help with malware

bamboni · July 28, 2014

Farbar recovery steps

Addition.txt

FRST.txt

deeprybka · July 28, 2014

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please uninstall some programs:

Windows 7: Click on the Start Menu button, open Control Panel and click Uninstall a program.
Search and select the following programs one by one and click on Uninstall:

Savings Bond Wizard
Reboot your computer.

Step 2

Please download AdwCleaner (by Xplode) and save it to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select "Run As Administrator"
Click on the Scan button.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.

Step 3

Start FRST with administator privileges.

Press the Scan button.
When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
Please copy and paste the log in your next reply.

bamboni · July 28, 2014

Hi. I can't get this to paste so I attached it.***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.FCTB000100987Pos

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.FCTB000100987Pos.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2086743

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\wscontb

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKLM\Software\CompeteInc

Key Deleted : HKLM\Software\firstsearch

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={10B79207-54D4-4D93-A0C1-A3AF832D2FD5}&mid=181cec3229244bfb8685cc3c07f691a3-d8ab68861d3896aa6a751a6ef71f9ad4b9433864〈=en&ds=pl011&pr=sa&d=2012-06-27 07:51:05&v=11.1.0.12&sap=dsp&q={searchTerms}

Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ARCD&o=102810&locale=en_US&apn_uid=92fd69bb-9268-42fb-bbca-fd1e9f6ef60c&apn_ptnrs=8W&apn_sauid=3CC63DA8-AC2E-40C6-B989-39B8BC892B97&apn_dtid=YYYYYYYYUS&q={searchTerms}

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

*************************

AdwCleaner[R0].txt - [3990 octets] - [28/07/2014 11:47:52]

AdwCleaner[s0].txt - [3722 octets] - [28/07/2014 11:57:22]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3782 octets] ##########

deeprybka · July 28, 2014

Go to step 3 please...

bamboni · July 29, 2014

AdwCleaner v3.301 - Report created 28/07/2014 at 19:38:23

# Updated 28/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Kading - KADING-PC

# Running from : C:\Users\Kading\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3990 octets] - [28/07/2014 11:47:52]

AdwCleaner[R1].txt - [781 octets] - [28/07/2014 19:38:23]

AdwCleaner[s0].txt - [3882 octets] - [28/07/2014 11:57:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [900 octets] ##########

bamboni · July 29, 2014

this is what keeps popping up and stops my internet.

Malicious Website blocked

Domain: kkjhvudjyaskgjhylarqfjb.com

IP: 217.23.3.200

Port: 49238

Type: Outbound

Process: c:\windows\sysWOW64\sychost.exe

deeprybka · July 29, 2014

Disable Websiteprotection for a while...

Please post up the Adwarecleaner-Log

AdwCleaner[R1].txt - [781 octets] - [28/07/2014 19:38:23]

bamboni · July 29, 2014

AdwCleaner v3.301 - Report created 28/07/2014 at 19:38:23

# Updated 28/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Kading - KADING-PC

# Running from : C:\Users\Kading\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3990 octets] - [28/07/2014 11:47:52]

AdwCleaner[R1].txt - [781 octets] - [28/07/2014 19:38:23]

AdwCleaner[s0].txt - [3882 octets] - [28/07/2014 11:57:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [900 octets] ##########

deeprybka · July 29, 2014

Please run Adwarecleaner again and select "clean". Post up the log...

bamboni · July 29, 2014

AdwCleaner v3.301 - Report created 29/07/2014 at 10:15:08

# Updated 28/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Kading - KADING-PC

# Running from : C:\Users\Kading\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3990 octets] - [28/07/2014 11:47:52]

AdwCleaner[R1].txt - [979 octets] - [28/07/2014 19:38:23]

AdwCleaner[R2].txt - [1099 octets] - [29/07/2014 08:12:58]

AdwCleaner[R3].txt - [1219 octets] - [29/07/2014 10:06:17]

AdwCleaner[s0].txt - [3882 octets] - [28/07/2014 11:57:22]

AdwCleaner[s1].txt - [1041 octets] - [28/07/2014 19:45:00]

AdwCleaner[s2].txt - [1163 octets] - [29/07/2014 08:16:05]

AdwCleaner[s3].txt - [1143 octets] - [29/07/2014 10:15:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1203 octets] ##########

deeprybka · July 29, 2014

Ok, now step 3...

