1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Dell XPS 400 Win7 browsers problem

Discussion in 'Malware Removal Help' started by mikehende, Jul 17, 2014.

  1. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    This Dell Desktop XPS 400 running windows 7 had problems with FF crashing and IE not working right, I ran the regular Mbam, SAS which found a lot of items and cleaned them but still same deal with the browsers, I then tried rkill, tds killer and JRT, JRT found a "bad module", when restarted same deal with the browsers, help please?
     
  2. allheart55 (Cindy E)

    allheart55 (Cindy E) Administrator Administrator

    Joined:
    Jun 11, 2009
    Messages:
    10,495
    Location:
    Pennsylvania
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    ASUS M4A77TD AM3 AMD 770 ATX AMD
    CPU:
    AMD Phenom II X6 1090T-Thuban 3.2GHz
    Memory:
    Crucial-DDR3 SDRAM 1333-8GB
    Hard Drive:
    WD Caviar Black SE HDD 640 GB - WD Caviar Black SE HDD 500 GB
    Graphics Card:
    Sapphire Radeon HD-7870 2GB
    Power Supply:
    CORSAIR CMPSU-750W
  3. Rich M

    Rich M Guest

    Joined:
    Dec 24, 2013
    Messages:
    4,580
    Location:
    NE Pa USA
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    MSI Z97 PC Mate LGA 1150 Intel Z97
    CPU:
    Intel i7 4790K 4.0Ghz
    Memory:
    Corsair Vengeance 16GB (2x8GB) DDR3 2133
    Hard Drive:
    Crucial 256 Gb SSD+ WD Raptor 300 Gb Sata III
    Graphics Card:
    Radeon R9 280 2GB HDMI
    Power Supply:
    Seasonic 750 watt
    Yeah I think you have gone as far as you can though I would have used something and its time for the Pros to jump in Mike.
     
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Mike,

    Instead of running Otl, please run FRST.

    Note:
    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    If you are unsure what you're system bit type is..... click Here for help.

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.



    Also, you say that MBAM found some things and removed them.....
    Please post that log as well:

    Restart MBAM
    • Click on the History tab >> Application Logs.
    • Double click on the scan log which shows the Date and time of the scan that showed the infections.

      9a6e580fff9c8571a5ca63282bd36ecd.png
    • Click 'Copy to Clipboard'

      659074db5778e497b12fcc667ed9d26a.png
    • Paste the contents of the clipboard into your reply.


    In your next reply, please submit:
    Both reports from FRST
    Mbam report showing the removed items.


    Thanks.
     
  5. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    Hey Pete, how's it going? When I try to copy and paste or save the Mbam logs, the software shuts down. Please see the next 2 posts for the FRST logs, thanks.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
    Ran by user (administrator) on USER-PC on 18-07-2014 07:40:37
    Running from C:\Users\user\Desktop
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.117.0\BBSvc.EXE
    (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (OpenDownloadManager.com) C:\Program Files\OpenDownloaderManager\ODM.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Farbar) C:\Users\user\Desktop\FRST32.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-19] (RealNetworks, Inc.)
    HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-08-12] (Microsoft Corporation)
    HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
    HKU\S-1-5-21-1140888121-1349566269-504757958-1000\...\Run: [Open Download Manager] => C:\Program Files\OpenDownloaderManager\odm.exe [6369280 2013-02-20] (OpenDownloadManager.com)
    HKU\S-1-5-21-1140888121-1349566269-504757958-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
    HKU\S-1-5-21-1140888121-1349566269-504757958-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-1140888121-1349566269-504757958-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1007\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1006\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1001\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x95F2BBF49A96CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aol.com/?mtmhp=txtlnkusaolp00000406
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend Micro Inc.)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default
    FF SearchEngineOrder.1: Ask Search
    FF Homepage: hxxp://www.aol.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: Tube Dimmer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default\Extensions\support@tubedimmerapp.com [2013-11-19]
    FF Extension: Adblock Plus Pop-up Addon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-22]
    FF Extension: Ask Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi [2013-08-05]
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-19]
    FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension
    FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [2014-07-17]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-07-17]
    FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-07-17]

    Chrome:
    =======
    CHR HomePage:
    CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-02]
    CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-02]
    CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-02]
    CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-02]
    CHR Extension: (RealDownloader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-02]
    CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-02]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
    R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]

