[RESOLVED] what does this mean? - Page 2
Page 2 of 6 FirstFirst 1234 ... LastLast
Results 16 to 30 of 78

Thread: [RESOLVED] what does this mean?

  1. #16
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  2. #17
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    ComboFix 14-10-04.01 - Owner 10/06/2014 9:18.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2302 [GMT -4:00]
    Running from: c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN4OLX34\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\erdnt\cache\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-09-06 to 2014-10-06 )))))))))))))))))))))))))))))))
    .
    .
    2014-10-06 13:24 . 2014-10-06 13:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-10-06 13:24 . 2014-10-06 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-06 12:53 . 2014-10-06 12:53 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36E6D739-3A6B-4825-865E-1C98DB2338DD}\MpKsl0976fed1.sys
    2014-10-06 12:53 . 2014-10-06 13:26 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36E6D739-3A6B-4825-865E-1C98DB2338DD}\offreg.dll
    2014-10-06 02:07 . 2014-10-06 02:18 -------- d-----w- c:\program files\Google
    2014-10-06 02:07 . 2014-10-06 02:18 -------- d-----w- c:\users\Owner\AppData\Local\Google
    2014-10-06 01:24 . 2014-09-08 22:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36E6D739-3A6B-4825-865E-1C98DB2338DD}\mpengine.dll
    2014-10-05 16:30 . 2014-09-08 22:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-10-05 14:43 . 2014-10-05 14:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Visan
    2014-10-05 14:42 . 2014-10-05 14:42 -------- d-----w- c:\programdata\Visan
    2014-10-02 00:12 . 2014-09-20 19:33 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C90E5CE-D21D-473A-B335-119576EAF4E1}\gapaengine.dll
    2014-10-02 00:05 . 2014-10-02 00:05 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
    2014-10-02 00:05 . 2014-10-02 00:05 -------- d-----w- c:\program files\Secunia
    2014-10-01 12:26 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-24 13:28 . 2014-09-20 19:33 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-09-24 13:22 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-23 12:39 . 2014-09-24 23:53 -------- d-----w- c:\windows\ERUNT
    2014-09-23 01:51 . 2014-10-06 04:33 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-09-23 01:31 . 2014-10-06 04:05 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-09-23 01:31 . 2014-09-23 01:31 -------- d-----w- c:\programdata\RogueKiller
    2014-09-20 19:32 . 2014-09-20 19:32 -------- d-----w- c:\program files\Microsoft Security Client
    2014-09-20 19:04 . 2014-09-20 19:04 -------- d-----w- C:\NPE
    2014-09-20 00:23 . 2014-10-06 02:05 -------- d-----w- c:\programdata\AVAST Software
    2014-09-19 22:41 . 2014-09-19 22:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2014-09-19 22:41 . 2014-09-19 22:41 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2014-09-19 22:41 . 2014-09-19 22:41 1060864 ----a-w- c:\windows\system32\mfc71.dll
    2014-09-19 22:39 . 2014-09-20 00:17 -------- d-----w- c:\program files\Comodo
    2014-09-19 22:38 . 2014-09-20 00:11 -------- d-----w- c:\programdata\Comodo
    2014-09-12 01:18 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2014-09-11 23:10 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-09-11 23:10 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-09-11 23:09 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-09-11 23:09 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-09-11 23:09 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
    2014-09-11 23:09 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-10-06 04:23 . 2014-07-23 21:55 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-06 04:21 . 2014-07-23 21:54 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-06 02:06 . 2014-10-06 02:06 414392 ----a-w- c:\windows\system32\drivers\aswsp.sys.1412561303936
    2014-09-24 18:15 . 2014-03-03 20:50 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-09-24 18:15 . 2014-03-03 20:50 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-09-22 06:41 . 2014-03-02 17:29 231568 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-15 06:08 . 2014-09-20 19:20 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6D1CC5E-F4B2-456F-9B35-EE1CE7474AEC}\mpengine.dll
    2014-08-23 01:46 . 2014-08-28 12:24 305152 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 00:42 . 2014-08-28 12:24 2352640 ----a-w- c:\windows\system32\win32k.sys
    2014-08-08 16:12 . 2014-08-08 16:12 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2014-07-17 22:05 . 2014-07-17 22:05 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2014-07-17 22:05 . 2014-07-17 22:05 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2014-07-14 01:42 . 2014-08-15 13:09 654336 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-07-09 01:29 . 2014-08-15 13:08 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
    2014-07-09 01:29 . 2014-08-15 13:08 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-03 280576]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableSecureUIAPath"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-03 1343400]
    S1 MpKsl0976fed1;MpKsl0976fed1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36E6D739-3A6B-4825-865E-1C98DB2338DD}\MpKsl0976fed1.sys [2014-10-06 39464]
    S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-04-01 49464]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-03 18:15]
    .
    2014-10-06 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\Communicator.exe [2011-02-21 10:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
    c:\program files\NVIDIA Corporation\Display\nvtray.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\DllHost.exe
    c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2014-10-06 09:31:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-10-06 13:31
    .
    Pre-Run: 198,172,549,120 bytes free
    Post-Run: 197,770,829,824 bytes free
    .
    - - End Of File - - DE08A81FA44303991855401038FCE0EB
    A36C5E4F47E84449FF07ED3517B43A31