bamboni · July 29, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Kading (administrator) on KADING-PC on 29-07-2014 16:58:42

Running from C:\Users\Kading\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe

(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NPSStartup] => [X]

HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-1794151253-3064182797-4059908097-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

HKU\S-1-5-21-1794151253-3064182797-4059908097-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)

HKU\S-1-5-21-1794151253-3064182797-4059908097-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-1794151253-3064182797-4059908097-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =

URLSearchHook: HKCU - Default Value = (value not set)

URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files\Upromise RewardU Toolbar\Helper.dll ()

URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll ()

SearchScopes: HKLM-x32 - {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^9N^xdm003^YY^us&si=COfwo7e0-LQCFSemPAodfxYA7g&ptb=A4A4D2B1-5528-44D2-833A-B975B897ADBA&ind=2013012021&n=77fc2035&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL =

BHO: Upromise RewardU Toolbar BHO -> {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} -> C:\Program Files\Upromise RewardU Toolbar\Upromise RewardU Toolbar.dll (Freecause Inc.)

BHO-x32: Upromise RewardU Toolbar BHO -> {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} -> C:\Program Files (x86)\Upromise RewardU Toolbar\Upromise RewardU Toolbar.dll (Freecause Inc.)

Toolbar: HKLM - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files\Upromise RewardU Toolbar\Upromise RewardU Toolbar.dll (Freecause Inc.)

Toolbar: HKLM-x32 - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Upromise RewardU Toolbar.dll (Freecause Inc.)

Toolbar: HKCU - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files\Upromise RewardU Toolbar\Upromise RewardU Toolbar.dll (Freecause Inc.)

DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio.com/zf/code/upload-ie-win-x86.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://purewellness.webex.com/client/WBXclient-T28L10NSP7-15458/nbr/ieatgpc1.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.nd.gov/dana-cached/sc/JuniperSetupClient.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @unity3d.com/UnityPlayer - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:

=======

CHR HomePage: hxxp://www.bing.com/?pc=U160&ocid=U160DHP&dt=081113

CHR StartupUrls: "hxxp://www.bing.com/?pc=U160&ocid=U160DHP&dt=081113"

CHR DefaultSearchKeyword: bing.com

CHR DefaultNewTabURL:

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No File

CHR Plugin: (RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (Unity Player) - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]

CHR Extension: (Upromise RewardU Toolbar) - C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2014-04-30]

CHR Extension: (Google Wallet) - C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)

R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [33280 2014-06-20] (Digital Market Research Apps Pty Ltd) [File not signed]

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2014-06-20] (Digital Market Research Apps Pty Ltd) [File not signed]

S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]

S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-29] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]

S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

S1 hshlnnwb; \??\C:\Windows\system32\drivers\hshlnnwb.sys [X]

S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 08:21 - 2014-07-29 08:21 - 00001163 _____ () C:\Users\Kading\Desktop\AdwCleaner[R0].txt

2014-07-28 23:22 - 2014-07-28 23:22 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-07-28 23:22 - 2014-07-28 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-07-28 23:21 - 2014-07-28 23:22 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-07-28 22:52 - 2014-07-28 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-07-28 21:27 - 2014-07-28 21:33 - 00000000 ____D () C:\Users\Kading\Desktop\Chris Phone

2014-07-28 17:14 - 2014-07-28 17:14 - 00003882 _____ () C:\Users\Kading\Desktop\AdwCleaner[s0].txt

2014-07-28 11:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-28 11:47 - 2014-07-29 10:15 - 00000000 ____D () C:\AdwCleaner

2014-07-28 11:46 - 2014-07-28 11:46 - 01365525 _____ () C:\Users\Kading\Desktop\AdwCleaner.exe

2014-07-27 23:20 - 2014-07-27 23:21 - 00089916 _____ () C:\Users\Kading\Desktop\Addition.txt

2014-07-27 23:18 - 2014-07-29 16:58 - 00020351 _____ () C:\Users\Kading\Desktop\FRST.txt

2014-07-27 23:18 - 2014-07-29 16:58 - 00000000 ____D () C:\FRST

2014-07-27 23:17 - 2014-07-27 23:18 - 02093568 _____ (Farbar) C:\Users\Kading\Desktop\FRST64.exe

2014-07-26 08:53 - 2014-07-26 08:53 - 00000000 ____D () C:\Users\Kading\Documents\Adobe