    ==================== Drivers (Whitelisted) ====================

    R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [103416 2013-12-03] (Trend Micro Inc.)
    R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [290376 2013-12-03] (Trend Micro Inc.)
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
    R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
    R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83864 2013-12-03] (Trend Micro Inc.)
    R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
    R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
    R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
    U2 TMAgent;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-18 07:40 - 2014-07-18 07:41 - 00016841 _____ () C:\Users\user\Desktop\FRST.txt
    2014-07-18 07:40 - 2014-07-18 07:40 - 00000000 ____D () C:\FRST
    2014-07-18 07:39 - 2014-07-18 07:37 - 01077248 _____ (Farbar) C:\Users\user\Desktop\FRST32.exe
    2014-07-17 18:16 - 2014-07-17 18:17 - 00000933 _____ () C:\Users\user\Desktop\JRT.txt
    2014-07-17 17:55 - 2014-07-17 17:55 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-17 17:51 - 2014-07-17 17:53 - 00002040 _____ () C:\Users\user\Desktop\Rkill.txt
    2014-07-17 17:25 - 2014-07-17 17:57 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a7e9aa52-1597-431e-adb2-0b01e569b77e.job
    2014-07-17 17:25 - 2014-07-17 17:57 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 02fcb253-c5da-4c9b-a01a-5fd884ecb620.job
    2014-07-17 17:25 - 2014-07-17 17:25 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-07-17 17:25 - 2014-07-17 17:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
    2014-07-17 17:24 - 2014-07-17 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-07-17 17:24 - 2014-07-17 17:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-17 17:24 - 2014-07-17 17:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-07-17 16:27 - 2014-07-17 16:34 - 00000000 ____D () C:\AdwCleaner
    2014-07-17 16:00 - 2014-07-18 07:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-17 16:00 - 2014-07-17 16:00 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-17 16:00 - 2014-07-17 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-17 15:59 - 2014-07-17 16:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-07-17 15:59 - 2014-07-17 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-17 15:59 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-07-17 15:59 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-07-17 15:59 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-07-17 15:46 - 2014-07-17 15:46 - 00001369 _____ () C:\Users\Frances\Desktop\Trend Micro Titanium Maximum Security.lnk
    2014-07-17 15:46 - 2014-07-17 15:46 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
    2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-07-17 15:19 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2014-07-17 15:19 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-07-17 15:19 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-07-17 15:19 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-07-17 14:56 - 2014-07-17 14:56 - 00000000 ___HD () C:\TMRescueDisk
    2014-07-17 14:54 - 2014-07-17 14:54 - 00001441 _____ () C:\Users\user\Desktop\Trend Micro Titanium Maximum Security.lnk
    2014-07-17 14:54 - 2014-07-17 14:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
    2014-07-17 14:52 - 2013-06-13 02:35 - 00085280 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
    2014-07-17 14:52 - 2013-05-22 11:37 - 00282272 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
    2014-07-17 14:52 - 2012-05-02 15:27 - 00092304 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys
    2014-07-17 14:51 - 2013-12-03 04:56 - 00290376 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
    2014-07-17 14:51 - 2013-12-03 04:56 - 00103416 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
    2014-07-17 14:51 - 2013-12-03 04:56 - 00083864 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
    2014-07-17 14:51 - 2013-07-01 09:08 - 00040736 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC32.sys
    2014-07-17 14:49 - 2014-07-17 14:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-07-17 14:49 - 2014-07-17 14:49 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
    2014-07-17 14:48 - 2014-07-17 17:40 - 00000000 ____D () C:\ProgramData\Trend Micro
    2014-07-17 14:48 - 2014-07-17 14:49 - 00000000 ____D () C:\Program Files\Trend Micro
    2014-07-17 14:47 - 2014-07-17 14:47 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
    2014-07-17 14:45 - 2014-07-17 14:45 - 00000000 ____D () C:\ProgramData\Symantec
    2014-07-17 14:37 - 2014-07-17 14:37 - 00869456 _____ () C:\Users\user\Downloads\Norton_Removal_Tool.exe
    2014-07-17 14:21 - 2014-07-17 14:21 - 00000000 ____D () C:\Users\user\AppData\Local\Trend Micro
    2014-07-17 14:19 - 2014-07-17 14:20 - 85411392 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
    2014-07-17 14:19 - 2014-07-17 14:19 - 06631120 _____ (Trend Micro Inc.) C:\Users\user\Downloads\TrendMicro_TTi_7.0_TMAX_Downloader.exe
    2014-07-09 13:33 - 2014-07-09 13:33 - 00275568 _____ (Mozilla Corporation) C:\Users\Xiomara\Downloads\firefox.exe
    2014-07-09 09:49 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-09 09:49 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-09 09:49 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-09 09:49 - 2014-06-18 19:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-09 09:49 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-09 09:49 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-09 09:49 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-09 09:49 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-09 09:49 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-09 09:49 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-09 09:49 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-09 09:49 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-09 09:49 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-09 09:49 - 2014-06-18 19:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-09 09:49 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-09 09:49 - 2014-06-18 19:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-09 09:49 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-09 09:49 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-09 09:49 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-09 09:49 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-09 09:49 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-09 09:49 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-09 09:49 - 2014-06-18 18:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-09 09:49 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-09 09:49 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-09 09:49 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-09 09:49 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-09 09:49 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-09 09:49 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-09 09:49 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-09 09:49 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-09 09:49 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-09 09:49 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-09 09:49 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-09 09:49 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-05 15:48 - 2014-07-05 15:48 - 00374427 _____ () C:\Users\Frances\Downloads\dubstep408 on Instagram.htm
    2014-07-05 15:47 - 2014-07-05 15:48 - 00000000 ____D () C:\Users\Frances\Downloads\dubstep408 on Instagram_files
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Xiomara\AppData\Local\AskPartnerNetwork
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Leah\AppData\Local\AskPartnerNetwork
    2014-06-19 21:08 - 2014-06-19 21:08 - 01058200 _____ (Adobe) C:\Users\Leah\Downloads\install_flashplayer14x32au_gtba_chra_dy_aaa_aih.exe

