Solved Can only use the internet in safe mode

H

Helena

Posts: 11   +0
Hi,
I am connected to the internet in regular mode and can ping sites but can not connect to them through IE or firefox. I am able to surf the web through safe mode. I have removed all antivirus and spybot programs to see if the problem would be solved but still the problem persists. Below is the Hijackthis log.

[HJT log removed by Broni]
 
Last edited by a moderator:
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
The scan from MalwareBytes found 0 problems

the dds scan log is as follows
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 10.0.9200.16660
Run by Pr at 12:44:09 on 2014-09-04
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.431 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{10648D9A-3D71-427A-87B0-D8EEC9F80495} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{10648D9A-3D71-427A-87B0-D8EEC9F80495}\24169777164736860234F6474716765637 : DHCPNameServer = 192.168.2.1 142.166.166.166
TCP: Interfaces\{10648D9A-3D71-427A-87B0-D8EEC9F80495}\35865627964616E602745756374702143636563737 : DHCPNameServer = 142.55.2.28
TCP: Interfaces\{1AC69FC9-FA60-45C3-BC07-9F9DE53392BD} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pr\appdata\roaming\mozilla\firefox\profiles\ujw900ge.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2012-1-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2012-1-31 173104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-2-9 260648]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-9 166912]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-21 820344]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2012-1-31 501888]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20120201.002\IDSvix86.sys [2012-2-2 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2012-1-31 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2012-1-31 339504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NIS;Norton Internet Security;"c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe" /s "nis" /m "c:\program files\norton internet security\engine\17.7.0.12\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\17.7.0.12\ccSvcHst.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-31 106104]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
S4 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-2-9 81920]
.
=============== Created Last 30 ================
.
2014-09-04 15:20:29 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-04 15:20:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-04 15:20:15 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-09-04 15:20:08 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-04 15:05:46 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-09-04 15:05:44 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-09-04 01:38:18 -------- d-----w- C:\AdwCleaner
2014-09-04 01:13:51 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-04 01:13:51 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-04 01:13:51 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-04 01:13:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-03 17:04:13 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-09-03 17:04:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2014-09-03 17:04:13 26112 ----a-w- c:\windows\system32\lpk.dll
2014-09-03 17:04:13 10240 ----a-w- c:\windows\system32\dciman32.dll
2014-09-03 17:04:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-09-03 17:04:10 434688 ----a-w- c:\windows\system32\scavengeui.dll
2014-09-03 16:59:35 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-09-03 16:59:35 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-09-03 16:53:24 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dd4ec38e-725c-4a47-b106-29b2a16470d7}\mpengine.dll
2014-09-03 16:52:08 81920 ----a-w- c:\windows\system32\davclnt.dll
2014-09-03 16:52:08 205824 ----a-w- c:\windows\system32\WebClnt.dll
2014-09-03 16:52:08 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-09-03 16:47:11 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-09-03 16:47:08 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-09-03 16:47:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-09-03 16:47:08 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-09-03 16:43:15 1168384 ----a-w- c:\windows\system32\crypt32.dll
2014-09-03 16:42:47 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-09-03 02:20:06 -------- d-----w- c:\users\pr\appdata\local\Adobe
2014-09-02 19:20:22 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-09-02 19:19:51 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-09-02 19:19:31 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-09-02 19:19:31 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-07 20:45:25 -------- d-----w- c:\users\pr\appdata\local\Macromedia
2014-08-07 20:44:04 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2014-09-04 01:14:48 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-08-25 10:53:44 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-07 20:44:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:46:29.32 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 12/27/2010 6:48:36 PM
System Uptime: 9/4/2014 12:08:52 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0W785N
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 39.427 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Vista Network Dispatch Driver
Device ID: ROOT\LEGACY_SYMTDIV\0000
Manufacturer:
Name: Symantec Vista Network Dispatch Driver
PNP Device ID: ROOT\LEGACY_SYMTDIV\0000
Service: SYMTDIv
.
==== System Restore Points ===================
.
RP93: 9/4/2014 10:39:39 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader X (10.1.7)
Broadcom NetXtreme-I Netlink Driver and Management Installer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Edoc Viewer
Dell Touchpad
Dell Wireless WLAN Card Utility
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/4/2014 12:16:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/4/2014 12:16:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/4/2014 12:09:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/4/2014 12:09:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/4/2014 12:09:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
9/4/2014 12:09:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/4/2014 12:09:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/4/2014 12:09:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/4/2014 12:09:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/4/2014 12:09:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv6
9/4/2014 12:08:30 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The pipe has been ended.
9/4/2014 12:06:23 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the file specified.
9/4/2014 11:06:56 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2864202).
9/3/2014 12:35:24 PM, Error: Service Control Manager [7024] - The Norton Internet Security service terminated with service-specific error %%-1.
9/3/2014 1:07:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/2/2014 5:27:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
9/2/2014 3:15:01 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/2/2014 3:14:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
9/2/2014 3:14:57 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/2/2014 3:14:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
9/2/2014 3:14:40 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]
 
This is the log from RougeKiller other log will soon follow.

RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Pr [Admin rights]
Mode : Remove -- Date : 09/04/2014 22:26:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BHDrvx86 -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CrucialSMBusScan -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IDSVix86 -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx86 -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CrucialSMBusScan -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSVix86 -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BHDrvx86 -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CrucialSMBusScan -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDSVix86 -> DELETED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[IE:Addon] System : &Windows Live Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}] -> DELETED
[IE:Addon] System : Norton Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] -> DELETED
[FIREFX:Addon] umro1wxq.default-1409875722004 : Norton IPS [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] -> DELETED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST980313AS +++++
--- User ---
[MBR] be65538ecb4b4b070cfb479b2a81d2fc
[BSP] 01378ab5f83e7cb3bafebb7063249215 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 80325 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30800325 | Size: 61278 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_09042014_222347.log
 
The mbar files
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.04.12

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16660
Pramiti :: PR-PC [administrator]

9/4/2014 10:40:20 PM
mbar-log-2014-09-04 (22-40-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 275205
Time elapsed: 14 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_29

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1063645184, free: 248045568

Downloaded database version: v2014.09.04.12
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
------------ Kernel report ------------
09/04/2014 22:39:59
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NIS\1107000.00C\SYMDS.SYS
\SystemRoot\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\b57nd60x.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84a314f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff833d7028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84a314f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84a32020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84a314f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff833d7028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 681A74B5

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 80325 Numsec = 30720000
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 30800325 Numsec = 125499115

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-80325-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here is the combofix report. This problem started when I downloaded spybot search and destroy, but I have uninstalled it and the problem still persists.

