[RESOLVED] not sure if I have a virus

**eippob** · September 22nd, 2014, 11:29 PM

ComboFix 14-09-22.01 - Owner 09/22/2014 23:14:06.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2268 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-08-23 to 2014-09-23 )))))))))))))))))))))))))))))))
.
.
2014-09-23 03:20 . 2014-09-23 03:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-23 03:20 . 2014-09-23 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-23 02:03 . 2014-09-23 02:24 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B78E855-7E0A-42A6-B784-D8C11BECAAB0}\offreg.dll
2014-09-23 01:51 . 2014-09-23 02:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-23 01:31 . 2014-09-23 01:31 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-23 01:31 . 2014-09-23 01:31 -------- d-----w- c:\programdata\RogueKiller
2014-09-22 12:07 . 2014-09-08 22:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B78E855-7E0A-42A6-B784-D8C11BECAAB0}\mpengine.dll
2014-09-21 15:24 . 2014-09-08 22:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-20 19:34 . 2014-09-20 19:33 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C10E578-AB03-410F-A3E9-CFD17FCDF955}\gapaengine.dll
2014-09-20 19:32 . 2014-09-20 19:32 -------- d-----w- c:\program files\Microsoft Security Client
2014-09-20 19:20 . 2014-09-15 06:08 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6D1CC5E-F4B2-456F-9B35-EE1CE7474AEC}\mpengine.dll
2014-09-20 19:04 . 2014-09-20 19:04 -------- d-----w- C:\NPE
2014-09-20 00:23 . 2014-09-20 00:23 -------- d-----w- c:\programdata\AVAST Software
2014-09-19 22:41 . 2014-09-19 22:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-09-19 22:41 . 2014-09-19 22:41 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-09-19 22:41 . 2014-09-19 22:41 1060864 ----a-w- c:\windows\system32\mfc71.dll
2014-09-19 22:41 . 2014-09-19 22:41 -------- d-----w- c:\users\Owner\AppData\Local\AdTrustMedia
2014-09-19 22:40 . 2014-09-19 22:40 -------- d-----w- c:\programdata\Adtrustmedia
2014-09-19 22:39 . 2014-09-20 00:17 -------- d-----w- c:\program files\Comodo
2014-09-19 22:38 . 2014-09-20 00:11 -------- d-----w- c:\programdata\Comodo
2014-09-12 01:18 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-11 23:10 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-11 23:10 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-11 23:09 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-11 23:09 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-11 23:09 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-11 23:09 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-30 21:03 . 2014-08-30 21:03 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2014-08-28 16:57 . 2014-08-28 17:40 -------- d-----w- c:\programdata\McAfee Security Scan
2014-08-28 12:24 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 12:24 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-27 22:18 . 2010-06-14 20:04 273256 ------w- c:\windows\system32\HPDiscoPM8e11.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-23 01:51 . 2014-07-23 21:55 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-23 01:50 . 2014-07-23 21:54 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-22 06:41 . 2014-03-02 17:29 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-10 19:15 . 2014-03-03 20:50 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 19:15 . 2014-03-03 20:50 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-08 16:12 . 2014-08-08 16:12 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 22:05 . 2014-07-17 22:05 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 22:05 . 2014-07-17 22:05 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-16 02:46 . 2014-08-15 13:09 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-14 01:42 . 2014-08-15 13:09 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-09 01:29 . 2014-08-15 13:08 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29 . 2014-08-15 13:08 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-06-30 22:14 . 2014-08-15 13:54 8856 ----a-w- c:\windows\system32\icardres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-03 280576]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-03 1343400]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-04-01 49464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-03 19:15]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-22 23:23:02
ComboFix-quarantined-files.txt 2014-09-23 03:23
.
Pre-Run: 201,773,387,776 bytes free
Post-Run: 201,572,433,920 bytes free
.
- - End Of File - - 5AC1EB169C099E86D56831D387759D60
A36C5E4F47E84449FF07ED3517B43A31

**eippob** · September 22nd, 2014, 11:34 PM

Am I on track so far?