  3. #18
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.




    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

  4. #19
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    I clicked scan on the Adware and it just sits there and it says Pending Please unckeck elements you dont want to remove.
    I didnt know what to do. Thank you
    I figured it out sorry
    Last edited by eippob; October 6th, 2014 at 09:06 PM.

  5. #20
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    # AdwCleaner v3.311 - Report created 06/10/2014 at 21:03:44
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Desktop\adwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v32.0.3 (x86 en-US)

    [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\prefs.js ]

    Line Deleted : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.99\",\"d\":\"091514\"},\"h\":{\"english.ctrip.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/googletagservices\\\\.com/i\",\"/partner\\\\.googlead[...]
    Line Deleted : user_pref("extensions.trusted-ads.list_api", "{\"r\":[\"hxxp://a1supplements.com/\",\"hxxp://aactionair.net/\",\"hxxp://abcnews.go.com/\",\"hxxp://advanceautoparts.com/\",\"hxxp://afasterpc.com/\",\"h[...]
    Line Deleted : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.72\",\"d\":\"061714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
    Line Deleted : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]

    *************************

    AdwCleaner[R0].txt - [1702 octets] - [06/10/2014 20:46:06]
    AdwCleaner[R1].txt - [1762 octets] - [06/10/2014 20:56:50]
    AdwCleaner[S0].txt - [1691 octets] - [06/10/2014 21:03:44]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1751 octets] ##########

  6. #21
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    # AdwCleaner v3.311 - Report created 06/10/2014 at 21:03:44
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Desktop\adwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v32.0.3 (x86 en-US)

    [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\prefs.js ]

    Line Deleted : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.99\",\"d\":\"091514\"},\"h\":{\"english.ctrip.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/googletagservices\\\\.com/i\",\"/partner\\\\.googlead[...]
    Line Deleted : user_pref("extensions.trusted-ads.list_api", "{\"r\":[\"hxxp://a1supplements.com/\",\"hxxp://aactionair.net/\",\"hxxp://abcnews.go.com/\",\"hxxp://advanceautoparts.com/\",\"hxxp://afasterpc.com/\",\"h[...]
    Line Deleted : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.72\",\"d\":\"061714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
    Line Deleted : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]

    *************************

    AdwCleaner[R0].txt - [1702 octets] - [06/10/2014 20:46:06]
    AdwCleaner[R1].txt - [1762 octets] - [06/10/2014 20:56:50]
    AdwCleaner[S0].txt - [1691 octets] - [06/10/2014 21:03:44]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1751 octets] ##########