ComboFix 14-09-05.01 - Pr 09/05/2014 13:58:32.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.133 [GMT -4:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-08-05 to 2014-09-05 )))))))))))))))))))))))))))))))
.
.
2014-09-05 18:16 . 2014-09-05 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-05 17:43 . 2014-09-05 17:43 -------- d-----w- c:\windows\Migration
2014-09-05 02:39 . 2014-09-05 02:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-05 02:27 . 2014-09-05 02:27 -------- d-----w- c:\users\Pr\AppData\Local\CrashDumps
2014-09-05 02:10 . 2014-09-05 17:17 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-05 02:10 . 2014-09-05 02:10 -------- d-----w- c:\programdata\RogueKiller
2014-09-04 15:20 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-04 15:20 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-04 15:20 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-09-04 15:20 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-04 15:05 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-09-04 15:05 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-09-04 14:42 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-04 14:42 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-09-04 01:38 . 2014-09-04 14:40 -------- d-----w- C:\AdwCleaner
2014-09-04 01:13 . 2014-09-05 02:38 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-04 01:13 . 2014-09-04 01:13 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-04 01:13 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-04 01:13 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-03 17:04 . 2013-06-06 04:52 26112 ----a-w- c:\windows\system32\lpk.dll
2014-09-03 17:04 . 2013-06-06 04:51 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-09-03 17:04 . 2013-06-06 04:50 10240 ----a-w- c:\windows\system32\dciman32.dll
2014-09-03 17:04 . 2013-06-06 03:01 295424 ----a-w- c:\windows\system32\atmfd.dll
2014-09-03 17:04 . 2013-06-06 03:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-09-03 17:04 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2014-09-03 16:59 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-09-03 16:59 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-09-03 16:53 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD4EC38E-725C-4A47-B106-29B2A16470D7}\mpengine.dll
2014-09-03 16:52 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2014-09-03 16:52 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2014-09-03 16:52 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-09-03 16:47 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-09-03 16:47 . 2013-10-12 02:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-09-03 16:47 . 2013-10-12 02:01 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-09-03 16:47 . 2013-10-12 02:01 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-09-03 16:43 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
2014-09-03 16:42 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-09-03 02:20 . 2014-09-03 02:20 -------- d-----w- c:\users\Pr\AppData\Local\Adobe
2014-09-02 19:20 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-09-02 19:20 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-09-02 19:20 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-09-02 19:20 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-09-02 19:19 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-09-02 19:19 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-09-02 19:19 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-09-02 19:19 . 2014-05-14 13:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-09-02 19:19 . 2014-05-14 13:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-07 20:45 . 2014-08-07 20:45 -------- d-----w- c:\users\Pr\AppData\Local\Macromedia
2014-08-07 20:44 . 2014-08-07 20:44 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-05 02:39 . 2013-08-15 00:58 113880 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-08-25 10:53 . 2010-12-28 00:59 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-07 20:44 . 2011-06-22 20:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-07-17 04:57 4562944 ----a-w- c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-17 15:33 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-17 15:33 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-17 15:33 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-02 10:07 7596576 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-31 106104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-07 20:44]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Pr\AppData\Roaming\Mozilla\Firefox\Profiles\umro1wxq.default-1409875722004\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-05 14:24:48
ComboFix-quarantined-files.txt 2014-09-05 18:24
.
Pre-Run: 42,300,645,376 bytes free
Post-Run: 43,529,957,376 bytes free
.
- - End Of File - - 20EDD915ACD19AAF4722BDB614680736
5C616939100B85E558DA92B899A0FC36
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
The logs are as follows. Was I supposed to press fix in Farbar?
# AdwCleaner v3.309 - Report created 06/09/2014 at 12:40:47
# Updated 06/09/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Pr - PR-PC
# Running from : C:\Users\Pr\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Pr\AppData\Roaming\Mozilla\Firefox\Profiles\ujw900ge.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1073 octets] - [03/09/2014 21:38:36]
AdwCleaner[R1].txt - [1134 octets] - [04/09/2014 10:36:53]
AdwCleaner[S0].txt - [1062 octets] - [04/09/2014 10:40:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1122 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by Pr on Sat 09/06/2014 at 12:44:58.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3982138969-2417193585-80014667-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Pr\AppData\Roaming\mozilla\firefox\profiles\umro1wxq.default-1409875722004\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/06/2014 at 12:54:17.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2014
Ran by Pr (administrator) on PR-PC on 06-09-2014 12:56:36
Running from D:\
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll No File
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pr\AppData\Roaming\Mozilla\Firefox\Profiles\umro1wxq.default-1409875722004
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn [2012-01-29]
FF HKLM\...\Firefox\Extensions: [{4C0766D3-67A7-45a3-85A2-752F77312F32}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn [2012-01-29]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3086848 2009-07-17] (Dell Inc.) [File not signed]
S2 NIS; "C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-07-17] (Broadcom Corporation)