    ==================== One Month Modified Files and Folders =======

    2014-07-18 07:41 - 2014-07-18 07:40 - 00016841 _____ () C:\Users\user\Desktop\FRST.txt
    2014-07-18 07:40 - 2014-07-18 07:40 - 00000000 ____D () C:\FRST
    2014-07-18 07:40 - 2013-11-13 22:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Open Download Manager
    2014-07-18 07:37 - 2014-07-18 07:39 - 01077248 _____ (Farbar) C:\Users\user\Desktop\FRST32.exe
    2014-07-18 07:37 - 2013-08-11 14:10 - 02017924 _____ () C:\Windows\WindowsUpdate.log
    2014-07-18 07:35 - 2014-07-17 16:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-18 07:34 - 2013-08-11 12:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-18 07:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
    2014-07-18 07:31 - 2013-08-11 10:01 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-18 07:30 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-18 07:30 - 2009-07-14 00:39 - 00088948 _____ () C:\Windows\setupact.log
    2014-07-17 19:29 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
    2014-07-17 18:47 - 2013-08-11 10:01 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-17 18:17 - 2014-07-17 18:16 - 00000933 _____ () C:\Users\user\Desktop\JRT.txt
    2014-07-17 18:06 - 2009-07-14 00:34 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-17 18:06 - 2009-07-14 00:34 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-17 17:57 - 2014-07-17 17:25 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a7e9aa52-1597-431e-adb2-0b01e569b77e.job
    2014-07-17 17:57 - 2014-07-17 17:25 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 02fcb253-c5da-4c9b-a01a-5fd884ecb620.job
    2014-07-17 17:57 - 2013-08-11 10:37 - 00125014 _____ () C:\Windows\PFRO.log
    2014-07-17 17:55 - 2014-07-17 17:55 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-17 17:53 - 2014-07-17 17:51 - 00002040 _____ () C:\Users\user\Desktop\Rkill.txt
    2014-07-17 17:40 - 2014-07-17 14:48 - 00000000 ____D () C:\ProgramData\Trend Micro
    2014-07-17 17:25 - 2014-07-17 17:25 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-07-17 17:25 - 2014-07-17 17:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
    2014-07-17 17:25 - 2014-07-17 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-07-17 17:25 - 2014-07-17 17:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-17 17:24 - 2014-07-17 17:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-07-17 16:35 - 2013-11-19 12:05 - 00000000 ____D () C:\ProgramData\Updater
    2014-07-17 16:34 - 2014-07-17 16:27 - 00000000 ____D () C:\AdwCleaner
    2014-07-17 16:32 - 2013-08-11 10:01 - 00001244 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-17 16:32 - 2013-08-11 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-07-17 16:32 - 2013-08-11 10:00 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-07-17 16:32 - 2013-08-11 10:00 - 00001007 _____ () C:\Users\Public\Desktop\Firefox.lnk
    2014-07-17 16:32 - 2013-08-11 08:18 - 00001140 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-07-17 16:28 - 2013-11-19 12:06 - 00000000 ____D () C:\temp
    2014-07-17 16:28 - 2013-11-15 16:41 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\SearchProtect
    2014-07-17 16:28 - 2013-11-14 20:45 - 00000000 ____D () C:\Users\Leah\AppData\Roaming\SearchProtect
    2014-07-17 16:28 - 2013-11-14 07:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\SearchProtect
    2014-07-17 16:00 - 2014-07-17 16:00 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-17 16:00 - 2014-07-17 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-17 16:00 - 2014-07-17 15:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-07-17 16:00 - 2013-08-11 08:24 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-17 15:59 - 2014-07-17 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-17 15:46 - 2014-07-17 15:46 - 00001369 _____ () C:\Users\Frances\Desktop\Trend Micro Titanium Maximum Security.lnk
    2014-07-17 15:46 - 2014-07-17 15:46 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
    2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-07-17 15:19 - 2013-09-19 16:26 - 00000000 ____D () C:\Program Files\Java
    2014-07-17 15:19 - 2013-09-19 16:19 - 00000000 ____D () C:\ProgramData\Oracle
    2014-07-17 14:56 - 2014-07-17 14:56 - 00000000 ___HD () C:\TMRescueDisk
    2014-07-17 14:54 - 2014-07-17 14:54 - 00001441 _____ () C:\Users\user\Desktop\Trend Micro Titanium Maximum Security.lnk
    2014-07-17 14:54 - 2014-07-17 14:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
    2014-07-17 14:49 - 2014-07-17 14:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-07-17 14:49 - 2014-07-17 14:49 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
    2014-07-17 14:49 - 2014-07-17 14:48 - 00000000 ____D () C:\Program Files\Trend Micro
    2014-07-17 14:47 - 2014-07-17 14:47 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
    2014-07-17 14:45 - 2014-07-17 14:45 - 00000000 ____D () C:\ProgramData\Symantec
    2014-07-17 14:37 - 2014-07-17 14:37 - 00869456 _____ () C:\Users\user\Downloads\Norton_Removal_Tool.exe
    2014-07-17 14:21 - 2014-07-17 14:21 - 00000000 ____D () C:\Users\user\AppData\Local\Trend Micro
    2014-07-17 14:20 - 2014-07-17 14:19 - 85411392 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
    2014-07-17 14:19 - 2014-07-17 14:19 - 06631120 _____ (Trend Micro Inc.) C:\Users\user\Downloads\TrendMicro_TTi_7.0_TMAX_Downloader.exe
    2014-07-17 14:17 - 2013-08-11 10:06 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-07-17 12:38 - 2009-07-14 00:53 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-07-14 20:38 - 2013-11-24 01:17 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Torch
    2014-07-14 20:31 - 2013-11-24 01:20 - 00001178 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    2014-07-11 03:02 - 2014-07-17 15:19 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2014-07-11 02:56 - 2014-07-17 15:19 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-07-11 02:56 - 2014-07-17 15:19 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-07-11 02:55 - 2014-07-17 15:19 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-07-09 13:33 - 2014-07-09 13:33 - 00275568 _____ (Mozilla Corporation) C:\Users\Xiomara\Downloads\firefox.exe
    2014-07-09 13:32 - 2009-07-14 00:33 - 00411128 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-09 13:29 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-09 10:37 - 2013-08-13 21:13 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-09 10:34 - 2013-12-11 23:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-07-09 10:34 - 2013-08-11 08:59 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-08 14:33 - 2013-08-11 12:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-07-08 14:33 - 2013-08-11 12:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-07-05 19:15 - 2014-06-03 20:20 - 00001165 _____ () C:\Users\Ryan\Desktop\ROBLOX Studio 2013.lnk
    2014-07-05 19:15 - 2014-06-03 20:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2014-07-05 15:48 - 2014-07-05 15:48 - 00374427 _____ () C:\Users\Frances\Downloads\dubstep408 on Instagram.htm
    2014-07-05 15:48 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Frances\Downloads\dubstep408 on Instagram_files
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Xiomara\AppData\Local\AskPartnerNetwork
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Leah\AppData\Local\AskPartnerNetwork
    2014-06-22 13:54 - 2013-08-11 21:33 - 00000000 ____D () C:\Users\Frances\AppData\Local\Paint.NET
    2014-06-20 15:39 - 2014-07-09 09:49 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-06-19 21:08 - 2014-06-19 21:08 - 01058200 _____ (Adobe) C:\Users\Leah\Downloads\install_flashplayer14x32au_gtba_chra_dy_aaa_aih.exe
    2014-06-18 20:16 - 2014-07-09 09:49 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-06-18 19:56 - 2014-07-09 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-06-18 19:56 - 2014-07-09 09:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-06-18 19:38 - 2014-07-09 09:49 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-06-18 19:37 - 2014-07-09 09:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-06-18 19:36 - 2014-07-09 09:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-06-18 19:35 - 2014-07-09 09:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-06-18 19:32 - 2014-07-09 09:49 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-06-18 19:28 - 2014-07-09 09:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-06-18 19:28 - 2014-07-09 09:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-06-18 19:25 - 2014-07-09 09:49 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-06-18 19:23 - 2014-07-09 09:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-06-18 19:23 - 2014-07-09 09:49 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-06-18 19:22 - 2014-07-09 09:49 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-06-18 19:16 - 2014-07-09 09:49 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-06-18 19:12 - 2014-07-09 09:49 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-06-18 19:06 - 2014-07-09 09:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-06-18 19:01 - 2014-07-09 09:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-06-18 18:59 - 2014-07-09 09:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-06-18 18:58 - 2014-07-09 09:49 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-06-18 18:52 - 2014-07-09 09:49 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-06-18 18:52 - 2014-07-09 09:49 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-06-18 18:49 - 2014-07-09 09:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-06-18 18:46 - 2014-07-09 09:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-06-18 18:45 - 2014-07-09 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-06-18 18:35 - 2014-07-09 09:49 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-06-18 18:13 - 2014-07-09 09:49 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-06-18 18:09 - 2014-07-09 09:49 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-06-18 18:07 - 2014-07-09 09:49 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    Some content of TEMP:
    ====================
    C:\Users\Leah\AppData\Local\Temp\contentDATs.exe
    C:\Users\Leah\AppData\Local\Temp\SpOrder.dll
    C:\Users\Ryan\AppData\Local\Temp\contentDATs.exe
    C:\Users\Ryan\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\user\AppData\Local\Temp\APNSetup.exe
    C:\Users\user\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
    C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\user\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\user\AppData\Local\Temp\lowproc.exe
    C:\Users\user\AppData\Local\Temp\mssinstaller.exe
    C:\Users\user\AppData\Local\Temp\ose00000.exe
    C:\Users\user\AppData\Local\Temp\PCFixSpeedSetup_253.exe
    C:\Users\user\AppData\Local\Temp\Quarantine.exe
    C:\Users\user\AppData\Local\Temp\RealPlayer.exe
    C:\Users\user\AppData\Local\Temp\stubhelper.dll
    C:\Users\user\AppData\Local\Temp\UNT756.exe
    C:\Users\user\AppData\Local\Temp\UNTCD6F.exe
    C:\Users\Xiomara\AppData\Local\Temp\contentDATs.exe
    C:\Users\Xiomara\AppData\Local\Temp\SpOrder.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-17 19:18