  7. #22
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.1 (10.06.2014:1)
    OS: Windows 7 Home Premium x86
    Ran by Owner on Mon 10/06/2014 at 21:07:32.02
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ompk3sxd.default\prefs.js

    user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"exchange.colmeia.blog.br\",\"www.aglome
    user_pref("extensions.trusted-ads.serp_about", "\"%2F*!%20serp-about%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%
    user_pref("extensions.trusted-ads.serp_ask", "\"%2F*!%20serp-ask%20-%20v0.1.8%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B
    user_pref("extensions.trusted-ads.serp_bing", "\"%2F*!%20serp-bing%20-%20v2.7.3%20-%202014-08-06%2014%3A07%3A00%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0D%0Avar%20isIE%20%3D%20n
    user_pref("extensions.trusted-ads.serp_google", "\"%2F*!%20serp-google%20-%20v1.7.0.10%20-%202014-06-04%2018%3A28%3A39%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0Avar%20isIE%20%3D
    user_pref("extensions.trusted-ads.serp_whitepages", "\"%2F*!%20serp-whitepages%20-%20v2.7.2%20-%202014-08-06%2014%3A06%3A57%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0D%0Avar%20is
    user_pref("extensions.trusted-ads.serp_yellowpages", "\"%2F*!%20serp-yellowpages%20-%20v0.1.11%20-%202014-05-26%2016%3A28%3A20%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0Avar%20is
    Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ompk3sxd.default\minidumps [20 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 10/06/2014 at 21:09:10.27
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  8. #23
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014 01
    Ran by Owner at 2014-10-06 21:14:18
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
    HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{BE962181-E347-464E-AE70-276DD63A8293}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
    HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{631A1171-8FC6-4E2F-83EB-BE8AC1DB7A56}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Solutions Framework (HKLM\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
    NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
    Quicken 2010 (HKLM\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)
    Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    24-09-2014 23:53:46 End of disinfection
    28-09-2014 13:02:32 Windows Update
    01-10-2014 17:21:43 Windows Update
    05-10-2014 16:29:06 Windows Update
    06-10-2014 02:04:50 avast! antivirus system restore point
    06-10-2014 02:14:53 avast! antivirus system restore point
    06-10-2014 04:18:02 newstart

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:04 - 2014-10-06 09:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {57FA5A47-12F7-42DD-8D7C-278D014290A6} - System32\Tasks\{699FEE33-5C09-4D22-93D2-2B5E785A89EF} => C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-09-12] (Adobe Systems Incorporated)
    Task: {57FD4CCE-B0CD-4870-89F5-4F19A49902FE} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {5E23D648-A777-48D8-BD16-5C96FEB80154} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
    Task: {932CC7E8-D399-4CBA-BEE3-2CDB1C307A88} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {BF0D89CF-4D0D-49D0-A895-02CE43E5996B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
    Task: {E42794A4-C157-4FEA-9AB9-69D9C195105C} - System32\Tasks\{3D558987-7906-49A6-B8EE-90303902A282} => C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-09-12] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-03 08:37 - 2013-10-23 03:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-09-25 10:30 - 2014-09-25 10:30 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2014-09-10 15:15 - 2014-09-10 15:15 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2164463356-152717825-832642245-500 - Administrator - Disabled)
    Guest (S-1-5-21-2164463356-152717825-832642245-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2164463356-152717825-832642245-1004 - Limited - Enabled)
    Owner (S-1-5-21-2164463356-152717825-832642245-1001 - Administrator - Enabled) => C:\Users\Owner
    UpdatusUser (S-1-5-21-2164463356-152717825-832642245-1005 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (06/27/2014 03:40:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4709 seconds with 240 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-18 15:33:24.800
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 15:33:24.658
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 15:33:24.510
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 15:33:24.158
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appid.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 15:33:24.016
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appid.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-18 15:33:23.869
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appid.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-27 14:54:40.368
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-27 14:54:40.190
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-27 14:54:40.008
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-27 14:54:39.617
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22318_none_59e0fbb029838c63\appid.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 5000 Dual-Core Processor
    Percentage of memory in use: 35%
    Total physical RAM: 3327.24 MB
    Available physical RAM: 2143.3 MB
    Total Pagefile: 6652.77 MB
    Available Pagefile: 5424.32 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1893.09 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:184 GB) NTFS
    Drive f: (Lexar) (Removable) (Total:7.3 GB) (Free:7.2 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=7.3 GB) - (Type=0C)

