Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible snap.do infection...


  • This topic is locked This topic is locked
24 replies to this topic

#1 angry@computers

angry@computers

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 11:47 AM

Hi, "newbee" here,

 

A while ago I ended up with snap.do on my system, causing it to run slow and to constantly "throw up" registry entries on CCleaner. However, I never suffered with Chrome diverting to suspect websites.  Since then I have run Malwarebytes, Spybot, ADWCleaner, JRT, and Roguekiller, most of them have found and cleared snap.do entries from my computer, and all five have found other 'PUPs' and possible 'malware' buried on my system.  So, now my computer seems to be running pretty good, but I do still get this entry on CCleaner, and even if I delete it, it eventually comes back... 

 

"Unused File Extension  .tmp  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp"

 

What I'd like to know is.... would you think there was still a malware/virus infection on my computer, or can I relax and not worry about it?

 

Many thanks in advance for your help.



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 16 January 2015 - 01:20 PM

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 02:23 PM

Thank you for your speedy reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by KATY (administrator) on KATY-PC on 16-01-2015 19:19:28
Running from C:\Users\KATY\Downloads
Loaded Profiles: KATY (Available profiles: KATY & Simon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\KATY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {A603BF68-2E0A-4DE2-8DE0-FA84E5335416} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {77001979-BE45-4583-9FE4-25D7AEBD2A48} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FA889BF0-F113-4780-B051-35694C2EC94C} http://download.isvinternet.com/public/ISVFlashIEOnline/ISVFlashIEOnline.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (Poper Blocker) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-01-14]
CHR Extension: (YouTube) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Gmail) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 19:19 - 2015-01-16 19:20 - 00014827 _____ () C:\Users\KATY\Downloads\FRST.txt
2015-01-16 19:19 - 2015-01-16 19:19 - 00000000 ____D () C:\FRST
2015-01-16 19:15 - 2015-01-16 19:15 - 02125312 _____ (Farbar) C:\Users\KATY\Downloads\FRST64.exe
2015-01-16 19:07 - 2015-01-16 19:07 - 00201728 _____ (OldTimer Tools) C:\Users\Simon\Downloads\OTC.exe
2015-01-16 18:55 - 2015-01-16 18:55 - 00000056 _____ () C:\Windows\setupact.log
2015-01-16 18:55 - 2015-01-16 18:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-16 18:53 - 2015-01-16 18:53 - 00000350 _____ () C:\Users\KATY\Documents\cc_20150116_185332.reg
2015-01-16 14:00 - 2015-01-16 14:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-16 13:54 - 2015-01-16 18:58 - 00015731 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 13:54 - 2015-01-16 13:54 - 00000320 _____ () C:\Users\KATY\Documents\cc_20150116_135409.reg
2015-01-16 13:47 - 2015-01-16 13:47 - 00019917 _____ () C:\ComboFix.txt
2015-01-16 13:30 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-16 13:30 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-16 13:30 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-16 13:29 - 2015-01-16 13:47 - 00000000 ____D () C:\Qoobox
2015-01-16 13:29 - 2015-01-16 13:45 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 13:28 - 2015-01-16 13:28 - 09741664 _____ (SurfRight B.V.) C:\Users\Simon\Downloads\HitmanPro_x64.exe
2015-01-16 13:22 - 2015-01-16 13:22 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Simon\Downloads\iExplore.exe
2015-01-14 18:14 - 2015-01-16 13:23 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-14 18:14 - 2015-01-14 18:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-14 17:45 - 2015-01-14 17:46 - 00000000 ____D () C:\40bf44113862a7632c
2015-01-14 15:23 - 2015-01-14 15:23 - 00000000 ____D () C:\Users\KATY\Desktop\Scarlett Reaper
2015-01-14 15:21 - 2015-01-16 13:52 - 00000000 ____D () C:\Users\KATY\Desktop\Ad Aware Cleaners
2015-01-14 11:53 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:53 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:53 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:53 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:53 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:53 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 11:52 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:52 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:52 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:52 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:52 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:52 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:52 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:13 - 2015-01-13 18:13 - 00000000 ____D () C:\Windows\ERUNT
2015-01-13 17:56 - 2015-01-16 19:13 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 17:56 - 2015-01-16 19:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 17:56 - 2015-01-15 21:04 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 17:56 - 2015-01-13 17:56 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 17:56 - 2015-01-13 17:56 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-13 17:56 - 2015-01-13 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-13 00:31 - 2015-01-13 17:55 - 00000000 ____D () C:\Users\Simon\AppData\Local\Deployment
2015-01-13 00:31 - 2015-01-13 00:31 - 00000000 ____D () C:\Users\Simon\AppData\Local\Apps\2.0
2015-01-12 18:16 - 2015-01-14 18:08 - 00000000 ____D () C:\AdwCleaner
2015-01-12 17:51 - 2015-01-12 17:51 - 00000000 ____D () C:\NPE
2015-01-12 17:48 - 2015-01-12 17:58 - 00000000 ____D () C:\Users\KATY\AppData\Local\NPE
2015-01-12 17:04 - 2015-01-12 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-10 11:03 - 2015-01-10 11:03 - 00006576 ____N () C:\bootsqm.dat