    ==================== End Of Log ============================
     
  6. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
    Ran by user (administrator) on USER-PC on 18-07-2014 07:40:37
    Running from C:\Users\user\Desktop
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.117.0\BBSvc.EXE
    (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (OpenDownloadManager.com) C:\Program Files\OpenDownloaderManager\ODM.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Farbar) C:\Users\user\Desktop\FRST32.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-19] (RealNetworks, Inc.)
    HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-08-12] (Microsoft Corporation)
    HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
    HKU\S-1-5-21-1140888121-1349566269-504757958-1000\...\Run: [Open Download Manager] => C:\Program Files\OpenDownloaderManager\odm.exe [6369280 2013-02-20] (OpenDownloadManager.com)
    HKU\S-1-5-21-1140888121-1349566269-504757958-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
    HKU\S-1-5-21-1140888121-1349566269-504757958-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-1140888121-1349566269-504757958-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1007\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1006\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1001\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x95F2BBF49A96CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aol.com/?mtmhp=txtlnkusaolp00000406
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend Micro Inc.)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default
    FF SearchEngineOrder.1: Ask Search
    FF Homepage: hxxp://www.aol.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: Tube Dimmer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default\Extensions\support@tubedimmerapp.com [2013-11-19]
    FF Extension: Adblock Plus Pop-up Addon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-22]
    FF Extension: Ask Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi [2013-08-05]
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-19]
    FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension
    FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [2014-07-17]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-07-17]
    FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-07-17]

    Chrome:
    =======
    CHR HomePage:
    CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-02]
    CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-02]
    CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-02]
    CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-02]
    CHR Extension: (RealDownloader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-02]
    CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-02]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
    R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]

    ==================== Drivers (Whitelisted) ====================

    R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [103416 2013-12-03] (Trend Micro Inc.)
    R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [290376 2013-12-03] (Trend Micro Inc.)
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
    R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
    R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83864 2013-12-03] (Trend Micro Inc.)
    R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
    R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
    R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
    U2 TMAgent;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-18 07:40 - 2014-07-18 07:41 - 00016841 _____ () C:\Users\user\Desktop\FRST.txt
    2014-07-18 07:40 - 2014-07-18 07:40 - 00000000 ____D () C:\FRST
    2014-07-18 07:39 - 2014-07-18 07:37 - 01077248 _____ (Farbar) C:\Users\user\Desktop\FRST32.exe
    2014-07-17 18:16 - 2014-07-17 18:17 - 00000933 _____ () C:\Users\user\Desktop\JRT.txt
    2014-07-17 17:55 - 2014-07-17 17:55 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-17 17:51 - 2014-07-17 17:53 - 00002040 _____ () C:\Users\user\Desktop\Rkill.txt
    2014-07-17 17:25 - 2014-07-17 17:57 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a7e9aa52-1597-431e-adb2-0b01e569b77e.job
    2014-07-17 17:25 - 2014-07-17 17:57 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 02fcb253-c5da-4c9b-a01a-5fd884ecb620.job
    2014-07-17 17:25 - 2014-07-17 17:25 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-07-17 17:25 - 2014-07-17 17:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
    2014-07-17 17:24 - 2014-07-17 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-07-17 17:24 - 2014-07-17 17:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-17 17:24 - 2014-07-17 17:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-07-17 16:27 - 2014-07-17 16:34 - 00000000 ____D () C:\AdwCleaner
    2014-07-17 16:00 - 2014-07-18 07:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-17 16:00 - 2014-07-17 16:00 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-17 16:00 - 2014-07-17 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-17 15:59 - 2014-07-17 16:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-07-17 15:59 - 2014-07-17 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-17 15:59 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-07-17 15:59 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-07-17 15:59 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-07-17 15:46 - 2014-07-17 15:46 - 00001369 _____ () C:\Users\Frances\Desktop\Trend Micro Titanium Maximum Security.lnk
    2014-07-17 15:46 - 2014-07-17 15:46 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
    2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-07-17 15:19 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2014-07-17 15:19 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-07-17 15:19 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-07-17 15:19 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-07-17 14:56 - 2014-07-17 14:56 - 00000000 ___HD () C:\TMRescueDisk
    2014-07-17 14:54 - 2014-07-17 14:54 - 00001441 _____ () C:\Users\user\Desktop\Trend Micro Titanium Maximum Security.lnk
    2014-07-17 14:54 - 2014-07-17 14:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
    2014-07-17 14:52 - 2013-06-13 02:35 - 00085280 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
    2014-07-17 14:52 - 2013-05-22 11:37 - 00282272 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
    2014-07-17 14:52 - 2012-05-02 15:27 - 00092304 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys
    2014-07-17 14:51 - 2013-12-03 04:56 - 00290376 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
    2014-07-17 14:51 - 2013-12-03 04:56 - 00103416 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
    2014-07-17 14:51 - 2013-12-03 04:56 - 00083864 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
    2014-07-17 14:51 - 2013-07-01 09:08 - 00040736 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC32.sys
    2014-07-17 14:49 - 2014-07-17 14:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-07-17 14:49 - 2014-07-17 14:49 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
    2014-07-17 14:48 - 2014-07-17 17:40 - 00000000 ____D () C:\ProgramData\Trend Micro
    2014-07-17 14:48 - 2014-07-17 14:49 - 00000000 ____D () C:\Program Files\Trend Micro
    2014-07-17 14:47 - 2014-07-17 14:47 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
    2014-07-17 14:45 - 2014-07-17 14:45 - 00000000 ____D () C:\ProgramData\Symantec
    2014-07-17 14:37 - 2014-07-17 14:37 - 00869456 _____ () C:\Users\user\Downloads\Norton_Removal_Tool.exe
    2014-07-17 14:21 - 2014-07-17 14:21 - 00000000 ____D () C:\Users\user\AppData\Local\Trend Micro
    2014-07-17 14:19 - 2014-07-17 14:20 - 85411392 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
    2014-07-17 14:19 - 2014-07-17 14:19 - 06631120 _____ (Trend Micro Inc.) C:\Users\user\Downloads\TrendMicro_TTi_7.0_TMAX_Downloader.exe
    2014-07-09 13:33 - 2014-07-09 13:33 - 00275568 _____ (Mozilla Corporation) C:\Users\Xiomara\Downloads\firefox.exe
    2014-07-09 09:49 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-09 09:49 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-09 09:49 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-09 09:49 - 2014-06-18 19:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-09 09:49 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-09 09:49 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-09 09:49 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-09 09:49 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-09 09:49 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-09 09:49 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-09 09:49 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-09 09:49 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-09 09:49 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-09 09:49 - 2014-06-18 19:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-09 09:49 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-09 09:49 - 2014-06-18 19:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-09 09:49 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-09 09:49 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-09 09:49 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-09 09:49 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-09 09:49 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-09 09:49 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-09 09:49 - 2014-06-18 18:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-09 09:49 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-09 09:49 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-09 09:49 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-09 09:49 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-09 09:49 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-09 09:49 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-09 09:49 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-09 09:49 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-09 09:49 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-09 09:49 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-09 09:49 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-09 09:49 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-05 15:48 - 2014-07-05 15:48 - 00374427 _____ () C:\Users\Frances\Downloads\dubstep408 on Instagram.htm
    2014-07-05 15:47 - 2014-07-05 15:48 - 00000000 ____D () C:\Users\Frances\Downloads\dubstep408 on Instagram_files
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Xiomara\AppData\Local\AskPartnerNetwork
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Leah\AppData\Local\AskPartnerNetwork
    2014-06-19 21:08 - 2014-06-19 21:08 - 01058200 _____ (Adobe) C:\Users\Leah\Downloads\install_flashplayer14x32au_gtba_chra_dy_aaa_aih.exe