R1 ccHP; C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [501888 2010-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-01-31] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-01-31] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1107000.00C\SYMDS.SYS [328752 2009-08-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1107000.00C\SYMEFA.SYS [173104 2010-04-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2012-01-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [116784 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [339504 2010-05-06] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Pr\AppData\Local\Temp\catchme.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120202.018\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120202.018\NAVEX15.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 12:56 - 2014-09-06 12:56 - 00000000 ____D () C:\FRST
2014-09-06 12:54 - 2014-09-06 12:54 - 00001503 _____ () C:\Users\Pr\Desktop\JRT.txt
2014-09-06 12:44 - 2014-09-06 12:44 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 12:40 - 2014-09-06 12:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-05 14:24 - 2014-09-05 14:24 - 00010211 _____ () C:\ComboFix.txt
2014-09-05 13:54 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-05 13:54 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-05 13:54 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-05 13:53 - 2014-09-05 14:24 - 00000000 ____D () C:\Qoobox
2014-09-05 13:51 - 2014-09-05 14:19 - 00000000 ____D () C:\Windows\erdnt
2014-09-05 13:23 - 2014-09-06 12:39 - 00014541 _____ () C:\Windows\IE11_main.log
2014-09-04 22:39 - 2014-09-04 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-04 22:38 - 2014-09-04 22:57 - 00000000 ____D () C:\Users\Pr\Desktop\mbar
2014-09-04 22:35 - 2014-09-04 22:35 - 00000017 _____ () C:\Users\Pr\AppData\Local\resmon.resmoncfg
2014-09-04 22:27 - 2014-09-04 22:27 - 00000000 ____D () C:\Users\Pr\AppData\Local\CrashDumps
2014-09-04 22:10 - 2014-09-05 13:17 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-04 22:09 - 2014-09-04 22:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pr\Downloads\mbar-1.07.0.1012.exe
2014-09-04 22:09 - 2014-09-04 22:09 - 04857944 _____ () C:\Users\Pr\Downloads\RogueKiller.exe
2014-09-04 20:24 - 2014-09-04 20:24 - 00991232 _____ () C:\Users\Pr\Downloads\MicrosoftFixit50267.msi
2014-09-04 20:08 - 2014-09-04 20:08 - 00000000 ____D () C:\Users\Pr\Desktop\Old Firefox Data
2014-09-04 12:46 - 2014-09-04 12:46 - 00010104 _____ () C:\Users\Pr\Desktop\dds.txt
2014-09-04 12:46 - 2014-09-04 12:46 - 00009616 _____ () C:\Users\Pr\Desktop\attach.txt
2014-09-04 12:42 - 2014-09-04 12:42 - 00688992 ____R (Swearware) C:\Users\Pr\Downloads\dds.com
2014-09-04 11:20 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-04 11:20 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-04 11:20 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-04 11:20 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-04 11:05 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-09-04 11:05 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-04 10:42 - 2014-08-06 21:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 10:42 - 2014-08-06 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 10:42 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-04 10:42 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-09-04 10:42 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-09-04 10:42 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-04 10:42 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-09-04 10:42 - 2013-08-01 21:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-09-04 10:42 - 2013-08-01 21:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 20:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-09-04 10:42 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-09-03 21:38 - 2014-09-06 12:37 - 00000000 ____D () C:\AdwCleaner
2014-09-03 21:23 - 2014-09-03 21:23 - 01370467 _____ () C:\Users\Pr\Downloads\AdwCleaner.exe
2014-09-03 21:14 - 2014-09-03 21:14 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 21:13 - 2014-09-04 22:38 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 21:13 - 2014-09-03 21:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-03 21:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 21:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 21:12 - 2014-09-03 21:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pr\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 13:22 - 2014-09-03 13:22 - 00005103 _____ () C:\Users\Pr\Downloads\hijackthis.log
2014-09-03 13:20 - 2014-09-03 13:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pr\Downloads\HijackThis.exe
2014-09-03 13:15 - 2014-09-03 13:15 - 00231760 _____ () C:\Users\Pr\Downloads\CrucialScan.exe
2014-09-03 13:07 - 2014-09-03 13:07 - 06958304 _____ (Microsoft Corporation) C:\Users\Pr\Downloads\Silverlight.exe
2014-09-03 13:04 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-09-03 13:04 - 2013-06-06 00:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-09-03 13:04 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-09-03 13:04 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-09-03 13:04 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-09-03 13:04 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-09-03 12:59 - 2013-10-03 21:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-09-03 12:59 - 2013-10-03 21:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-09-03 12:52 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-03 12:52 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-03 12:52 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-09-03 12:52 - 2013-07-04 05:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-09-03 12:50 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-03 12:50 - 2014-04-11 22:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-03 12:50 - 2014-04-11 22:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-03 12:50 - 2014-04-11 22:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-03 12:50 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-03 12:50 - 2014-04-11 22:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-03 12:50 - 2014-04-11 22:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-03 12:50 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-03 12:50 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-03 12:50 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-03 12:50 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-03 12:50 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-03 12:50 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-03 12:50 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-03 12:50 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-03 12:50 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-03 12:50 - 2013-07-04 08:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-09-03 12:47 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-09-03 12:47 - 2013-10-11 22:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-09-03 12:47 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-09-03 12:47 - 2013-08-04 21:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-09-03 12:47 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-09-03 12:43 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-09-03 12:42 - 2013-07-12 06:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-09-03 12:42 - 2013-06-25 18:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-09-02 22:20 - 2014-09-02 22:20 - 00000000 ____D () C:\Users\Pr\AppData\Local\Adobe