**Broni** · September 23rd, 2014, 12:55 AM

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

**eippob** · September 23rd, 2014, 08:36 AM

# AdwCleaner v3.310 - Report created 23/09/2014 at 08:28:35
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
File Deleted : C:\Users\Owner\daemonprocess.txt
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\searchplugins\ask-search.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\prefs.js ]

Line Deleted : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.99\",\"d\":\"091514\"},\"h\":{\"english.ctrip.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/googletagservices\\\\.com/i\",\"/partner\\\\.googlead[...]
Line Deleted : user_pref("extensions.trusted-ads.list_api", "{\"r\":[\"hxxp://a1supplements.com/\",\"hxxp://aactionair.net/\",\"hxxp://abcnews.go.com/\",\"hxxp://advanceautoparts.com/\",\"hxxp://afasterpc.com/\",\"h[...]
Line Deleted : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.72\",\"d\":\"061714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
Line Deleted : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]

*************************

AdwCleaner[R0].txt - [1900 octets] - [23/09/2014 08:26:26]
AdwCleaner[S0].txt - [1835 octets] - [23/09/2014 08:28:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1895 octets] ##########

**eippob** · September 23rd, 2014, 08:46 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Home Premium x86
Ran by Owner on Tue 09/23/2014 at 8:39:54.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Users\Owner\Local Settings\Application Data\adtrustmedia"

~~~ FireFox

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ompk3sxd.default\prefs.js

user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.99\",\"d\":\"091514\"},\"h\":{\"english.ctrip.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/googletagservices\\\\.com/i\
user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"exchange.colmeia.blog.br\",\"www.aglome
user_pref("extensions.trusted-ads.list_api", "{\"r\":[\"hxxp://a1supplements.com/\",\"hxxp://aactionair.net/\",\"hxxp://abcnews.go.com/\",\"hxxp://advanceautoparts.com/\",\"ht
user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.72\",\"d\":\"061714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp:/
user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%2
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ompk3sxd.default\minidumps [208 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/23/2014 at 8:41:26.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**eippob** · September 23rd, 2014, 08:51 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by Owner (administrator) on OWNER-PC on 23-09-2014 08:48:33
Running from C:\Users\Owner\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-03] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80156E57F736CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: PrivDog - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\Extensions\PrivDog@AdTrustMedia.com [2014-09-20]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 LSI_FC; \Syste-Root\system32\DRIVERS\lsi_fc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 08:48 - 2014-09-23 08:49 - 00006939 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-23 08:48 - 2014-09-23 08:48 - 01097728 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-09-23 08:48 - 2014-09-23 08:48 - 00000000 ____D () C:\FRST
2014-09-23 08:41 - 2014-09-23 08:41 - 00001934 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-23 08:39 - 2014-09-23 08:39 - 01024790 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-09-23 08:39 - 2014-09-23 08:39 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 08:26 - 2014-09-23 08:28 - 00000000 ____D () C:\AdwCleaner
2014-09-23 08:25 - 2014-09-23 08:25 - 01373475 _____ () C:\Users\Owner\Desktop\adwcleaner_3.310.exe
2014-09-22 23:37 - 2014-09-22 23:37 - 00009454 _____ () C:\Users\Owner\Desktop\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:23 - 00009454 _____ () C:\ComboFix.txt
2014-09-22 23:12 - 2014-09-22 23:23 - 00000000 ____D () C:\Qoobox
2014-09-22 23:12 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 23:12 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 23:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 23:11 - 2014-09-22 23:22 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 23:10 - 2014-09-22 23:11 - 05579290 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-09-22 21:51 - 2014-09-22 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 21:50 - 2014-09-22 22:01 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-09-22 21:48 - 2014-09-22 21:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 04877400 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-22 21:31 - 2014-09-22 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-22 13:26 - 2014-09-22 13:26 - 00013055 _____ () C:\Users\Owner\Desktop\attach.txt
2014-09-22 13:26 - 2014-09-22 13:26 - 00011492 _____ () C:\Users\Owner\Desktop\dds.txt
2014-09-22 13:24 - 2014-09-22 13:24 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-20 15:32 - 2014-09-20 15:32 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-20 15:32 - 2014-09-20 15:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-20 15:04 - 2014-09-20 15:04 - 00000000 ____D () C:\NPE
2014-09-19 20:23 - 2014-09-19 20:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 18:41 - 2014-09-19 18:41 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-09-19 18:39 - 2014-09-19 20:17 - 00000000 ____D () C:\Program Files\Comodo
2014-09-19 18:38 - 2014-09-19 20:11 - 00000000 ____D () C:\ProgramData\Comodo