    ==================== One Month Modified Files and Folders =======

    2014-07-18 07:41 - 2014-07-18 07:40 - 00016841 _____ () C:\Users\user\Desktop\FRST.txt
    2014-07-18 07:40 - 2014-07-18 07:40 - 00000000 ____D () C:\FRST
    2014-07-18 07:40 - 2013-11-13 22:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Open Download Manager
    2014-07-18 07:37 - 2014-07-18 07:39 - 01077248 _____ (Farbar) C:\Users\user\Desktop\FRST32.exe
    2014-07-18 07:37 - 2013-08-11 14:10 - 02017924 _____ () C:\Windows\WindowsUpdate.log
    2014-07-18 07:35 - 2014-07-17 16:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-18 07:34 - 2013-08-11 12:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-18 07:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
    2014-07-18 07:31 - 2013-08-11 10:01 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-18 07:30 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-18 07:30 - 2009-07-14 00:39 - 00088948 _____ () C:\Windows\setupact.log
    2014-07-17 19:29 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
    2014-07-17 18:47 - 2013-08-11 10:01 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-17 18:17 - 2014-07-17 18:16 - 00000933 _____ () C:\Users\user\Desktop\JRT.txt
    2014-07-17 18:06 - 2009-07-14 00:34 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-17 18:06 - 2009-07-14 00:34 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-17 17:57 - 2014-07-17 17:25 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a7e9aa52-1597-431e-adb2-0b01e569b77e.job
    2014-07-17 17:57 - 2014-07-17 17:25 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 02fcb253-c5da-4c9b-a01a-5fd884ecb620.job
    2014-07-17 17:57 - 2013-08-11 10:37 - 00125014 _____ () C:\Windows\PFRO.log
    2014-07-17 17:55 - 2014-07-17 17:55 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-17 17:53 - 2014-07-17 17:51 - 00002040 _____ () C:\Users\user\Desktop\Rkill.txt
    2014-07-17 17:40 - 2014-07-17 14:48 - 00000000 ____D () C:\ProgramData\Trend Micro
    2014-07-17 17:25 - 2014-07-17 17:25 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-07-17 17:25 - 2014-07-17 17:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
    2014-07-17 17:25 - 2014-07-17 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-07-17 17:25 - 2014-07-17 17:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-07-17 17:24 - 2014-07-17 17:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-07-17 16:35 - 2013-11-19 12:05 - 00000000 ____D () C:\ProgramData\Updater
    2014-07-17 16:34 - 2014-07-17 16:27 - 00000000 ____D () C:\AdwCleaner
    2014-07-17 16:32 - 2013-08-11 10:01 - 00001244 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-17 16:32 - 2013-08-11 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-07-17 16:32 - 2013-08-11 10:00 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-07-17 16:32 - 2013-08-11 10:00 - 00001007 _____ () C:\Users\Public\Desktop\Firefox.lnk
    2014-07-17 16:32 - 2013-08-11 08:18 - 00001140 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-07-17 16:28 - 2013-11-19 12:06 - 00000000 ____D () C:\temp
    2014-07-17 16:28 - 2013-11-15 16:41 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\SearchProtect
    2014-07-17 16:28 - 2013-11-14 20:45 - 00000000 ____D () C:\Users\Leah\AppData\Roaming\SearchProtect
    2014-07-17 16:28 - 2013-11-14 07:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\SearchProtect
    2014-07-17 16:00 - 2014-07-17 16:00 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-17 16:00 - 2014-07-17 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-17 16:00 - 2014-07-17 15:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-07-17 16:00 - 2013-08-11 08:24 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-17 15:59 - 2014-07-17 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-17 15:46 - 2014-07-17 15:46 - 00001369 _____ () C:\Users\Frances\Desktop\Trend Micro Titanium Maximum Security.lnk
    2014-07-17 15:46 - 2014-07-17 15:46 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
    2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-07-17 15:19 - 2013-09-19 16:26 - 00000000 ____D () C:\Program Files\Java
    2014-07-17 15:19 - 2013-09-19 16:19 - 00000000 ____D () C:\ProgramData\Oracle
    2014-07-17 14:56 - 2014-07-17 14:56 - 00000000 ___HD () C:\TMRescueDisk
    2014-07-17 14:54 - 2014-07-17 14:54 - 00001441 _____ () C:\Users\user\Desktop\Trend Micro Titanium Maximum Security.lnk
    2014-07-17 14:54 - 2014-07-17 14:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
    2014-07-17 14:49 - 2014-07-17 14:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-07-17 14:49 - 2014-07-17 14:49 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
    2014-07-17 14:49 - 2014-07-17 14:48 - 00000000 ____D () C:\Program Files\Trend Micro
    2014-07-17 14:47 - 2014-07-17 14:47 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
    2014-07-17 14:45 - 2014-07-17 14:45 - 00000000 ____D () C:\ProgramData\Symantec
    2014-07-17 14:37 - 2014-07-17 14:37 - 00869456 _____ () C:\Users\user\Downloads\Norton_Removal_Tool.exe
    2014-07-17 14:21 - 2014-07-17 14:21 - 00000000 ____D () C:\Users\user\AppData\Local\Trend Micro
    2014-07-17 14:20 - 2014-07-17 14:19 - 85411392 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
    2014-07-17 14:19 - 2014-07-17 14:19 - 06631120 _____ (Trend Micro Inc.) C:\Users\user\Downloads\TrendMicro_TTi_7.0_TMAX_Downloader.exe
    2014-07-17 14:17 - 2013-08-11 10:06 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-07-17 12:38 - 2009-07-14 00:53 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-07-14 20:38 - 2013-11-24 01:17 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Torch
    2014-07-14 20:31 - 2013-11-24 01:20 - 00001178 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    2014-07-11 03:02 - 2014-07-17 15:19 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2014-07-11 02:56 - 2014-07-17 15:19 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-07-11 02:56 - 2014-07-17 15:19 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-07-11 02:55 - 2014-07-17 15:19 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-07-09 13:33 - 2014-07-09 13:33 - 00275568 _____ (Mozilla Corporation) C:\Users\Xiomara\Downloads\firefox.exe
    2014-07-09 13:32 - 2009-07-14 00:33 - 00411128 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-09 13:29 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-09 10:37 - 2013-08-13 21:13 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-09 10:34 - 2013-12-11 23:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-07-09 10:34 - 2013-08-11 08:59 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-08 14:33 - 2013-08-11 12:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-07-08 14:33 - 2013-08-11 12:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-07-05 19:15 - 2014-06-03 20:20 - 00001165 _____ () C:\Users\Ryan\Desktop\ROBLOX Studio 2013.lnk
    2014-07-05 19:15 - 2014-06-03 20:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2014-07-05 15:48 - 2014-07-05 15:48 - 00374427 _____ () C:\Users\Frances\Downloads\dubstep408 on Instagram.htm
    2014-07-05 15:48 - 2014-07-05 15:47 - 00000000 ____D () C:\Users\Frances\Downloads\dubstep408 on Instagram_files
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Xiomara\AppData\Local\AskPartnerNetwork
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Leah\AppData\Local\AskPartnerNetwork
    2014-06-22 13:54 - 2013-08-11 21:33 - 00000000 ____D () C:\Users\Frances\AppData\Local\Paint.NET
    2014-06-20 15:39 - 2014-07-09 09:49 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-06-19 21:08 - 2014-06-19 21:08 - 01058200 _____ (Adobe) C:\Users\Leah\Downloads\install_flashplayer14x32au_gtba_chra_dy_aaa_aih.exe
    2014-06-18 20:16 - 2014-07-09 09:49 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-06-18 19:56 - 2014-07-09 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-06-18 19:56 - 2014-07-09 09:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-06-18 19:38 - 2014-07-09 09:49 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-06-18 19:37 - 2014-07-09 09:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-06-18 19:36 - 2014-07-09 09:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-06-18 19:35 - 2014-07-09 09:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-06-18 19:32 - 2014-07-09 09:49 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-06-18 19:28 - 2014-07-09 09:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-06-18 19:28 - 2014-07-09 09:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-06-18 19:25 - 2014-07-09 09:49 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-06-18 19:23 - 2014-07-09 09:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-06-18 19:23 - 2014-07-09 09:49 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-06-18 19:22 - 2014-07-09 09:49 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-06-18 19:16 - 2014-07-09 09:49 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-06-18 19:12 - 2014-07-09 09:49 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-06-18 19:06 - 2014-07-09 09:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-06-18 19:01 - 2014-07-09 09:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-06-18 18:59 - 2014-07-09 09:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-06-18 18:58 - 2014-07-09 09:49 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-06-18 18:52 - 2014-07-09 09:49 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-06-18 18:52 - 2014-07-09 09:49 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-06-18 18:49 - 2014-07-09 09:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-06-18 18:46 - 2014-07-09 09:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-06-18 18:45 - 2014-07-09 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-06-18 18:35 - 2014-07-09 09:49 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-06-18 18:13 - 2014-07-09 09:49 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-06-18 18:09 - 2014-07-09 09:49 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-06-18 18:07 - 2014-07-09 09:49 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    Some content of TEMP:
    ====================
    C:\Users\Leah\AppData\Local\Temp\contentDATs.exe
    C:\Users\Leah\AppData\Local\Temp\SpOrder.dll
    C:\Users\Ryan\AppData\Local\Temp\contentDATs.exe
    C:\Users\Ryan\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\user\AppData\Local\Temp\APNSetup.exe
    C:\Users\user\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
    C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\user\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\user\AppData\Local\Temp\lowproc.exe
    C:\Users\user\AppData\Local\Temp\mssinstaller.exe
    C:\Users\user\AppData\Local\Temp\ose00000.exe
    C:\Users\user\AppData\Local\Temp\PCFixSpeedSetup_253.exe
    C:\Users\user\AppData\Local\Temp\Quarantine.exe
    C:\Users\user\AppData\Local\Temp\RealPlayer.exe
    C:\Users\user\AppData\Local\Temp\stubhelper.dll
    C:\Users\user\AppData\Local\Temp\UNT756.exe
    C:\Users\user\AppData\Local\Temp\UNTCD6F.exe
    C:\Users\Xiomara\AppData\Local\Temp\contentDATs.exe
    C:\Users\Xiomara\AppData\Local\Temp\SpOrder.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-17 19:18