2014-09-02 22:03 - 2014-09-02 22:03 - 00000079 _____ () C:\Windows\wininit.ini
2014-09-02 21:57 - 2014-09-02 21:58 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Pr\Downloads\spybot-2.1.exe
2014-09-02 15:20 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-02 15:20 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-02 15:20 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-02 15:20 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-02 15:19 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-02 15:19 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-02 15:19 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-02 15:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-02 15:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-07 16:45 - 2014-08-07 16:45 - 00000000 ____D () C:\Users\Pr\AppData\Local\Macromedia
2014-08-07 16:44 - 2014-08-07 16:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-07 16:44 - 2014-08-07 16:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 12:56 - 2014-09-06 12:56 - 00000000 ____D () C:\FRST
2014-09-06 12:56 - 2009-07-14 00:55 - 01208442 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 12:54 - 2014-09-06 12:54 - 00001503 _____ () C:\Users\Pr\Desktop\JRT.txt
2014-09-06 12:50 - 2009-07-14 00:34 - 00010272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 12:50 - 2009-07-14 00:34 - 00010272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 12:48 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-06 12:44 - 2014-09-06 12:44 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 12:42 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 12:41 - 2010-02-09 20:15 - 00054228 _____ () C:\Windows\PFRO.log
2014-09-06 12:41 - 2009-07-14 00:39 - 00047842 _____ () C:\Windows\setupact.log
2014-09-06 12:40 - 2014-09-06 12:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-06 12:39 - 2014-09-05 13:23 - 00014541 _____ () C:\Windows\IE11_main.log
2014-09-06 12:37 - 2014-09-03 21:38 - 00000000 ____D () C:\AdwCleaner
2014-09-05 14:24 - 2014-09-05 14:24 - 00010211 _____ () C:\ComboFix.txt
2014-09-05 14:24 - 2014-09-05 13:53 - 00000000 ____D () C:\Qoobox
2014-09-05 14:24 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Default
2014-09-05 14:24 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-09-05 14:19 - 2014-09-05 13:51 - 00000000 ____D () C:\Windows\erdnt
2014-09-05 14:17 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-05 13:56 - 2010-02-09 18:31 - 00787668 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 13:17 - 2014-09-04 22:10 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-04 22:57 - 2014-09-04 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-04 22:57 - 2014-09-04 22:38 - 00000000 ____D () C:\Users\Pr\Desktop\mbar
2014-09-04 22:39 - 2013-08-14 20:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-04 22:38 - 2014-09-03 21:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 22:35 - 2014-09-04 22:35 - 00000017 _____ () C:\Users\Pr\AppData\Local\resmon.resmoncfg
2014-09-04 22:27 - 2014-09-04 22:27 - 00000000 ____D () C:\Users\Pr\AppData\Local\CrashDumps
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-04 22:10 - 2014-09-04 22:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pr\Downloads\mbar-1.07.0.1012.exe
2014-09-04 22:09 - 2014-09-04 22:09 - 04857944 _____ () C:\Users\Pr\Downloads\RogueKiller.exe
2014-09-04 20:24 - 2014-09-04 20:24 - 00991232 _____ () C:\Users\Pr\Downloads\MicrosoftFixit50267.msi
2014-09-04 20:08 - 2014-09-04 20:08 - 00000000 ____D () C:\Users\Pr\Desktop\Old Firefox Data
2014-09-04 12:46 - 2014-09-04 12:46 - 00010104 _____ () C:\Users\Pr\Desktop\dds.txt
2014-09-04 12:46 - 2014-09-04 12:46 - 00009616 _____ () C:\Users\Pr\Desktop\attach.txt
2014-09-04 12:42 - 2014-09-04 12:42 - 00688992 ____R (Swearware) C:\Users\Pr\Downloads\dds.com
2014-09-04 11:56 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-04 11:51 - 2009-07-14 00:33 - 00406048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-03 21:23 - 2014-09-03 21:23 - 01370467 _____ () C:\Users\Pr\Downloads\AdwCleaner.exe
2014-09-03 21:14 - 2014-09-03 21:14 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 21:13 - 2014-09-03 21:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-03 21:13 - 2013-08-14 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 21:12 - 2014-09-03 21:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pr\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 13:22 - 2014-09-03 13:22 - 00005103 _____ () C:\Users\Pr\Downloads\hijackthis.log
2014-09-03 13:20 - 2014-09-03 13:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pr\Downloads\HijackThis.exe
2014-09-03 13:15 - 2014-09-03 13:15 - 00231760 _____ () C:\Users\Pr\Downloads\CrucialScan.exe
2014-09-03 13:08 - 2011-01-22 04:15 - 00109280 _____ () C:\Users\Pr\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-03 13:07 - 2014-09-03 13:07 - 06958304 _____ (Microsoft Corporation) C:\Users\Pr\Downloads\Silverlight.exe
2014-09-02 22:20 - 2014-09-02 22:20 - 00000000 ____D () C:\Users\Pr\AppData\Local\Adobe
2014-09-02 22:03 - 2014-09-02 22:03 - 00000079 _____ () C:\Windows\wininit.ini
2014-09-02 21:58 - 2014-09-02 21:57 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Pr\Downloads\spybot-2.1.exe
2014-09-02 21:47 - 2010-12-27 19:48 - 00000000 ____D () C:\Users\Pr
2014-09-02 17:57 - 2013-08-14 20:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-02 15:15 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-08-25 06:53 - 2010-12-27 20:59 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-07 16:45 - 2014-08-07 16:45 - 00000000 ____D () C:\Users\Pr\AppData\Local\Macromedia
2014-08-07 16:44 - 2014-08-07 16:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-07 16:44 - 2014-08-07 16:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 16:44 - 2011-06-22 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Pr\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-03 16:58