    ==================== End Of Log ============================

  9. #24
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
    Ran by Owner (administrator) on OWNER-PC on 06-10-2014 21:13:28
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner & UpdatusUser (Available profiles: Owner & UpdatusUser)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Secunia) C:\Program Files\Secunia\PSI\psia.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Secunia) C:\Program Files\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-03] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80156E57F736CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default
    FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
    FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
    FF Homepage: https://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: WOT - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ompk3sxd.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-25]

    Chrome:
    =======

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
    R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R1 MpKslf025bc10; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72B6BA0E-30C7-40A9-92D6-F989D34C1963}\MpKslf025bc10.sys [39464 2014-10-06] (Microsoft Corporation)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-06 21:13 - 2014-10-06 21:14 - 00008083 _____ () C:\Users\Owner\Desktop\FRST.txt
    2014-10-06 21:13 - 2014-10-06 21:13 - 01101312 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
    2014-10-06 21:13 - 2014-10-06 21:13 - 00000000 ____D () C:\FRST
    2014-10-06 21:09 - 2014-10-06 21:09 - 00002129 _____ () C:\Users\Owner\Desktop\JRT.txt
    2014-10-06 21:07 - 2014-10-06 21:07 - 01705141 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
    2014-10-06 20:46 - 2014-10-06 21:03 - 00000000 ____D () C:\AdwCleaner
    2014-10-06 20:45 - 2014-10-06 20:45 - 01375089 _____ () C:\Users\Owner\Desktop\adwcleaner_3.311.exe
    2014-10-06 12:51 - 2014-10-06 12:51 - 00008997 _____ () C:\Users\Owner\Documents\2014 income.xlsx
    2014-10-06 10:39 - 2014-04-24 17:02 - 00128039 _____ () C:\Users\Owner\Documents\First Edition - Copy.odt
    2014-10-06 09:31 - 2014-10-06 09:31 - 00012143 _____ () C:\ComboFix.txt
    2014-10-06 09:17 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-06 09:17 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-06 09:17 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-06 09:17 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-06 09:17 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-06 09:17 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-06 09:17 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-06 09:17 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-06 09:16 - 2014-10-06 09:31 - 00000000 ____D () C:\Qoobox
    2014-10-06 00:21 - 2014-10-06 00:33 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
    2014-10-06 00:15 - 2014-10-06 00:15 - 00002973 _____ () C:\Users\Owner\Desktop\RKreport_DEL_10062014_001253.log
    2014-10-06 00:02 - 2014-10-06 00:02 - 04893784 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
    2014-10-05 22:57 - 2014-10-06 14:34 - 00000000 ____D () C:\Users\Owner\Desktop\odd stuff
    2014-10-05 22:45 - 2014-10-05 22:46 - 00013393 _____ () C:\Users\Owner\Desktop\dds.txt
    2014-10-05 22:45 - 2014-10-05 22:46 - 00006066 _____ () C:\Users\Owner\Desktop\attach.txt
    2014-10-05 22:07 - 2014-10-05 22:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
    2014-10-05 22:07 - 2014-10-05 22:18 - 00000000 ____D () C:\Program Files\Google
    2014-10-05 22:06 - 2014-10-05 22:06 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1412561303936
    2014-10-05 10:43 - 2014-10-05 10:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Visan
    2014-10-05 10:42 - 2014-10-06 20:42 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
    2014-10-05 10:42 - 2014-10-05 10:42 - 00000000 ____D () C:\ProgramData\Visan
    2014-10-05 10:25 - 2014-10-05 10:25 - 00000377 _____ () C:\Windows\SecuniaPackage.log
    2014-10-05 10:17 - 2014-10-05 10:17 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    2014-10-01 20:05 - 2014-10-01 20:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\Secunia PSI
    2014-10-01 20:05 - 2014-10-01 20:05 - 00000000 ____D () C:\Program Files\Secunia
    2014-10-01 08:26 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-09-25 10:30 - 2014-09-25 10:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-09-24 19:53 - 2014-09-24 19:54 - 00001479 _____ () C:\DelFix.txt
    2014-09-24 09:22 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-23 08:39 - 2014-09-24 19:53 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-22 23:37 - 2014-09-22 23:37 - 00000556 _____ () C:\Users\Owner\Desktop\ComboFix.lnk
    2014-09-22 23:11 - 2014-10-06 09:26 - 00000000 ____D () C:\Windows\erdnt
    2014-09-22 21:51 - 2014-10-06 00:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-09-22 21:31 - 2014-10-06 00:05 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-09-22 21:31 - 2014-09-22 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-20 15:32 - 2014-09-20 15:32 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-09-20 15:32 - 2014-09-20 15:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-09-20 15:04 - 2014-09-20 15:04 - 00000000 ____D () C:\NPE
    2014-09-19 20:23 - 2014-10-05 22:05 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-09-19 18:41 - 2014-09-19 18:41 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
    2014-09-19 18:41 - 2014-09-19 18:41 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
    2014-09-19 18:41 - 2014-09-19 18:41 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
    2014-09-19 18:39 - 2014-09-19 20:17 - 00000000 ____D () C:\Program Files\Comodo
    2014-09-19 18:38 - 2014-09-19 20:11 - 00000000 ____D () C:\ProgramData\Comodo