    ==================== End Of Log ============================
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Mike,

    Unfortunately you posted the main FRST report twice.
    Please look on the Desktop for the Addition.txt and post that for me please.

    Thanks
     
  8. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
    Ran by user at 2014-07-18 07:43:18
    Running from C:\Users\user\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

    ==================== Installed Programs ======================

    Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Ask Toolbar (HKLM\...\{4F524A2D-5637-006A-76A7-A758B70C0F01}) (Version: 12.15.1.18 - APN, LLC) <==== ATTENTION
    Bing Bar (HKLM\...\{49977584-B20E-46AB-818F-845815378904}) (Version: 7.3.117.0 - Microsoft Corporation)
    Bing Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Google Chrome (HKLM\...\{6B50D4E7-A873-3102-A1F9-CD5B17976208}) (Version: 65.119.95 - Google, Inc.)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)
    Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
    NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
    Open Downloader Manager (HKLM\...\OpenDownloaderManager) (Version: - )
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    REGSERVO (HKLM\...\REGSERVO) (Version: 1.0.9.7 - Tuneup System Software Pvt Ltd.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
    SweetIM (HKLM\...\Setup Support for SweetIM) (Version: 1.0 - Sono Control Inc.) <==== ATTENTION
    Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
    Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
    VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)

    ==================== Restore Points =========================

    06-07-2014 13:51:03 Windows Update
    09-07-2014 14:33:08 Windows Update
    12-07-2014 22:22:41 Windows Update
    17-07-2014 16:50:58 Windows Update
    17-07-2014 19:16:30 Installed Java 7 Update 65