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-09-2014
Ran by Pr at 2014-09-06 12:59:09
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1867 - Intel Corporation)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - )
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

05-09-2014 00:27:44 Installed Microsoft Fix it 50267
05-09-2014 17:20:56 Windows Update
05-09-2014 19:16:20 Windows Update
06-09-2014 16:34:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2014-09-05 13:41 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {97E63D49-ABA9-4E5E-B04B-7CA9543CC111} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {D0F18A3B-466B-4992-946A-5689E3398755} - System32\Tasks\DGP6FLL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/06/2014 00:53:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Percentage of memory in use: 72%
Total physical RAM: 1014.37 MB
Available physical RAM: 279.68 MB
Total Pagefile: 2038.37 MB
Available Pagefile: 1232.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.04 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:59.84 GB) (Free:39.67 GB) NTFS
Drive d: () (Removable) (Total:1.85 GB) (Free:1.69 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 681A74B5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: FB524476)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================
 
Yes, please.
Make sure you checkmark Addition.txt box so both logs will be produced.
 
Here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Pr (administrator) on Pr-PC on 08-09-2014 19:03:42
Running from D:\
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pr\AppData\Roaming\Mozilla\Firefox\Profiles\umro1wxq.default-1409875722004
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3086848 2009-07-17] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-07-17] (Broadcom Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Pr\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 12:56 - 2014-09-08 19:03 - 00000000 ____D () C:\FRST
2014-09-06 12:54 - 2014-09-06 12:54 - 00001503 _____ () C:\Users\Pr\Desktop\JRT.txt
2014-09-06 12:44 - 2014-09-06 12:44 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 12:40 - 2014-09-06 12:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-05 14:24 - 2014-09-05 14:24 - 00010211 _____ () C:\ComboFix.txt
2014-09-05 13:54 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-05 13:54 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-05 13:54 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-05 13:54 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-05 13:53 - 2014-09-05 14:24 - 00000000 ____D () C:\Qoobox
2014-09-05 13:51 - 2014-09-05 14:19 - 00000000 ____D () C:\Windows\erdnt
2014-09-05 13:23 - 2014-09-06 23:43 - 00024313 _____ () C:\Windows\IE11_main.log
2014-09-04 22:39 - 2014-09-04 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-04 22:38 - 2014-09-04 22:57 - 00000000 ____D () C:\Users\Pr\Desktop\mbar
2014-09-04 22:35 - 2014-09-04 22:35 - 00000017 _____ () C:\Users\Pr\AppData\Local\resmon.resmoncfg
2014-09-04 22:27 - 2014-09-04 22:27 - 00000000 ____D () C:\Users\Pr\AppData\Local\CrashDumps
2014-09-04 22:10 - 2014-09-05 13:17 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-04 22:09 - 2014-09-04 22:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pr\Downloads\mbar-1.07.0.1012.exe
2014-09-04 22:09 - 2014-09-04 22:09 - 04857944 _____ () C:\Users\Pr\Downloads\RogueKiller.exe
2014-09-04 20:24 - 2014-09-04 20:24 - 00991232 _____ () C:\Users\Pr\Downloads\MicrosoftFixit50267.msi
2014-09-04 20:08 - 2014-09-04 20:08 - 00000000 ____D () C:\Users\Pr\Desktop\Old Firefox Data
2014-09-04 12:46 - 2014-09-04 12:46 - 00010104 _____ () C:\Users\Pr\Desktop\dds.txt
2014-09-04 12:46 - 2014-09-04 12:46 - 00009616 _____ () C:\Users\Pr\Desktop\attach.txt
2014-09-04 12:42 - 2014-09-04 12:42 - 00688992 ____R (Swearware) C:\Users\Pr\Downloads\dds.com
2014-09-04 11:20 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-04 11:20 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-04 11:20 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-04 11:20 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-04 11:05 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-09-04 11:05 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-04 10:43 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-04 10:42 - 2014-08-06 21:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 10:42 - 2014-08-06 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 10:42 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-04 10:42 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-09-04 10:42 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-09-04 10:42 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-04 10:42 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-09-04 10:42 - 2013-08-01 21:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-09-04 10:42 - 2013-08-01 21:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 20:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-09-04 10:42 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-09-04 10:42 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-09-03 21:38 - 2014-09-06 12:37 - 00000000 ____D () C:\AdwCleaner
2014-09-03 21:23 - 2014-09-03 21:23 - 01370467 _____ () C:\Users\Pr\Downloads\AdwCleaner.exe
2014-09-03 21:14 - 2014-09-03 21:14 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 21:13 - 2014-09-04 22:38 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 21:13 - 2014-09-03 21:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-03 21:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 21:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 21:12 - 2014-09-03 21:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pr\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 13:22 - 2014-09-03 13:22 - 00005103 _____ () C:\Users\Pr\Downloads\hijackthis.log
2014-09-03 13:20 - 2014-09-03 13:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pr\Downloads\HijackThis.exe
2014-09-03 13:15 - 2014-09-03 13:15 - 00231760 _____ () C:\Users\Pr\Downloads\CrucialScan.exe
2014-09-03 13:07 - 2014-09-03 13:07 - 06958304 _____ (Microsoft Corporation) C:\Users\Pr\Downloads\Silverlight.exe