    2014-09-11 21:19 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-11 21:19 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-11 21:19 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-11 21:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-11 21:19 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-09-11 21:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-09-11 21:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-11 21:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-09-11 21:19 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-09-11 21:19 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-11 21:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-11 21:19 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-11 21:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-11 21:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-09-11 21:19 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-09-11 21:19 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-09-11 21:19 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-11 21:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-11 21:19 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-11 21:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-11 21:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-11 21:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-11 21:19 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-11 21:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-11 21:19 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-11 21:19 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-11 21:19 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-09-11 21:19 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-11 21:19 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-11 21:19 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-09-11 21:18 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-09-11 19:10 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-09-11 19:10 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-09-11 19:09 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-11 19:09 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-11 19:09 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-09-11 19:09 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-06 21:11 - 2009-07-14 00:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-06 21:11 - 2009-07-14 00:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-06 21:08 - 2014-03-02 14:03 - 01256296 _____ () C:\Windows\WindowsUpdate.log
    2014-10-06 21:04 - 2014-03-02 13:59 - 02201254 _____ () C:\Windows\PFRO.log
    2014-10-06 21:04 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-06 21:04 - 2009-07-14 00:39 - 00824974 _____ () C:\Windows\setupact.log
    2014-10-06 20:42 - 2014-03-04 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-06 12:53 - 2014-06-25 16:42 - 00008485 _____ () C:\Users\Owner\Documents\Book1.xlsx
    2014-10-06 09:26 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
    2014-10-06 00:23 - 2014-07-23 17:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-06 00:21 - 2014-07-23 17:54 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-05 15:37 - 2014-03-04 10:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
    2014-10-05 15:37 - 2012-06-26 20:24 - 00000000 ___RD () C:\Users\Owner\Documents\HP Photo Creations
    2014-10-05 10:42 - 2014-03-04 10:50 - 00000000 ____D () C:\Program Files\HP Photo Creations
    2014-10-05 10:25 - 2014-03-03 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2014-10-05 10:08 - 2014-03-03 08:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-10-05 08:14 - 2014-03-03 08:38 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-10-04 16:14 - 2009-07-14 00:53 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-04 11:39 - 2014-03-03 17:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-09-27 12:48 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
    2014-09-25 14:02 - 2014-03-03 17:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-09-24 14:15 - 2014-03-03 16:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-09-24 14:15 - 2014-03-03 16:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-09-23 08:28 - 2014-03-02 13:56 - 00000000 ____D () C:\Users\Owner
    2014-09-22 23:23 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
    2014-09-22 02:41 - 2014-03-02 13:29 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-09-21 18:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\LiveKernelReports
    2014-09-21 12:27 - 2014-03-02 14:11 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-20 15:32 - 2014-03-03 17:43 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-09-20 15:30 - 2014-03-08 10:06 - 00000000 ____D () C:\ProgramData\Norton
    2014-09-20 15:07 - 2014-03-08 21:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
    2014-09-20 15:07 - 2014-03-03 08:31 - 00067848 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-09-20 15:04 - 2014-03-08 10:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2014-09-20 14:57 - 2009-07-14 00:33 - 00297880 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-20 08:38 - 2011-09-13 09:00 - 00000000 ____D () C:\N360_BACKUP
    2014-09-19 20:27 - 2014-07-23 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-19 20:27 - 2014-07-23 17:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-09-19 19:48 - 2014-03-30 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
    2014-09-16 19:00 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
    2014-09-14 13:33 - 2014-03-04 10:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
    2014-09-12 09:14 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-09-11 21:18 - 2014-03-03 08:35 - 00000000 ____D () C:\Windows\system32\MRT
    2014-09-11 21:16 - 2014-03-03 08:35 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-09-11 21:15 - 2014-05-06 06:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-06 01:02