2014-09-19 10:04 - 2014-09-19 10:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 21:19 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 21:19 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 21:19 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 21:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 21:19 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 21:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 21:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 21:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 21:19 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 21:19 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 21:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 21:19 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 21:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 21:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 21:19 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 21:19 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 21:19 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 21:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 21:19 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 21:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 21:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 21:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 21:19 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 21:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 21:19 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 21:19 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 21:19 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 21:19 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 21:19 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 21:19 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 21:18 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 19:10 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 19:10 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 19:09 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 19:09 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 19:09 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 19:09 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-30 17:03 - 2014-08-30 17:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-08-28 12:57 - 2014-08-28 13:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-28 08:24 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:24 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 18:18 - 2010-06-14 16:04 - 00273256 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM8e11.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 08:49 - 2014-09-23 08:48 - 00006939 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-23 08:48 - 2014-09-23 08:48 - 01097728 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-09-23 08:48 - 2014-09-23 08:48 - 00000000 ____D () C:\FRST
2014-09-23 08:42 - 2014-03-02 14:03 - 01287525 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 08:41 - 2014-09-23 08:41 - 00001934 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-23 08:39 - 2014-09-23 08:39 - 01024790 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-09-23 08:39 - 2014-09-23 08:39 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 08:37 - 2009-07-14 00:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 08:37 - 2009-07-14 00:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 08:30 - 2014-03-03 08:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-23 08:30 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 08:30 - 2009-07-14 00:39 - 00769352 _____ () C:\Windows\setupact.log
2014-09-23 08:29 - 2014-03-02 13:59 - 01521500 _____ () C:\Windows\PFRO.log
2014-09-23 08:28 - 2014-09-23 08:26 - 00000000 ____D () C:\AdwCleaner
2014-09-23 08:28 - 2014-03-02 13:56 - 00000000 ____D () C:\Users\Owner
2014-09-23 08:25 - 2014-09-23 08:25 - 01373475 _____ () C:\Users\Owner\Desktop\adwcleaner_3.310.exe
2014-09-22 23:37 - 2014-09-22 23:37 - 00009454 _____ () C:\Users\Owner\Desktop\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:23 - 00009454 _____ () C:\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:12 - 00000000 ____D () C:\Qoobox
2014-09-22 23:23 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-09-22 23:22 - 2014-09-22 23:11 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 23:20 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 23:15 - 2014-03-04 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 23:11 - 2014-09-22 23:10 - 05579290 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-09-22 22:01 - 2014-09-22 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 22:01 - 2014-09-22 21:50 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-09-22 21:51 - 2014-07-23 17:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 21:50 - 2014-07-23 17:54 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 21:49 - 2014-09-22 21:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 04877400 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-22 21:31 - 2014-09-22 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-22 13:26 - 2014-09-22 13:26 - 00013055 _____ () C:\Users\Owner\Desktop\attach.txt
2014-09-22 13:26 - 2014-09-22 13:26 - 00011492 _____ () C:\Users\Owner\Desktop\dds.txt
2014-09-22 13:24 - 2014-09-22 13:24 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-22 02:41 - 2014-03-02 13:29 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 18:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-21 12:27 - 2014-03-02 14:11 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 15:32 - 2014-09-20 15:32 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-20 15:32 - 2014-09-20 15:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-20 15:32 - 2014-03-03 17:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-20 15:30 - 2014-03-08 10:06 - 00000000 ____D () C:\ProgramData\Norton
2014-09-20 15:07 - 2014-03-08 21:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-09-20 15:07 - 2014-03-03 08:31 - 00067848 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-20 15:04 - 2014-09-20 15:04 - 00000000 ____D () C:\NPE
2014-09-20 15:04 - 2014-03-08 10:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-20 14:57 - 2009-07-14 00:33 - 00297880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-20 08:38 - 2011-09-13 09:00 - 00000000 ____D () C:\N360_BACKUP