2014-09-03 13:04 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-09-03 13:04 - 2013-06-06 00:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-09-03 13:04 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-09-03 13:04 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-09-03 13:04 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-09-03 13:04 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-09-03 12:59 - 2013-10-03 21:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-09-03 12:59 - 2013-10-03 21:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-09-03 12:52 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-03 12:52 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-03 12:52 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-09-03 12:52 - 2013-07-04 05:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-09-03 12:50 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-03 12:50 - 2014-04-11 22:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-03 12:50 - 2014-04-11 22:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-03 12:50 - 2014-04-11 22:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-03 12:50 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-03 12:50 - 2014-04-11 22:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-03 12:50 - 2014-04-11 22:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-03 12:50 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-03 12:50 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-03 12:50 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-03 12:50 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-03 12:50 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-03 12:50 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-03 12:50 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-03 12:50 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-03 12:50 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-03 12:50 - 2013-07-04 08:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-09-03 12:47 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-09-03 12:47 - 2013-10-11 22:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-09-03 12:47 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-09-03 12:47 - 2013-08-04 21:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-09-03 12:47 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-09-03 12:43 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-09-03 12:42 - 2013-07-12 06:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-09-03 12:42 - 2013-06-25 18:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-09-02 22:20 - 2014-09-02 22:20 - 00000000 ____D () C:\Users\Pr\AppData\Local\Adobe
2014-09-02 22:03 - 2014-09-02 22:03 - 00000079 _____ () C:\Windows\wininit.ini
2014-09-02 21:57 - 2014-09-02 21:58 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Pr\Downloads\spybot-2.1.exe
2014-09-02 15:20 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-02 15:20 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-02 15:20 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-02 15:20 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-02 15:19 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-02 15:19 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-02 15:19 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-02 15:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-02 15:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 19:06 - 2009-07-14 00:55 - 01862844 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 19:03 - 2014-09-06 12:56 - 00000000 ____D () C:\FRST
2014-09-08 19:02 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-07 07:55 - 2009-07-14 00:34 - 00010272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 07:55 - 2009-07-14 00:34 - 00010272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 07:48 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 07:48 - 2009-07-14 00:39 - 00048122 _____ () C:\Windows\setupact.log
2014-09-07 00:13 - 2013-08-16 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-07 00:09 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-06 23:44 - 2010-02-09 18:31 - 00780770 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 23:43 - 2014-09-05 13:23 - 00024313 _____ () C:\Windows\IE11_main.log
2014-09-06 23:19 - 2010-02-09 20:15 - 00057958 _____ () C:\Windows\PFRO.log
2014-09-06 23:19 - 2010-02-09 18:42 - 00000000 ____D () C:\ProgramData\Norton
2014-09-06 23:19 - 2009-07-14 00:53 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-06 12:54 - 2014-09-06 12:54 - 00001503 _____ () C:\Users\Pr\Desktop\JRT.txt
2014-09-06 12:44 - 2014-09-06 12:44 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 12:40 - 2014-09-06 12:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-06 12:37 - 2014-09-03 21:38 - 00000000 ____D () C:\AdwCleaner
2014-09-05 14:24 - 2014-09-05 14:24 - 00010211 _____ () C:\ComboFix.txt
2014-09-05 14:24 - 2014-09-05 13:53 - 00000000 ____D () C:\Qoobox
2014-09-05 14:24 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Default
2014-09-05 14:24 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-09-05 14:19 - 2014-09-05 13:51 - 00000000 ____D () C:\Windows\erdnt
2014-09-05 14:17 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-05 13:17 - 2014-09-04 22:10 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-04 22:57 - 2014-09-04 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-04 22:57 - 2014-09-04 22:38 - 00000000 ____D () C:\Users\Pr\Desktop\mbar
2014-09-04 22:39 - 2013-08-14 20:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-04 22:38 - 2014-09-03 21:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 22:35 - 2014-09-04 22:35 - 00000017 _____ () C:\Users\Pr\AppData\Local\resmon.resmoncfg
2014-09-04 22:27 - 2014-09-04 22:27 - 00000000 ____D () C:\Users\Pr\AppData\Local\CrashDumps
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-04 22:10 - 2014-09-04 22:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pr\Downloads\mbar-1.07.0.1012.exe
2014-09-04 22:09 - 2014-09-04 22:09 - 04857944 _____ () C:\Users\Pr\Downloads\RogueKiller.exe
2014-09-04 20:24 - 2014-09-04 20:24 - 00991232 _____ () C:\Users\Pr\Downloads\MicrosoftFixit50267.msi
2014-09-04 20:08 - 2014-09-04 20:08 - 00000000 ____D () C:\Users\Pr\Desktop\Old Firefox Data
2014-09-04 12:46 - 2014-09-04 12:46 - 00010104 _____ () C:\Users\Pr\Desktop\dds.txt
2014-09-04 12:46 - 2014-09-04 12:46 - 00009616 _____ () C:\Users\Pr\Desktop\attach.txt
2014-09-04 12:42 - 2014-09-04 12:42 - 00688992 ____R (Swearware) C:\Users\Pr\Downloads\dds.com
2014-09-04 11:56 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-04 11:51 - 2009-07-14 00:33 - 00406048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-03 21:23 - 2014-09-03 21:23 - 01370467 _____ () C:\Users\Pr\Downloads\AdwCleaner.exe
2014-09-03 21:14 - 2014-09-03 21:14 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 21:13 - 2014-09-03 21:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-03 21:13 - 2013-08-14 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 21:12 - 2014-09-03 21:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pr\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 13:22 - 2014-09-03 13:22 - 00005103 _____ () C:\Users\Pr\Downloads\hijackthis.log
2014-09-03 13:20 - 2014-09-03 13:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pr\Downloads\HijackThis.exe
2014-09-03 13:15 - 2014-09-03 13:15 - 00231760 _____ () C:\Users\Pr\Downloads\CrucialScan.exe
2014-09-03 13:08 - 2011-01-22 04:15 - 00109280 _____ () C:\Users\Pr\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-03 13:07 - 2014-09-03 13:07 - 06958304 _____ (Microsoft Corporation) C:\Users\Pr\Downloads\Silverlight.exe
2014-09-02 22:20 - 2014-09-02 22:20 - 00000000 ____D () C:\Users\Pr\AppData\Local\Adobe
2014-09-02 22:03 - 2014-09-02 22:03 - 00000079 _____ () C:\Windows\wininit.ini
2014-09-02 21:58 - 2014-09-02 21:57 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Pr\Downloads\spybot-2.1.exe
2014-09-02 21:47 - 2010-12-27 19:48 - 00000000 ____D () C:\Users\Pr
2014-09-02 17:57 - 2013-08-14 20:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-25 06:53 - 2010-12-27 20:59 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Pr\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-03 16:58