2014-07-26 08:14 - 2014-07-26 08:14 - 31909432 _____ () C:\Users\Kading\Desktop\Em River.psd

2014-07-26 08:05 - 2014-07-26 08:05 - 00709106 _____ () C:\Users\Kading\Desktop\Em Riveredi.jpged

2014-07-26 06:58 - 2014-07-26 07:40 - 00000000 ____D () C:\Users\Kading\Desktop\Upload

2014-07-25 23:15 - 2014-07-25 23:15 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-25 23:11 - 2014-07-25 23:11 - 00001057 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-25 23:11 - 2014-07-25 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-25 23:10 - 2014-07-29 16:13 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware

2014-07-25 20:53 - 2014-07-25 20:53 - 375334421 _____ () C:\Users\Kading\Desktop\Untitled-1.psd

2014-07-25 14:48 - 2014-07-25 14:48 - 15933939 _____ () C:\Users\Kading\Desktop\Prayer.psd

2014-07-25 01:26 - 2014-07-25 01:26 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2014-07-25 00:15 - 2014-07-25 19:19 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-24 22:21 - 2014-07-24 22:21 - 00001912 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 12.lnk

2014-07-24 22:21 - 2014-07-24 22:21 - 00001896 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 12.lnk

2014-07-24 22:21 - 2013-07-19 03:01 - 00056336 ____N (Corel Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys

2014-07-24 21:50 - 2014-07-24 22:10 - 00000000 ____D () C:\Users\Kading\Desktop\Adobe Photoshop Elements 12

2014-07-24 21:41 - 2014-07-24 21:41 - 00001005 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk

2014-07-24 21:41 - 2014-07-24 21:41 - 00000993 _____ () C:\Users\Public\Desktop\Adobe Download Assistant.lnk

2014-07-24 21:41 - 2014-07-24 21:41 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant

2014-07-24 19:38 - 2014-07-24 19:38 - 02588472 _____ () C:\Users\Kading\Downloads\AdobeDownloadAssistant.exe

2014-07-22 22:28 - 2014-07-22 22:28 - 00000000 ____D () C:\MR APP

2014-07-22 12:38 - 2014-07-24 22:42 - 00000000 ____D () C:\Users\Kading\Desktop\Gallery wall

2014-07-21 17:54 - 2014-07-21 17:54 - 00072704 _____ () C:\Windows\system32\osutfxs.dll

2014-07-21 17:54 - 2014-07-21 17:54 - 00003968 _____ () C:\Windows\System32\Tasks\{98BDBE2D-030B-4FE5-53FA-F1BFA509CC38}

2014-07-21 17:54 - 2014-07-21 17:54 - 00000000 _____ () C:\Windows\system32\vedvfq.dll

2014-07-20 09:14 - 2014-07-20 09:14 - 00041876 _____ () C:\Users\Kading\Desktop\jailbirdjenna.zip

2014-07-09 20:30 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-07-09 20:30 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-07-09 20:30 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-09 20:30 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-09 20:30 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 20:30 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 20:30 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-09 20:30 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 20:29 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-09 20:29 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-09 20:29 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 20:29 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 20:29 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-09 20:29 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 20:29 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-09 20:29 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-09 20:29 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-09 20:29 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-09 20:29 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 20:29 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-09 20:29 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-09 20:29 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-09 20:29 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-09 20:29 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-09 20:29 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-09 20:29 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-09 20:29 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 20:29 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-09 20:29 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-09 20:29 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-09 20:29 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 20:29 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 20:29 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 20:29 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-09 20:29 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-09 20:29 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-09 20:29 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-09 20:29 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-09 20:29 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 20:29 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-09 20:29 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-09 20:29 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-09 20:29 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 20:29 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-09 20:29 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-09 20:29 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-09 20:29 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-09 20:29 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-09 20:29 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-09 20:29 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-09 20:29 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-09 20:29 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 20:29 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-09 20:29 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-09 20:29 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 20:29 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-09 20:29 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-09 20:29 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-09 20:29 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-09 20:29 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 20:29 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-09 20:29 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-09 20:29 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-09 20:29 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-09 20:29 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-09 20:29 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-09 20:29 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-07-09 20:29 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-07-09 20:29 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-07-09 20:29 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-07-09 20:29 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-07-09 20:29 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-07-09 20:29 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-07-09 20:29 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-07-09 20:29 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-07-09 20:29 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-07-09 20:29 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-07-09 20:29 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-07-09 20:29 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-07-09 20:29 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-07-09 20:29 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-06-29 01:00 - 2014-07-29 10:17 - 00003316 _____ () C:\Windows\setupact.log