2014-09-19 20:27 - 2014-07-23 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 20:27 - 2014-07-23 17:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-19 20:23 - 2014-09-19 20:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 20:17 - 2014-09-19 18:39 - 00000000 ____D () C:\Program Files\Comodo
2014-09-19 20:11 - 2014-09-19 18:38 - 00000000 ____D () C:\ProgramData\Comodo
2014-09-19 20:01 - 2014-03-03 17:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 19:48 - 2014-03-30 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-19 18:41 - 2014-09-19 18:41 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-09-19 10:04 - 2014-09-19 10:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-16 19:00 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-14 13:33 - 2014-03-04 10:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-09-12 10:50 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 09:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 21:18 - 2014-03-03 08:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 21:16 - 2014-03-03 08:35 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 21:15 - 2014-05-06 06:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 15:15 - 2014-03-03 16:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 15:15 - 2014-03-03 16:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-04 21:52 - 2014-09-11 19:09 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:47 - 2014-09-11 19:09 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 19:38 - 2009-07-14 00:53 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-30 17:03 - 2014-08-30 17:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-08-28 13:40 - 2014-08-28 12:57 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-27 18:17 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_32
2014-08-27 17:21 - 2014-03-04 10:48 - 00000000 ____D () C:\ProgramData\HP
2014-08-26 09:27 - 2014-06-25 16:42 - 00008543 _____ () C:\Users\Owner\Documents\Book1.xlsx

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 15:13

==================== End Of Log ============================

**eippob** · September 23rd, 2014, 08:51 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by Owner at 2014-09-23 08:49:35
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{BE962181-E347-464E-AE70-276DD63A8293}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{631A1171-8FC6-4E2F-83EB-BE8AC1DB7A56}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Quicken 2010 (HKLM\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

20-09-2014 18:51:51 Norton Security Suite Registry
23-09-2014 01:43:18 manicmonday
23-09-2014 12:40:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {57FA5A47-12F7-42DD-8D7C-278D014290A6} - System32\Tasks\{699FEE33-5C09-4D22-93D2-2B5E785A89EF} => C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-08-05] (Adobe Systems Incorporated)
Task: {57FD4CCE-B0CD-4870-89F5-4F19A49902FE} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {932CC7E8-D399-4CBA-BEE3-2CDB1C307A88} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BF0D89CF-4D0D-49D0-A895-02CE43E5996B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {E42794A4-C157-4FEA-9AB9-69D9C195105C} - System32\Tasks\{3D558987-7906-49A6-B8EE-90303902A282} => C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-08-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-03 08:37 - 2013-10-23 03:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-19 10:04 - 2014-09-19 10:04 - 03734640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/27/2014 03:40:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4709 seconds with 240 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2014-09-18 15:33:24.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-18 15:33:24.658
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-18 15:33:24.510
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-18 15:33:24.158
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-18 15:33:24.016
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-18 15:33:23.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-27 14:54:40.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-27 14:54:40.190
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-27 14:54:40.008
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-27 14:54:39.617
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appid.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) 5000 Dual-Core Processor
Percentage of memory in use: 35%
Total physical RAM: 3327.24 MB
Available physical RAM: 2148.98 MB
Total Pagefile: 6652.77 MB
Available Pagefile: 5419.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:187.46 GB) NTFS
Drive f: (Lexar) (Removable) (Total:7.3 GB) (Free:7.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8B8A44D0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.3 GB) - (Type=0C)

==================== End Of Log ============================

**eippob** · September 23rd, 2014, 09:00 AM

Was I suppose to click on Clean with the Faber Recovery Tool? I didn't

**Broni** · September 23rd, 2014, 07:58 PM

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

**eippob** · September 23rd, 2014, 08:42 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2014
Ran by Owner at 2014-09-23 20:40:51 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF Extension: PrivDog - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\Extensions\PrivDog@AdTrustMedia.com [2014-09-20]
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\Extensions\PrivDog@AdTrustMedia.com
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 LSI_FC; \Syste-Root\system32\DRIVERS\lsi_fc.sys [X]
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe

*****************

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\Extensions\PrivDog@AdTrustMedia.com => Moved successfully.
"C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\Extensions\PrivDog@AdTrustMedia.com" => File/Directory not found.
catchme => Service deleted successfully.
LSI_FC => Service deleted successfully.