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by Pr at 2014-09-08 19:08:13
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1867 - Intel Corporation)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - )
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

05-09-2014 19:16:20 Windows Update
06-09-2014 16:34:19 Windows Update
07-09-2014 03:29:05 Factory Reset
07-09-2014 03:36:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2014-09-05 13:41 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {97E63D49-ABA9-4E5E-B04B-7CA9543CC111} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {D0F18A3B-466B-4992-946A-5689E3398755} - System32\Tasks\DGP6FLL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: D:\
Description: Flash Disk
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/07/2014 07:51:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 7 (KB2961072).

Error: (09/07/2014 07:51:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 7 (KB2957189).

Error: (09/07/2014 07:51:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 7 (KB2972280).

Error: (09/07/2014 07:51:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 7 (KB2918614).

Error: (09/07/2014 07:51:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 7 (KB2928562).

Error: (09/07/2014 07:51:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2911501).

Error: (09/07/2014 07:51:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 7 (KB2966583).

Error: (09/07/2014 07:51:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 7 (KB2929755).

Error: (09/07/2014 07:51:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 7 (KB2973201).

Error: (09/07/2014 07:51:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 7 (KB2981580).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Percentage of memory in use: 67%
Total physical RAM: 1014.37 MB
Available physical RAM: 334.01 MB
Total Pagefile: 2038.37 MB
Available Pagefile: 1361.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:59.84 GB) (Free:39.47 GB) NTFS
Drive d: () (Removable) (Total:1.85 GB) (Free:1.69 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 681A74B5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: FB524476)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    546 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Pr at 2014-09-10 16:48:58 Run:2
Running from D:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
S3 catchme; \??\C:\Users\Pr\AppData\Local\Temp\catchme.sys [X]
2014-09-06 23:19 - 2010-02-09 18:42 - 00000000 ____D () C:\ProgramData\Norton
C:\Users\Pr\AppData\Local\Temp\Quarantine.exe

*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => Key not found.
"HKCR\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
catchme => Service not found.
"C:\ProgramData\Norton" => File/Directory not found.
C:\Users\Pr\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====
 
Last edited:
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
      [/LIST]
      [*]Check [I]"YES, I accept the Terms of Use."[/I]
      [*]Click the [b]Start[/b] button.
      [*]Accept any security warnings from your browser.[/*]
      [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
      [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark [I]"Use custom proxy settings"[/I]
      [*]Click the [b]Start[/b] button.
      [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      [*]When the scan completes, click [b]List Threats[/b][/*]
      [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      [*]Click the [b]Back[/b] button.
      [*]Click the [b]Finish[/b] button.
      [/LIST]
 
Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 21-07-2014
Ran by Pr (administrator) on 14-09-2014 at 20:19:34
Running from "C:\Users\Pr\Downloads"
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
Eset did not produce a log. But there were no threats detected, and there was no option to produce a log.
 
redtarget.gif
Update Firefox to the current 32.0.1 version.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=========================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

A
Stadia controllers can be converted to generic Bluetooth devices for one more year
Replies
1
Views
195
Theinsanegamer
T
Cal Jeffrey
PS VR2 works "out of the box" on PC but only in cinema mode
Replies
5
Views
643
MakeMSGreatAgain
M
T
Solved Missing desktop icons and start menu.
Replies
4
Views
2K
Tobiasrieper
T

Latest posts

Back