2014-06-29 01:00 - 2014-06-29 01:00 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 17:00 - 2014-07-27 23:18 - 00020351 _____ () C:\Users\Kading\Desktop\FRST.txt

2014-07-29 16:58 - 2014-07-27 23:18 - 00000000 ____D () C:\FRST

2014-07-29 16:55 - 2014-05-18 19:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-29 16:45 - 2009-07-14 00:10 - 01154048 _____ () C:\Windows\WindowsUpdate.log

2014-07-29 16:16 - 2014-05-02 18:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-29 16:13 - 2014-07-25 23:10 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware

2014-07-29 16:08 - 2010-06-18 22:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-29 14:08 - 2010-06-18 22:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-29 11:02 - 2014-06-25 08:01 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1794151253-3064182797-4059908097-1000

2014-07-29 11:02 - 2014-06-25 08:01 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1794151253-3064182797-4059908097-1000

2014-07-29 10:27 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-29 10:27 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-29 10:17 - 2014-06-29 01:00 - 00003316 _____ () C:\Windows\setupact.log

2014-07-29 10:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-29 10:16 - 2010-06-16 15:19 - 00880938 _____ () C:\Windows\PFRO.log

2014-07-29 10:15 - 2014-07-28 11:47 - 00000000 ____D () C:\AdwCleaner

2014-07-29 08:21 - 2014-07-29 08:21 - 00001163 _____ () C:\Users\Kading\Desktop\AdwCleaner[R0].txt

2014-07-29 04:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-29 02:00 - 2010-06-21 16:30 - 00000000 ____D () C:\Users\Kading\AppData\Local\Adobe

2014-07-28 23:22 - 2014-07-28 23:22 - 00001807 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-07-28 23:22 - 2014-07-28 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-07-28 23:22 - 2014-07-28 23:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-07-28 22:52 - 2014-07-28 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-07-28 21:33 - 2014-07-28 21:27 - 00000000 ____D () C:\Users\Kading\Desktop\Chris Phone

2014-07-28 17:14 - 2014-07-28 17:14 - 00003882 _____ () C:\Users\Kading\Desktop\AdwCleaner[s0].txt

2014-07-28 11:46 - 2014-07-28 11:46 - 01365525 _____ () C:\Users\Kading\Desktop\AdwCleaner.exe

2014-07-28 11:43 - 2010-06-16 13:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-27 23:21 - 2014-07-27 23:20 - 00089916 _____ () C:\Users\Kading\Desktop\Addition.txt

2014-07-27 23:18 - 2014-07-27 23:17 - 02093568 _____ (Farbar) C:\Users\Kading\Desktop\FRST64.exe

2014-07-27 22:55 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-26 10:33 - 2010-11-27 22:08 - 00000000 ____D () C:\Users\Kading\AppData\Roaming\Skype

2014-07-26 08:56 - 2010-06-16 21:58 - 00000000 ____D () C:\Users\Kading\AppData\Roaming\Adobe

2014-07-26 08:53 - 2014-07-26 08:53 - 00000000 ____D () C:\Users\Kading\Documents\Adobe

2014-07-26 08:14 - 2014-07-26 08:14 - 31909432 _____ () C:\Users\Kading\Desktop\Em River.psd

2014-07-26 08:05 - 2014-07-26 08:05 - 00709106 _____ () C:\Users\Kading\Desktop\Em Riveredi.jpged

2014-07-26 07:40 - 2014-07-26 06:58 - 00000000 ____D () C:\Users\Kading\Desktop\Upload

2014-07-25 23:15 - 2014-07-25 23:15 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-25 23:11 - 2014-07-25 23:11 - 00001057 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-25 23:11 - 2014-07-25 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-25 20:53 - 2014-07-25 20:53 - 375334421 _____ () C:\Users\Kading\Desktop\Untitled-1.psd

2014-07-25 19:40 - 2012-04-26 18:47 - 00000000 ____D () C:\Users\Kading\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2014-07-25 19:38 - 2009-07-13 23:45 - 06209600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-25 19:19 - 2014-07-25 00:15 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-25 14:48 - 2014-07-25 14:48 - 15933939 _____ () C:\Users\Kading\Desktop\Prayer.psd