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

**eippob** · September 23rd, 2014, 08:43 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by Owner (administrator) on OWNER-PC on 23-09-2014 08:48:33
Running from C:\Users\Owner\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-03] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80156E57F736CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: PrivDog - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\Extensions\PrivDog@AdTrustMedia.com [2014-09-20]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 LSI_FC; \Syste-Root\system32\DRIVERS\lsi_fc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 08:48 - 2014-09-23 08:49 - 00006939 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-23 08:48 - 2014-09-23 08:48 - 01097728 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-09-23 08:48 - 2014-09-23 08:48 - 00000000 ____D () C:\FRST
2014-09-23 08:41 - 2014-09-23 08:41 - 00001934 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-23 08:39 - 2014-09-23 08:39 - 01024790 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-09-23 08:39 - 2014-09-23 08:39 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 08:26 - 2014-09-23 08:28 - 00000000 ____D () C:\AdwCleaner
2014-09-23 08:25 - 2014-09-23 08:25 - 01373475 _____ () C:\Users\Owner\Desktop\adwcleaner_3.310.exe
2014-09-22 23:37 - 2014-09-22 23:37 - 00009454 _____ () C:\Users\Owner\Desktop\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:23 - 00009454 _____ () C:\ComboFix.txt
2014-09-22 23:12 - 2014-09-22 23:23 - 00000000 ____D () C:\Qoobox
2014-09-22 23:12 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 23:12 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 23:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 23:11 - 2014-09-22 23:22 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 23:10 - 2014-09-22 23:11 - 05579290 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-09-22 21:51 - 2014-09-22 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 21:50 - 2014-09-22 22:01 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-09-22 21:48 - 2014-09-22 21:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 04877400 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-22 21:31 - 2014-09-22 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-22 13:26 - 2014-09-22 13:26 - 00013055 _____ () C:\Users\Owner\Desktop\attach.txt
2014-09-22 13:26 - 2014-09-22 13:26 - 00011492 _____ () C:\Users\Owner\Desktop\dds.txt
2014-09-22 13:24 - 2014-09-22 13:24 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-20 15:32 - 2014-09-20 15:32 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-20 15:32 - 2014-09-20 15:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-20 15:04 - 2014-09-20 15:04 - 00000000 ____D () C:\NPE
2014-09-19 20:23 - 2014-09-19 20:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 18:41 - 2014-09-19 18:41 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-09-19 18:39 - 2014-09-19 20:17 - 00000000 ____D () C:\Program Files\Comodo
2014-09-19 18:38 - 2014-09-19 20:11 - 00000000 ____D () C:\ProgramData\Comodo
2014-09-19 10:04 - 2014-09-19 10:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 21:19 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 21:19 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 21:19 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 21:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 21:19 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 21:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 21:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 21:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 21:19 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 21:19 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 21:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 21:19 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 21:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 21:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 21:19 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 21:19 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 21:19 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 21:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 21:19 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 21:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 21:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 21:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 21:19 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 21:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 21:19 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 21:19 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 21:19 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 21:19 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 21:19 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 21:19 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 21:18 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 19:10 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 19:10 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 19:09 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 19:09 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 19:09 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 19:09 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-30 17:03 - 2014-08-30 17:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-08-28 12:57 - 2014-08-28 13:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-28 08:24 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:24 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 18:18 - 2010-06-14 16:04 - 00273256 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM8e11.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 08:49 - 2014-09-23 08:48 - 00006939 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-23 08:48 - 2014-09-23 08:48 - 01097728 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-09-23 08:48 - 2014-09-23 08:48 - 00000000 ____D () C:\FRST