    ==================== Hosts content: ==========================

    2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {041731DC-1703-4E40-91C5-DB6C79C69261} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\RegSERVO.exe <==== ATTENTION
    Task: {218F8E12-9ACC-4F04-BB70-F6501C2FA387} - System32\Tasks\ReclaimerUpdateFiles_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-25] (RealNetworks, Inc.)
    Task: {23E579A9-2ECB-42D6-92E9-04D6A87246F3} - System32\Tasks\SUPERAntiSpyware Scheduled Task a7e9aa52-1597-431e-adb2-0b01e569b77e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {25D398BA-ABAA-416A-AF0D-0F93169DA09D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
    Task: {7164A8BC-ACB7-4429-A54D-FEDBE82801BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-11] (Google Inc.)
    Task: {76E41BC1-CDBC-4D84-BA74-85B6376B18D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1140888121-1349566269-504757958-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {8BF045A4-12F4-42BD-908D-D1A52B0E6330} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-05-09] (Trend Micro Inc.)
    Task: {91151F96-1269-45AA-A782-7949F875BEC6} - System32\Tasks\SUPERAntiSpyware Scheduled Task 02fcb253-c5da-4c9b-a01a-5fd884ecb620 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {BD02C0BC-7C4F-4CC7-BA33-187F8E454C1D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1140888121-1349566269-504757958-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {F354A3E3-1D73-496C-B325-F890A8051ED1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-11] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 02fcb253-c5da-4c9b-a01a-5fd884ecb620.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a7e9aa52-1597-431e-adb2-0b01e569b77e.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-08-11 09:31 - 2013-01-31 05:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2014-07-17 14:48 - 2013-01-15 21:50 - 00039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
    2014-07-17 14:48 - 2013-04-02 00:25 - 00543744 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
    2014-07-17 14:48 - 2013-01-15 21:55 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
    2014-07-17 14:48 - 2012-12-18 16:04 - 01098240 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
    2014-07-17 14:48 - 2013-01-15 21:50 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
    2014-07-17 14:43 - 2013-07-23 11:28 - 00179872 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
    2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2012-11-23 13:40 - 2012-11-23 13:40 - 03516416 _____ () C:\Program Files\OpenDownloaderManager\fdmbtsupp.dll
    2014-07-17 14:57 - 2013-12-18 09:33 - 00047784 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/17/2014 07:26:41 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (07/18/2014 07:34:55 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80004005

    Error: (07/18/2014 07:33:39 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.15.
    The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
    this computer.

    Error: (07/18/2014 07:33:39 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.15.
    The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
    this computer.

    Error: (07/18/2014 07:33:39 AM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4374082E-AEC5-4AC1-A898-378CF05EBF3C} because another computer on the network has the same name. The server could not start.


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 47%
    Total physical RAM: 2046.16 MB
    Available physical RAM: 1077.77 MB
    Total Pagefile: 4092.33 MB
    Available Pagefile: 2750.45 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1905.26 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.91 GB) (Free:111.32 GB) NTFS
    Drive f: (CRUZER) (Removable) (Total:29.8 GB) (Free:6.73 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 32CFF0AC)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 30 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  9. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Mike,

    Thanks for the addition.txt.

    Step 1
    Please uninstall the following:
    Open Download Manager
    McAfee Security Scan Plus


    the following may have already been removed:
    SweetIM
    Ask Toolbar


    But try the uninstallers anyway.


    Step 2
    Windows Defender should have been disabled when Trend Micro was installed as they may well conflict.
    Please make sure that Windows Defender is disabled:
    • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
    • Click on Tools & Settings >> Options.
    • Under Real-time protection options, uncheck the "Real-time protection" check box.
    • Click Save.
    • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

    Recommendation.
    SuperAntiSpyware doesn't need to start when Windows starts..... Too much security isn't always a good thing.
    You can start it manually when you need to do a scan.

    To change this:
    Restart SuperAntiSpyware...
    Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.
    Then click Close. and then Close on the next screen to exit the program.


    Step 3
    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


    Step 4
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) 8 Update 11 and save it to your desktop.
    • Scroll down to where it says "Java SE 8 Update 11".
    • Click the "Download JRE " button.
    • Accept the license agreement.
    • select 'Windows x86'offline from the list.
    • Save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on downloaded icon to install the newest version.

    Step 5
    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


    In your next reply, please submit:
    Fixlog.txt
    and let me know if there's any improvement in the running of the system


    Thanks.
     

    Attached Files:

  10. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    Hey Pete, please see attached file, I am not seeing an x86 "Offline" download, only 2 "Online downloads here?

    http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html


    Please advise on what to do here? BTW, here is the the fix log file:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
    Ran by user at 2014-07-18 16:59:04 Run:2
    Running from C:\Users\user\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1007\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1006\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1001\User: Group Policy restriction detected <======= ATTENTION
    SearchScopes: HKLM - DefaultScope value is missing.
    FF SearchEngineOrder.1: Ask Search
    FF Extension: Ask Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi [2013-08-05]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    U2 TMAgent;
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Xiomara\AppData\Local\AskPartnerNetwork
    2014-06-25 16:07 - 2014-06-25 16:07 - 00000000 ____D () C:\Users\Leah\AppData\Local\AskPartnerNetwork
    2014-07-17 16:28 - 2013-11-15 16:41 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\SearchProtect
    2014-07-17 16:28 - 2013-11-14 20:45 - 00000000 ____D () C:\Users\Leah\AppData\Roaming\SearchProtect
    2014-07-17 16:28 - 2013-11-14 07:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\SearchProtect
    2014-07-14 20:38 - 2013-11-24 01:17 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Torch
    2014-07-14 20:31 - 2013-11-24 01:20 - 00001178 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    C:\Users\Leah\AppData\Local\Temp\contentDATs.exe
    C:\Users\Leah\AppData\Local\Temp\SpOrder.dll
    C:\Users\Ryan\AppData\Local\Temp\contentDATs.exe
    C:\Users\Ryan\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\user\AppData\Local\Temp\APNSetup.exe
    C:\Users\user\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
    C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\user\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\user\AppData\Local\Temp\lowproc.exe
    C:\Users\user\AppData\Local\Temp\mssinstaller.exe
    C:\Users\user\AppData\Local\Temp\ose00000.exe
    C:\Users\user\AppData\Local\Temp\PCFixSpeedSetup_253.exe
    C:\Users\user\AppData\Local\Temp\Quarantine.exe
    C:\Users\user\AppData\Local\Temp\RealPlayer.exe
    C:\Users\user\AppData\Local\Temp\stubhelper.dll
    C:\Users\user\AppData\Local\Temp\UNT756.exe
    C:\Users\user\AppData\Local\Temp\UNTCD6F.exe
    C:\Users\Xiomara\AppData\Local\Temp\contentDATs.exe
    C:\Users\Xiomara\AppData\Local\Temp\SpOrder.dll
    Task: {041731DC-1703-4E40-91C5-DB6C79C69261} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\RegSERVO.exe <==== ATTENTION
    Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
    2012-11-23 13:40 - 2012-11-23 13:40 - 03516416 _____ () C:\Program Files\OpenDownloaderManager\fdmbtsupp.dll
    C:\Program Files\REGSERVO
    C:\Program Files\OpenDownloaderManager
    Hosts:
    Reboot:








    *****************

    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1007\User" => File/Directory not found.
    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1006\User" => File/Directory not found.
    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1005\User" => File/Directory not found.
    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1140888121-1349566269-504757958-1001\User" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    Firefox SearchEngineOrder.1 deleted successfully.
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lovzd0dh.default\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi => not found.
    'HKLM\SOFTWARE\Policies\Google'=> Key not found.
    TMAgent => Service not found.
    "C:\Users\Xiomara\AppData\Local\AskPartnerNetwork" => File/Directory not found.
    "C:\Users\Leah\AppData\Local\AskPartnerNetwork" => File/Directory not found.
    "C:\Users\Frances\AppData\Roaming\SearchProtect" => File/Directory not found.
    "C:\Users\Leah\AppData\Roaming\SearchProtect" => File/Directory not found.
    "C:\Users\Ryan\AppData\Roaming\SearchProtect" => File/Directory not found.
    "C:\Users\Ryan\AppData\Local\Torch" => File/Directory not found.
    "C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk" => File/Directory not found.
    "C:\Users\Leah\AppData\Local\Temp\contentDATs.exe" => File/Directory not found.
    "C:\Users\Leah\AppData\Local\Temp\SpOrder.dll" => File/Directory not found.
    "C:\Users\Ryan\AppData\Local\Temp\contentDATs.exe" => File/Directory not found.
    "C:\Users\Ryan\AppData\Local\Temp\SecurityScan_Release.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\lowproc.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\mssinstaller.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\PCFixSpeedSetup_253.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\RealPlayer.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\stubhelper.dll" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\UNT756.exe" => File/Directory not found.
    "C:\Users\user\AppData\Local\Temp\UNTCD6F.exe" => File/Directory not found.
    "C:\Users\Xiomara\AppData\Local\Temp\contentDATs.exe" => File/Directory not found.
    "C:\Users\Xiomara\AppData\Local\Temp\SpOrder.dll" => File/Directory not found.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{041731DC-1703-4E40-91C5-DB6C79C69261}'=> Key not found.
    C:\Windows\System32\Tasks\REGSERVO not found.
    'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\REGSERVO'=> Key not found.
    C:\Windows\Tasks\REGSERVO.job not found.
    "C:\Program Files\OpenDownloaderManager\fdmbtsupp.dll" => File/Directory not found.
    "C:\Program Files\REGSERVO" => File/Directory not found.
    "C:\Program Files\OpenDownloaderManager" => File/Directory not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.


    The system needed a reboot.

    ==== End of Fixlog ====
     
  11. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Mike,

    Take another look..... there is one offline download and one online download:

    6276ec537b2a25ca60c25a705c50af05.png

    A lot of those files are showing as missing...... this may well be due to them being removed by JRT or AdwCleaner.
    But we had to check.

    Are there still problems with Firefox or IE ?
     
  12. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    I must be blind sorry, yes, still same problems, I am going to perform steps 4 and 5 now
     
  13. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ok.
    After running steps 4 and 5 :

    Reset all browsers.

    To Reset Firefox
    • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
    • Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
    • To continue, click Reset Firefox in the confirmation window that opens.
    • Firefox will close and be reset. When it's done, a window will list the information that was imported.
    • Click Finish and Firefox will open.
    Note:
    After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
    If you don't need this folder any longer, you should delete it as it contains sensitive information.

    The reset feature works by creating a new profile folder for you while saving your most important data.

    Firefox will try to keep the following data:



      • Bookmarks
      • Browsing history
      • Passwords
      • Cookies
      • Web form auto-fill information
      • Personal dictionary

    --------------------

    Reset IE back to the defaults.
    • Close any Internet Explorer or Windows Explorer windows that are currently open.
    • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
    • Click the Tools button, and then click Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
    • In the Reset Internet Explorer Settings dialog box, click Reset.
    • When Internet Explorer finishes applying default settings, click Close, and then click OK.
    • Close Internet Explorer.
    • Your changes will take effect the next time you open Internet Explorer.

    -----------------

    To reset Google Chrome
    • Click the Menu option button at the top right of the Google Chrome screen
    • Select Settings.
    • Click Show advanced settings and find the "Reset browser settings” section.
    • Click Reset browser settings.
    • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

    Resetting your browser settings will impact the settings below:

    Default search engine and saved search engines will be reset and to their original defaults.
    Homepage button will be hidden and the URL that you previously set will be removed.
    Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
    New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
    Pinned tabs will be unpinned.
    Content settings will be cleared and reset to their installation defaults.
    Cookies and site data will be cleared.
    Extensions and themes will be disabled.
     
  14. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    IE and Chrome seems to be working fine now, FF is still closing shortly after it's opened so I cannot get the chance to reset it, should I try reinstalling FF?
     
  15. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Mike,

    Yes, that may be a good idea.

    If Firefox is still open, you must close Firefox to proceed with the uninstall.
    If you want to remove your Firefox user data and settings, put a check mark in the box that says Remove my Firefox personal data and customizations.
    If you select this option, Firefox will not preserve your bookmarks, saved passwords, and other data if it is installed again.

    Then it's best to download Firefox from Mozilla:
    https://www.mozilla.org/en-US/

    Other download sites may well add 3rd party programs..... and we don't need those.

    Let me know how it goes.
    Midnight here so will be offline until the morning now.
     
  16. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    Yes Pete, all 3 browsers work fine now, once again THANK YOU VERY MUCH!
     
  17. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Mike,

    Glad to hear everything seems ok now.

    Let's finish the cleaning process and remove the tools that have been used.
    We'll also set you a fresh restore point.

    Step 1
    Restart MBAM.
    Click on the History tab >> Quarantine
    Tick to select any items and then click the Delete button.
    Close MBAM.


    Step 2
    Download Delfix and save it to your desktop.
    • Ensure Remove disinfection tools is checked.
    • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

      e784dacb6998c919c2f136ca95e82545.png
      .
    • Click the Run button.
    When the tool has finished, a log will open in notepad.... but i don't actually need this report


    Safe surfing. [​IMG]
     
  18. mikehende

    mikehende Senior Member

    Joined:
    Apr 5, 2005
    Messages:
    324
    Location:
    NYC
    Operating System:
    Windows 8
    Ok, got it, Pete. Thank you!
     

Share This Page