2014-07-25 12:33 - 2010-08-10 18:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-07-25 01:26 - 2014-07-25 01:26 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2014-07-25 01:26 - 2012-01-11 08:46 - 00000000 __SHD () C:\Users\Kading\AppData\Local\{0fc4ad35-27b1-fc7b-2a29-e53dc14be096}

2014-07-24 22:42 - 2014-07-22 12:38 - 00000000 ____D () C:\Users\Kading\Desktop\Gallery wall

2014-07-24 22:32 - 2010-08-10 18:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-07-24 22:27 - 2010-06-16 22:09 - 00071384 _____ () C:\Users\Kading\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-24 22:23 - 2010-06-21 16:30 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-07-24 22:21 - 2014-07-24 22:21 - 00001912 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 12.lnk

2014-07-24 22:21 - 2014-07-24 22:21 - 00001896 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 12.lnk

2014-07-24 22:10 - 2014-07-24 21:50 - 00000000 ____D () C:\Users\Kading\Desktop\Adobe Photoshop Elements 12

2014-07-24 21:41 - 2014-07-24 21:41 - 00001005 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk

2014-07-24 21:41 - 2014-07-24 21:41 - 00000993 _____ () C:\Users\Public\Desktop\Adobe Download Assistant.lnk

2014-07-24 21:41 - 2014-07-24 21:41 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant

2014-07-24 19:38 - 2014-07-24 19:38 - 02588472 _____ () C:\Users\Kading\Downloads\AdobeDownloadAssistant.exe

2014-07-23 22:59 - 2013-11-29 23:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-23 22:59 - 2013-11-29 23:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-07-23 15:03 - 2013-11-29 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-22 22:28 - 2014-07-22 22:28 - 00000000 ____D () C:\MR APP

2014-07-21 18:17 - 2012-12-26 13:59 - 00000000 ____D () C:\Users\Kading\AppData\Local\CrashDumps

2014-07-21 17:54 - 2014-07-21 17:54 - 00072704 _____ () C:\Windows\system32\osutfxs.dll

2014-07-21 17:54 - 2014-07-21 17:54 - 00003968 _____ () C:\Windows\System32\Tasks\{98BDBE2D-030B-4FE5-53FA-F1BFA509CC38}

2014-07-21 17:54 - 2014-07-21 17:54 - 00000000 _____ () C:\Windows\system32\vedvfq.dll

2014-07-21 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep

2014-07-20 10:53 - 2010-11-27 22:08 - 00000000 ____D () C:\ProgramData\Skype

2014-07-20 09:14 - 2014-07-20 09:14 - 00041876 _____ () C:\Users\Kading\Desktop\jailbirdjenna.zip

2014-07-10 17:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-07-10 16:31 - 2014-05-02 16:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-10 16:31 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 16:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-07-10 16:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-07-10 15:06 - 2013-07-13 09:53 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-10 15:03 - 2010-06-17 17:28 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-09 11:16 - 2014-05-02 18:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-09 11:16 - 2014-05-02 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-09 11:16 - 2013-07-28 22:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-02 13:45 - 2013-06-11 22:53 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-06-30 20:25 - 2013-06-30 17:13 - 00000000 ____D () C:\Users\Kading\AppData\Local\Deployment

2014-06-29 21:09 - 2014-07-09 20:30 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-29 21:04 - 2014-07-09 20:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-29 10:46 - 2010-06-18 22:19 - 00000000 ____D () C:\Users\Kading\Documents\KADING

2014-06-29 01:00 - 2014-06-29 01:00 - 00000000 _____ () C:\Windows\setuperr.log

Files to move or delete:

====================

C:\Users\Kading\Photoshop_12_LS1.exe

Some content of TEMP:

====================

C:\Users\Kading\AppData\Local\Temp\ose00000.exe

C:\Users\Kading\AppData\Local\Temp\px.dll

C:\Users\Kading\AppData\Local\Temp\pxafs.dll

C:\Users\Kading\AppData\Local\Temp\PxCpyA64.exe

C:\Users\Kading\AppData\Local\Temp\PxCpyI64.exe

C:\Users\Kading\AppData\Local\Temp\pxdrv.dll

C:\Users\Kading\AppData\Local\Temp\pxhpinst.exe

C:\Users\Kading\AppData\Local\Temp\PxInsA64.exe

C:\Users\Kading\AppData\Local\Temp\PxInsI64.exe

C:\Users\Kading\AppData\Local\Temp\pxmas.dll

C:\Users\Kading\AppData\Local\Temp\pxsetup.exe

C:\Users\Kading\AppData\Local\Temp\pxsfs.dll

C:\Users\Kading\AppData\Local\Temp\pxwave.dll

C:\Users\Kading\AppData\Local\Temp\Quarantine.exe

C:\Users\Kading\AppData\Local\Temp\readSTILog.dll

C:\Users\Kading\AppData\Local\Temp\vxblock.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-28 12:47

====================

deeprybka · July 29, 2014

Hi,

good job!