    ==================== End Of Log ============================

  10. #25
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    Can I ask you a question please?

  11. #26
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Sure...

    How is computer doing?

    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:

      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.



    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    Please run a free online scan with the ESET Online Scanner


    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png] icon on your desktop.

    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.

  12. #27
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    I was wondering if Microsoft Security Essentials makes a log there isn't anything when you do a scan. What has been happening is in the tool bar it keeps saying it is cleaning and nothing has to be done. When I looked at the History for today it shows at least 10 times that they quarantined a Trojan. I don't understand how it can happen so often with all the stuff we are doing. Do you have any idea? Thank you so much

  13. #28
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    Can I ask you a question please?

  14. #29
    Join Date
    Sep 2007
    Location
    Maine
    Posts
    656
    when I did the security it said unsupported operating system aborting now

  15. #30
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

    As for your question...Where are the MSE log files?
    The MpCmdRun function of MSE provides the ability to gather the following information/logs and packages them together in a compressed file in the support directory. This information includes:

    • Any trace files from Microsoft Antimalware Service
    • The Windows Update history log
    • All Microsoft Antimalware Service events from the System event log
    • All relevant Microsoft Antimalware Service registry locations
    • The log file of this tool
    • The log file of the signature update helper tool

    To run this tool, go to Start, All Programs, Accessories, right-click on Command Prompt, and select Run as Administrator. Click YES at the UAC prompt.
    Then, from the Command Prompt window, enter the following commands:

    • cd\
    • cd Program Files
    • cd Microsoft Security Client
    • MpCmdRun -getfiles -scan

    At this point, logs will be collected and placed in a cab file. This process can take several minutes.
    When the process is complete, you will find the collected information here:
    Files successfully created in C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MpSupportFiles.cab

    Upload MpSupportFiles.cab here: http://www.sendspace.com/
    Click on Browse button and navigate to the file you want to upload.
    Click on Upload button.
    Click on FIRST Copy Link button and paste the link in your next reply.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •