 02:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 17:56 - 2016-02-12 02:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-09 17:56 - 2016-02-12 02:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 17:56 - 2016-02-12 02:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 17:56 - 2016-02-12 02:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 17:56 - 2016-02-12 02:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 17:56 - 2016-02-12 02:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 17:56 - 2016-02-12 02:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 17:56 - 2016-02-12 02:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 17:56 - 2016-02-12 02:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 17:56 - 2016-02-12 02:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 17:56 - 2016-02-12 02:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 17:56 - 2016-02-12 02:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 17:56 - 2016-02-12 02:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 17:56 - 2016-02-12 02:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 17:56 - 2016-02-12 02:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 17:56 - 2016-02-12 02:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 17:56 - 2016-02-12 02:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 17:56 - 2016-02-12 02:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 17:56 - 2016-02-12 02:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 17:56 - 2016-02-12 02:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 17:56 - 2016-02-12 02:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 17:56 - 2016-02-12 02:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 17:56 - 2016-02-12 02:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 17:56 - 2016-02-12 02:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 17:56 - 2016-02-12 01:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 17:56 - 2016-02-12 01:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 17:56 - 2016-02-12 01:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 17:56 - 2016-02-12 01:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 17:56 - 2016-02-12 01:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 17:56 - 2016-02-12 01:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 17:56 - 2016-02-12 01:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 17:56 - 2016-02-12 01:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 17:56 - 2016-02-12 01:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 17:56 - 2016-02-09 17:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 17:56 - 2016-02-05 02:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 17:56 - 2016-02-05 01:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 17:56 - 2016-02-04 02:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 17:56 - 2016-02-04 02:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-09 17:56 - 2016-02-04 02:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 17:56 - 2016-02-04 01:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 17:47 - 2016-02-06 02:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 17:47 - 2016-02-06 02:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 17:47 - 2016-02-06 02:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 17:47 - 2016-02-06 01:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 17:47 - 2016-02-06 01:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 17:42 - 2016-02-09 17:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 17:42 - 2016-02-09 17:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 17:42 - 2016-02-09 17:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 17:42 - 2016-02-09 17:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 17:42 - 2016-02-09 17:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-04 10:57 - 2016-03-04 10:57 - 00022344 _____ C:\Users\Lenovo\Downloads\List-of-Scenarios.xlsx
2016-03-03 17:39 - 2014-12-03 13:53 - 00031721 _____ C:\Users\Lenovo\Desktop\TaskAttachment.class
2016-03-03 14:57 - 2016-03-03 14:57 - 00006231 _____ C:\Users\Lenovo\Desktop\new 11.txt
2016-03-03 13:58 - 2016-03-03 13:58 - 00000846 _____ C:\Users\Lenovo\Desktop\Creating custom User.txt
2016-02-29 10:52 - 2016-02-29 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Input Director
2016-02-29 10:52 - 2016-02-29 10:52 - 00000000 ____D C:\Program Files\Input Director
2016-02-29 10:34 - 2016-02-29 10:35 - 03187120 _____ (Bartels Media GmbH ) C:\Users\Lenovo\Downloads\ShareMouseSetup.exe
2016-02-26 12:08 - 2016-03-15 14:10 - 00000000 ___RD C:\Users\Lenovo\Dropbox
2016-02-24 14:02 - 2016-02-24 11:51 - 00205465 _____ C:\Users\Lenovo\Documents\Mapping of application vs certificatev5.xlsx
2016-02-24 10:37 - 2016-02-24 10:41 - 03028534 _____ C:\Users\Lenovo\Downloads\InputDirector.v1.3.zip
2016-02-23 19:06 - 2016-02-23 19:08 - 00803360 ____R C:\Users\Lenovo\Downloads\World of Warcraft - (2006) Rise of the Horde - Christie Golden.pdf
2016-02-23 19:05 - 2016-02-23 19:05 - 00001764 _____ C:\Users\Lenovo\Downloads\[kat.cr]world.of.warcraft.2006.rise.of.the.horde.christie.golden.pdf.torrent
2016-02-23 18:26 - 2016-02-23 18:26 - 00036094 _____ C:\Users\Lenovo\Downloads\[kat.cr]microsoft.office.professional.plus.2013.64.bit.with.activator.exe.01qlt.torrent
2016-02-23 16:48 - 2015-12-16 17:52 - 15301367 _____ C:\Users\Lenovo\Desktop\dfc.jar
2016-02-22 16:25 - 2016-02-22 16:25 - 00000000 ____D C:\Windows\Sun
2016-02-22 16:02 - 2016-02-22 16:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Sun
2016-02-22 16:02 - 2016-02-22 16:02 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\Sun
2016-02-22 16:02 - 2016-02-22 16:02 - 00000000 ____D C:\Users\Guest\.oracle_jre_usage
2016-02-22 15:44 - 2016-02-22 15:44 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\Adobe
2016-02-22 15:40 - 2016-02-22 15:40 - 00000000 ____D C:\Users\Guest\AppData\Local\TSVNCache
2016-02-22 15:39 - 2016-02-22 16:00 - 00002161 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2016-02-22 15:39 - 2016-02-22 15:44 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2016-02-22 15:39 - 2016-02-22 15:39 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Subversion
2016-02-22 15:39 - 2016-02-22 15:39 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2016-02-22 15:39 - 2016-02-22 15:39 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-02-22 15:39 - 2016-02-22 15:39 - 00000000 ____D C:\Users\Guest\AppData\Local\Dropbox
2016-02-22 15:38 - 2016-02-22 16:02 - 00000000 ____D C:\Users\Guest
2016-02-22 15:38 - 2016-02-22 15:44 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-02-22 15:38 - 2016-02-22 15:38 - 00001373 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-22 15:38 - 2016-02-22 15:38 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2016-02-22 15:38 - 2016-02-22 15:38 - 00000000 _SHDL C:\Users\Guest\My Documents
2016-02-22 15:38 - 2016-02-22 15:38 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2016-02-22 15:38 - 2016-02-22 15:38 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2016-02-22 15:38 - 2016-02-22 15:38 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2016-02-22 15:38 - 2013-01-21 21:23 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
2016-02-22 15:38 - 2010-11-21 08:47 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2016-02-19 14:55 - 2016-02-19 14:56 - 00150558 _____ C:\Users\Lenovo\Downloads\Client Incident Crisis Report Form-3_Pauls.pdf
2016-02-17 14:35 - 2016-02-19 09:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-17 13:09 - 2016-02-17 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-16 13:44 - 2016-02-16 13:44 - 00034816 _____ C:\Users\Lenovo\Downloads\Macapanas, Dodie (7).xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-15 15:05 - 2015-08-30 01:47 - 00007604 _____ C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg
2016-03-15 14:56 - 2013-02-22 20:51 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2916374465-1908176996-1192237846-1000UA.job
2016-03-15 14:48 - 2015-10-14 18:12 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 14:45 - 2013-01-17 21:56 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2916374465-1908176996-1192237846-1000UA.job
2016-03-15 14:27 - 2016-01-27 13:18 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Messenger
2016-03-15 14:17 - 2015-12-10 12:12 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-15 14:17 - 2013-01-20 08:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-15 14:16 - 2009-07-14 12:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-15 14:16 - 2009-07-14 12:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-15 14:10 - 2015-12-10 12:12 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Dropbox
2016-03-15 14:09 - 2016-01-27 13:18 - 00001086 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2016-03-15 14:07 - 2013-04-11 21:00 - 00000000 ____D C:\Users\Lenovo\AppData\Local\HTC MediaHub
2016-03-15 14:06 - 2015-12-10 12:12 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-15 14:06 - 2015-10-14 18:12 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 14:06 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-15 13:41 - 2015-09-08 16:47 - 00002062 ____H C:\Users\Lenovo\Documents\Default.rdp
2016-03-15 11:17 - 2015-09-18 18:33 - 00000000 ____D C:\Users\Lenovo\Documents\Received Files
2016-03-15 11:01 - 2015-10-14 18:15 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 10:31 - 2015-09-01 15:57 - 00000000 ____D C:\Users\Lenovo\AppData\Local\TSVNCache
2016-03-14 18:41 - 2015-09-21 18:36 - 00000000 ____D C:\Users\Lenovo\Documents\Outlook Files
2016-03-14 15:45 - 2013-01-17 21:56 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2916374465-1908176996-1192237846-1000Core.job
2016-03-14 14:41 - 2015-09-30 15:33 - 00000000 ____D C:\Users\Lenovo\Documentum
2016-03-14 12:54 - 2015-10-05 17:21 - 00000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2016-03-11 17:34 - 2013-01-17 21:31 - 00002127 _____ C:\Windows\epplauncher.mif
2016-03-11 15:52 - 2013-01-17 21:37 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Mozilla
2016-03-11 14:54 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Web
2016-03-11 14:30 - 2013-01-20 08:41 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-11 14:30 - 2013-01-17 21:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-11 13:52 - 2015-08-22 18:54 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Eclipse
2016-03-11 13:52 - 2015-08-22 18:54 - 00000000 ____D C:\Users\Lenovo\.p2
2016-03-11 13:51 - 2015-08-22 18:50 - 00000000 ____D C:\Users\Lenovo\Desktop\eclipse
2016-03-11 10:58 - 2015-10-31 19:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 16:43 - 2016-01-06 11:32 - 00059194 _____ C:\Users\Lenovo\Desktop\VDMList.class
2016-03-10 16:16 - 2014-05-02 02:19 - 01801216 ___SH C:\Users\Lenovo\Desktop\Thumbs.db
2016-03-10 14:13 - 2013-04-30 23:24 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-10 12:41 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\rescache
2016-03-10 10:13 - 2010-11-21 05:01 - 00790722 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-10 10:13 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2016-03-10 10:06 - 2009-07-14 12:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-10 10:05 - 2015-08-23 09:55 - 02362464 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 19:22 - 2014-03-29 08:51 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 19:14 - 2014-03-29 08:51 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-08 10:39 - 2013-02-22 20:51 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2916374465-1908176996-1192237846-1000Core.job
2016-02-26 12:08 - 2013-01-17 20:52 - 00000000 ____D C:\Users\Lenovo
2016-02-26 12:05 - 2015-12-10 13:19 - 00000000 ___RD C:\Users\Lenovo\Dropbox (Old (1))
2016-02-24 18:14 - 2013-01-17 21:53 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-24 18:14 - 2013-01-17 21:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-24 17:16 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-24 12:43 - 2015-09-09 17:03 - 00000000 ____D C:\Users\Lenovo\Desktop\Installers
2016-02-23 19:19 - 2015-10-07 12:00 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Battle.net
2016-02-23 19:12 - 2013-01-21 22:34 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\uTorrent
2016-02-23 18:45 - 2015-10-07 12:00 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Battle.net
2016-02-23 18:45 - 2015-10-07 11:55 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-23 18:35 - 2015-11-07 11:51 - 00000000 ____D C:\Program Files\World of Warcraft
2016-02-23 18:29 - 2015-10-07 11:53 - 00000000 ____D C:\Program Files\Battle.net
2016-02-23 14:09 - 2013-02-10 16:12 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-19 09:54 - 2015-08-28 22:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-17 13:09 - 2015-12-10 12:12 - 00000000 ____D C:\Program Files\Dropbox
2016-02-15 13:11 - 2015-09-24 11:48 - 00000831 _____ C:\Users\Lenovo\Documents\DQL_favorite.txt
 