Let's do a final check up:

Step 1

Scan with b] [Malwarebytes Anti-Malware and save it to your desktop.

Please open Malwarebytes Anti-Malware.
Please update the database by clicking on the "Update Now" button.
Following the update and click "Settings" and go to "Detection and Protection"
Make sure "Scan for Rootkits" is checked.
Click on Dashboard, then click on Scan Now to start the scan.
(If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
A window with an option to view the detailed log will appear. Click on "View Detailed Log".
After viewing the results, please click on the "Copy to Clipboard" button and then OK.
Return to our forum. Paste your log into your next reply.

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
Start esetsmartinstaller_enu.exe with administartor privileges.
Select the option Yes, I accept the Terms of Use and click on Start.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start. The virus signature database will begin to download. This may take some time.
When completed the Online Scan will begin automatically.
Note: This scan might take a long time! Please be patient.
When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
Now click on Finish
A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

Start FRST with administator privileges.

Make sure the following option is checked:
Press the Scan button.
When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

Can you please tell me which problems still persist now?

bamboni · July 30, 2014

Here is the Malwarebytes log. Downloading ESET now

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 7/29/2014

Scan Time: 6:42:48 PM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.07.29.08

Rootkit Database: v2014.07.17.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Kading

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 301664

Time Elapsed: 28 min, 56 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 1

PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-1794151253-3064182797-4059908097-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, , [1f824d53ff7cb680df97c628ad55966a],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

bamboni · July 30, 2014

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=12

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=c9bf28c112c9c5448edb7331fdbbe1c8

# engine=19409

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-07-30 02:28:21

# local_time=2014-07-29 09:28:21 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 9271039 77869323 0 0

# compatibility_mode_1='Emsisoft Anti-Malware'

# compatibility_mode=16642 16777213 100 100 0 207817989 0 0

# scanned=24659

# found=0

# cleaned=0

# scan_time=7620

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=c9bf28c112c9c5448edb7331fdbbe1c8

# engine=19409

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-07-30 07:10:51

# local_time=2014-07-30 02:10:51 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 9287988 77886272 0 0

# compatibility_mode_1='Emsisoft Anti-Malware'

# compatibility_mode=16642 16777213 100 100 0 207834938 0 0

# scanned=324721

# found=8

# cleaned=0

# scan_time=16783

sh=C776B331F1F97D83BF13FDB90FE2CB487143A91F ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G potentially unwanted application" ac=I fn="C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_18437\blabbers-ch.crx"

sh=BAF484A557E4D20CC42C78977351A10C5638CC05 ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G potentially unwanted application" ac=I fn="C:\Users\Kading\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_18437\CRX_INSTALL\witmain.js"

sh=80922BA3FBF9E5EDAC2F33FEE81CE59CAE701355 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.ROA trojan" ac=I fn="C:\Users\Kading\AppData\Local\Temp\jar_cache4241991285931522357.tmp"

sh=80922BA3FBF9E5EDAC2F33FEE81CE59CAE701355 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.ROA trojan" ac=I fn="C:\Users\Kading\AppData\Local\Temp\~+JF8411914495429276653.tmp"

sh=CEF28088B8E05D9F8390FED07FAD4CD142F44034 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.RJQ trojan" ac=I fn="C:\Users\Kading\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\465cb443-1d5f72cd"

sh=E77BB38FB93F38CC15EED2E16487B2C5DA34B6D2 ft=1 fh=7eab84a27bc8a8f1 vn="a variant of Win32/PCCleaners potentially unwanted application" ac=I fn="C:\Windows\uninst.exe"

sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"

sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"

deeprybka · July 30, 2014

OK,

step 3 please....

Can you please tell me which problems still persist now?

bamboni · July 30, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Kading (administrator) on KADING-PC on 30-07-2014 05:20:30