2014-09-23 08:42 - 2014-03-02 14:03 - 01287525 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 08:41 - 2014-09-23 08:41 - 00001934 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-23 08:39 - 2014-09-23 08:39 - 01024790 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-09-23 08:39 - 2014-09-23 08:39 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 08:37 - 2009-07-14 00:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 08:37 - 2009-07-14 00:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 08:30 - 2014-03-03 08:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-23 08:30 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 08:30 - 2009-07-14 00:39 - 00769352 _____ () C:\Windows\setupact.log
2014-09-23 08:29 - 2014-03-02 13:59 - 01521500 _____ () C:\Windows\PFRO.log
2014-09-23 08:28 - 2014-09-23 08:26 - 00000000 ____D () C:\AdwCleaner
2014-09-23 08:28 - 2014-03-02 13:56 - 00000000 ____D () C:\Users\Owner
2014-09-23 08:25 - 2014-09-23 08:25 - 01373475 _____ () C:\Users\Owner\Desktop\adwcleaner_3.310.exe
2014-09-22 23:37 - 2014-09-22 23:37 - 00009454 _____ () C:\Users\Owner\Desktop\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:23 - 00009454 _____ () C:\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:12 - 00000000 ____D () C:\Qoobox
2014-09-22 23:23 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-09-22 23:22 - 2014-09-22 23:11 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 23:20 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 23:15 - 2014-03-04 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 23:11 - 2014-09-22 23:10 - 05579290 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-09-22 22:01 - 2014-09-22 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 22:01 - 2014-09-22 21:50 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-09-22 21:51 - 2014-07-23 17:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 21:50 - 2014-07-23 17:54 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 21:49 - 2014-09-22 21:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 04877400 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-22 21:31 - 2014-09-22 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-22 13:26 - 2014-09-22 13:26 - 00013055 _____ () C:\Users\Owner\Desktop\attach.txt
2014-09-22 13:26 - 2014-09-22 13:26 - 00011492 _____ () C:\Users\Owner\Desktop\dds.txt
2014-09-22 13:24 - 2014-09-22 13:24 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-22 02:41 - 2014-03-02 13:29 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 18:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-21 12:27 - 2014-03-02 14:11 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 15:32 - 2014-09-20 15:32 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-20 15:32 - 2014-09-20 15:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-20 15:32 - 2014-03-03 17:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-20 15:30 - 2014-03-08 10:06 - 00000000 ____D () C:\ProgramData\Norton
2014-09-20 15:07 - 2014-03-08 21:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-09-20 15:07 - 2014-03-03 08:31 - 00067848 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-20 15:04 - 2014-09-20 15:04 - 00000000 ____D () C:\NPE
2014-09-20 15:04 - 2014-03-08 10:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-20 14:57 - 2009-07-14 00:33 - 00297880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-20 08:38 - 2011-09-13 09:00 - 00000000 ____D () C:\N360_BACKUP
2014-09-19 20:27 - 2014-07-23 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 20:27 - 2014-07-23 17:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-19 20:23 - 2014-09-19 20:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 20:17 - 2014-09-19 18:39 - 00000000 ____D () C:\Program Files\Comodo
2014-09-19 20:11 - 2014-09-19 18:38 - 00000000 ____D () C:\ProgramData\Comodo
2014-09-19 20:01 - 2014-03-03 17:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 19:48 - 2014-03-30 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-19 18:41 - 2014-09-19 18:41 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-09-19 10:04 - 2014-09-19 10:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-16 19:00 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-14 13:33 - 2014-03-04 10:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-09-12 10:50 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 09:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 21:18 - 2014-03-03 08:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 21:16 - 2014-03-03 08:35 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 21:15 - 2014-05-06 06:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 15:15 - 2014-03-03 16:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 15:15 - 2014-03-03 16:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-04 21:52 - 2014-09-11 19:09 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:47 - 2014-09-11 19:09 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 19:38 - 2009-07-14 00:53 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-30 17:03 - 2014-08-30 17:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-08-28 13:40 - 2014-08-28 12:57 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-27 18:17 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_32
2014-08-27 17:21 - 2014-03-04 10:48 - 00000000 ____D () C:\ProgramData\HP
2014-08-26 09:27 - 2014-06-25 16:42 - 00008543 _____ () C:\Users\Owner\Documents\Book1.xlsx

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 15:13

==================== End Of Log ============================

**Broni** · September 23rd, 2014, 08:54 PM

Good.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Internet Explorer users - Click on this link to open ESET OnlineScan.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
- Double click on the [img=http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png] icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.[/*]
Check "Enable detection of potentially unwanted applications".
Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
Do NOT checkmark "Use custom proxy settings"
Click the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats[/*]
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

**eippob** · September 23rd, 2014, 08:57 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by Owner (administrator) on OWNER-PC on 23-09-2014 08:48:33
Running from C:\Users\Owner\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-03] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80156E57F736CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: PrivDog - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\Extensions\PrivDog@AdTrustMedia.com [2014-09-20]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 LSI_FC; \Syste-Root\system32\DRIVERS\lsi_fc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 08:48 - 2014-09-23 08:49 - 00006939 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-23 08:48 - 2014-09-23 08:48 - 01097728 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-09-23 08:48 - 2014-09-23 08:48 - 00000000 ____D () C:\FRST
2014-09-23 08:41 - 2014-09-23 08:41 - 00001934 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-23 08:39 - 2014-09-23 08:39 - 01024790 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-09-23 08:39 - 2014-09-23 08:39 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 08:26 - 2014-09-23 08:28 - 00000000 ____D () C:\AdwCleaner
2014-09-23 08:25 - 2014-09-23 08:25 - 01373475 _____ () C:\Users\Owner\Desktop\adwcleaner_3.310.exe
2014-09-22 23:37 - 2014-09-22 23:37 - 00009454 _____ () C:\Users\Owner\Desktop\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:23 - 00009454 _____ () C:\ComboFix.txt
2014-09-22 23:12 - 2014-09-22 23:23 - 00000000 ____D () C:\Qoobox
2014-09-22 23:12 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 23:12 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 23:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 23:12 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 23:11 - 2014-09-22 23:22 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 23:10 - 2014-09-22 23:11 - 05579290 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-09-22 21:51 - 2014-09-22 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 21:50 - 2014-09-22 22:01 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-09-22 21:48 - 2014-09-22 21:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 04877400 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-22 21:31 - 2014-09-22 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-22 13:26 - 2014-09-22 13:26 - 00013055 _____ () C:\Users\Owner\Desktop\attach.txt
2014-09-22 13:26 - 2014-09-22 13:26 - 00011492 _____ () C:\Users\Owner\Desktop\dds.txt
2014-09-22 13:24 - 2014-09-22 13:24 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-20 15:32 - 2014-09-20 15:32 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-20 15:32 - 2014-09-20 15:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-20 15:04 - 2014-09-20 15:04 - 00000000 ____D () C:\NPE
2014-09-19 20:23 - 2014-09-19 20:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 18:41 - 2014-09-19 18:41 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-09-19 18:39 - 2014-09-19 20:17 - 00000000 ____D () C:\Program Files\Comodo
2014-09-19 18:38 - 2014-09-19 20:11 - 00000000 ____D () C:\ProgramData\Comodo
2014-09-19 10:04 - 2014-09-19 10:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 21:19 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 21:19 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 21:19 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 21:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 21:19 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 21:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 21:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 21:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 21:19 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 21:19 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 21:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 21:19 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 21:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 21:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 21:19 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 21:19 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 21:19 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 21:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 21:19 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 21:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 21:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 21:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 21:19 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 21:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 21:19 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 21:19 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 21:19 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 21:19 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 21:19 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 21:19 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 21:18 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 19:10 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 19:10 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 19:09 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 19:09 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 19:09 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 19:09 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-30 17:03 - 2014-08-30 17:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-08-28 12:57 - 2014-08-28 13:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-28 08:24 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:24 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 18:18 - 2010-06-14 16:04 - 00273256 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM8e11.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 08:49 - 2014-09-23 08:48 - 00006939 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-23 08:48 - 2014-09-23 08:48 - 01097728 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-09-23 08:48 - 2014-09-23 08:48 - 00000000 ____D () C:\FRST
2014-09-23 08:42 - 2014-03-02 14:03 - 01287525 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 08:41 - 2014-09-23 08:41 - 00001934 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-23 08:39 - 2014-09-23 08:39 - 01024790 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-09-23 08:39 - 2014-09-23 08:39 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 08:37 - 2009-07-14 00:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 08:37 - 2009-07-14 00:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 08:30 - 2014-03-03 08:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-23 08:30 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 08:30 - 2009-07-14 00:39 - 00769352 _____ () C:\Windows\setupact.log
2014-09-23 08:29 - 2014-03-02 13:59 - 01521500 _____ () C:\Windows\PFRO.log
2014-09-23 08:28 - 2014-09-23 08:26 - 00000000 ____D () C:\AdwCleaner
2014-09-23 08:28 - 2014-03-02 13:56 - 00000000 ____D () C:\Users\Owner
2014-09-23 08:25 - 2014-09-23 08:25 - 01373475 _____ () C:\Users\Owner\Desktop\adwcleaner_3.310.exe
2014-09-22 23:37 - 2014-09-22 23:37 - 00009454 _____ () C:\Users\Owner\Desktop\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:23 - 00009454 _____ () C:\ComboFix.txt
2014-09-22 23:23 - 2014-09-22 23:12 - 00000000 ____D () C:\Qoobox
2014-09-22 23:23 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-09-22 23:22 - 2014-09-22 23:11 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 23:20 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 23:15 - 2014-03-04 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 23:11 - 2014-09-22 23:10 - 05579290 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-09-22 22:01 - 2014-09-22 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 22:01 - 2014-09-22 21:50 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-09-22 21:51 - 2014-07-23 17:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 21:50 - 2014-07-23 17:54 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 21:49 - 2014-09-22 21:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 04877400 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-09-22 21:31 - 2014-09-22 21:31 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-22 21:31 - 2014-09-22 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-22 13:26 - 2014-09-22 13:26 - 00013055 _____ () C:\Users\Owner\Desktop\attach.txt
2014-09-22 13:26 - 2014-09-22 13:26 - 00011492 _____ () C:\Users\Owner\Desktop\dds.txt
2014-09-22 13:24 - 2014-09-22 13:24 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-22 02:41 - 2014-03-02 13:29 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 18:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-21 12:27 - 2014-03-02 14:11 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 15:32 - 2014-09-20 15:32 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-20 15:32 - 2014-09-20 15:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-20 15:32 - 2014-03-03 17:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-20 15:30 - 2014-03-08 10:06 - 00000000 ____D () C:\ProgramData\Norton
2014-09-20 15:07 - 2014-03-08 21:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-09-20 15:07 - 2014-03-03 08:31 - 00067848 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-20 15:04 - 2014-09-20 15:04 - 00000000 ____D () C:\NPE
2014-09-20 15:04 - 2014-03-08 10:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-20 14:57 - 2009-07-14 00:33 - 00297880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-20 08:38 - 2011-09-13 09:00 - 00000000 ____D () C:\N360_BACKUP
2014-09-19 20:27 - 2014-07-23 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 20:27 - 2014-07-23 17:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-19 20:23 - 2014-09-19 20:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 20:17 - 2014-09-19 18:39 - 00000000 ____D () C:\Program Files\Comodo
2014-09-19 20:11 - 2014-09-19 18:38 - 00000000 ____D () C:\ProgramData\Comodo
2014-09-19 20:01 - 2014-03-03 17:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 19:48 - 2014-03-30 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-19 18:41 - 2014-09-19 18:41 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-09-19 18:41 - 2014-09-19 18:41 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-09-19 10:04 - 2014-09-19 10:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-16 19:00 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-14 13:33 - 2014-03-04 10:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-09-12 10:50 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 09:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 21:18 - 2014-03-03 08:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 21:16 - 2014-03-03 08:35 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 21:15 - 2014-05-06 06:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 15:15 - 2014-03-03 16:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 15:15 - 2014-03-03 16:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-04 21:52 - 2014-09-11 19:09 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:47 - 2014-09-11 19:09 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 19:38 - 2009-07-14 00:53 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-30 17:03 - 2014-08-30 17:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-08-28 13:40 - 2014-08-28 12:57 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-27 18:17 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_32
2014-08-27 17:21 - 2014-03-04 10:48 - 00000000 ____D () C:\ProgramData\HP
2014-08-26 09:27 - 2014-06-25 16:42 - 00008543 _____ () C:\Users\Owner\Documents\Book1.xlsx

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 15:13

==================== End Of Log ============================

**eippob** · September 23rd, 2014, 09:02 PM

this is what happened when I ran security check?
UNSUPPORTED OPERATING SYSTEM! ABORTED!

**eippob** · September 23rd, 2014, 09:12 PM

Originally Posted by eippob

this is what happened when I ran security check?
UNSUPPORTED OPERATING SYSTEM! ABORTED!

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.2)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Thread: [RESOLVED] not sure if I have a virus

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Posting Permissions