==================== Files in the root of some directories =======
 
2013-01-17 21:26 - 2012-12-09 20:27 - 50841162 _____ () C:\Program Files\Adobe Photoshop CS3.exe
2015-05-18 10:50 - 2015-08-21 18:20 - 0000024 _____ () C:\Users\Lenovo\AppData\Roaming\appdataFr25.bin
2015-02-02 00:05 - 2015-05-18 10:13 - 0000020 _____ () C:\Users\Lenovo\AppData\Roaming\appdataFr3.bin
2013-01-22 00:27 - 2014-10-20 11:22 - 0006656 _____ () C:\Users\Lenovo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-30 01:47 - 2016-03-15 15:05 - 0007604 _____ () C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Lenovo\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Lenovo\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Lenovo\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Lenovo\AppData\Local\Temp\npp.6.8.8.Installer.exe
C:\Users\Lenovo\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\Lenovo\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-09 12:24
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 15 March 2016 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

For you added security I suggest you update these security programs.

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



Windows Firewall is disabled.
Turn System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===

If you do not use this programs you can remove it via the Control Panel > Programs and Features applet.
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_71\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.ask.com/?l=dis&o=APN10375cr&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^PH&tpid=SGT-SAT&apn_dbr=cr_21.0.1180.89&apn_uid=9523CA73-5044-4DA5-8656-7D792A39C44B&itbv=2.0.0.2131&doi=2012-09-11
S3 BrlAPI; C:\Users\Kuya Die\bin\cygrunsrv.exe [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKsleaef51b7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0AD48FE-192E-4BA6-A685-00DFB425746B}\MpKsleaef51b7.sys [X]
S3 PTSimBus; system32\DRIVERS\PTSimBus.sys [X]
S3 PTSimHid; system32\DRIVERS\PTSimHid.sys [X]
AlternateDataStreams: C:\Users\Lenovo\Desktop\Forms Certificates and Checklists_lsroman.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Lenovo\Documents\Mapping of application vs certificatev5.xlsx:com.dropbox.attributes [168]
CustomCLSID: HKU\S-1-5-21-2916374465-1908176996-1192237846-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lenovo\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
Task: {77C723F6-7646-4601-8255-00902AB8D24F} - \AutoKMS -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


Remove these old version(s) of Java via the Control Panel > Programs and Features applet if not needed for development purposes.
Java 8 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Java™ SE Development Kit 6 Update 27 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160270}) (Version: 1.6.0.270 - Oracle)

Any other issues with this computer?

#3 doti

doti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 17 March 2016 - 02:09 AM

Hello again Mr Nasdaq!

 

Thanks you so much for helping me. I have followed all your instruction except updating my Windows Security Essentials(would rather leave it turned off since it takes lots of my RAM). Also, I can't uninstall previous java versions because of developing purposes.

 

This is the FRST fixlog.

 

Thank you again!

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 17 March 2016 - 07:08 AM

Thanks you so much for helping me. I have followed all your instruction except updating my Windows Security Essentials(would rather leave it turned off since it takes lots of my RAM).

You would rather be infected then run some security program?


To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

Let me know what problem persists with this computer?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 22 March 2016 - 07:09 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users