2015-01-03 11:40 - 2014-11-21 11:35 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 01541632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-03 11:40 - 2014-11-21 11:33 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-03 11:40 - 2014-11-21 11:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-03 11:40 - 2014-11-21 11:33 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-03 11:40 - 2014-11-21 11:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-03 11:40 - 2014-11-21 11:32 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-03 11:40 - 2014-11-21 10:44 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-03 11:40 - 2014-11-21 10:41 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-03 11:40 - 2014-11-21 10:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-03 11:40 - 2014-11-21 10:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-03 11:40 - 2014-11-21 10:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-03 11:40 - 2014-11-21 10:23 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-03 11:40 - 2014-11-21 09:28 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-03 11:40 - 2014-11-21 08:55 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-03 11:40 - 2014-11-21 07:53 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-03 11:39 - 2014-11-21 11:34 - 12289024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-03 11:39 - 2014-11-21 11:34 - 09058816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-03 11:39 - 2014-11-21 11:34 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-03 11:39 - 2014-11-21 11:33 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-03 11:39 - 2014-11-21 10:43 - 06026240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-03 11:39 - 2014-10-30 02:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-03 11:39 - 2014-10-30 01:46 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-03 11:38 - 2012-06-16 05:15 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-03 11:38 - 2012-06-16 04:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-22 10:39 - 2014-12-22 10:39 - 00439250 _____ () C:\Users\KATY\Documents\cc_20141222_103920.reg
2014-12-21 17:50 - 2015-01-14 18:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 17:48 - 2015-01-12 17:04 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 17:48 - 2014-12-21 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 17:48 - 2014-12-21 17:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 17:48 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 17:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-21 16:18 - 2014-12-21 16:18 - 00000000 ____D () C:\Users\KATY\Documents\ProcAlyzer Dumps
2014-12-20 18:27 - 2012-04-11 15:30 - 00442669 _____ () C:\Windows\system32\Drivers\etc\hosts.20141220-182755.backup
2014-12-20 18:22 - 2014-12-20 18:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 18:22 - 2014-12-20 18:22 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-20 18:22 - 2014-12-20 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-20 18:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 19:13 - 2010-07-31 13:49 - 00000000 ____D () C:\Users\KATY\AppData\Local\SoftThinks
2015-01-16 19:03 - 2011-01-15 23:17 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-16 19:02 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 19:02 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 18:55 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 16:29 - 2014-10-08 19:36 - 00000000 ____D () C:\Users\Simon\Desktop\Screenwriting
2015-01-16 13:47 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 13:43 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-15 20:50 - 2014-09-29 08:47 - 00000000 ____D () C:\Users\Simon\Desktop\Personal Info
2015-01-14 19:39 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 17:51 - 2013-12-30 20:52 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 17:51 - 2009-07-14 05:13 - 00766820 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 15:14 - 2014-09-29 08:44 - 00000000 ____D () C:\Users\Simon\Desktop\UNI
2015-01-14 12:04 - 2013-08-06 20:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:54 - 2011-05-23 08:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 18:16 - 2011-08-12 09:49 - 00000000 ____D () C:\Users\KATY\AppData\Local\Google
2015-01-13 17:56 - 2013-01-15 15:06 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 12:40 - 2014-10-08 19:36 - 00000000 ____D () C:\Users\Simon\Desktop\American Int
2015-01-12 17:48 - 2011-01-02 01:31 - 00000000 ____D () C:\ProgramData\Norton
2015-01-12 15:06 - 2014-09-17 20:25 - 00000000 ____D () C:\Users\Simon\Desktop\Scripts
2015-01-12 02:29 - 2014-10-08 19:37 - 00000000 ____D () C:\Users\Simon\Desktop\Adaptation
2015-01-09 23:07 - 2011-07-08 22:52 - 00000000 ____D () C:\Users\KATY\AppData\Local\Deployment
2015-01-09 12:56 - 2014-10-22 08:52 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-09 12:56 - 2014-09-01 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-04 20:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-01-02 18:31 - 2013-11-26 00:54 - 00112728 _____ () C:\Users\KATY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-02 18:24 - 2010-06-12 16:20 - 00000000 ____D () C:\Windows\Panther
2015-01-02 18:22 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-28 01:10 - 2009-07-14 02:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20150109-221325.backup
2014-12-22 21:41 - 2009-07-14 02:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20141228-011043.backup
2014-12-20 19:10 - 2011-05-22 23:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-20 18:27 - 2009-07-14 02:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20141222-214127.backup
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 02:34
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by KATY at 2015-01-16 19:21:02
Running from C:\Users\KATY\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ableton Live 9 Lite (HKLM\...\{AEDFFBCA-66CA-4766-8958-AD6EC6E5589C}) (Version: 9.0.0.0 - Ableton)
Adobe Connect Add-in (HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Bass Station 2.0 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.0 - Novation)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version:  - )
Canon MP220 series User Registration (HKLM-x32\...\Canon MP220 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.4.174 - Final Draft, Inc.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickShare (HKLM-x32\...\{3F012E27-BC6C-43A8-9117-8C1363BCFEBF}) (Version: 1.6.1.827 - Linkury Inc.) <==== ATTENTION
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-01-2015 18:20:03 Windows Modules Installer
03-01-2015 11:40:22 Windows Update
12-01-2015 18:36:11 adwcleaner
14-01-2015 11:53:17 Windows Update
14-01-2015 17:45:12 Windows Update
16-01-2015 13:31:05 ComboFix created restore point
16-01-2015 14:10:26 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2015-01-16 13:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {36EB3ECE-60E3-40B0-B115-827465C3957B} - System32\Tasks\D6TRBDL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {520099FF-AC51-4FB5-AA90-A85DB9B6F9BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6395223B-E5B3-40B5-B3C1-32363D5B7612} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {6823CCA0-9B7C-4F4B-913B-0BEF31B21198} - System32\Tasks\{37D386B3-F131-48D2-9F0F-46F0E5B5FE66} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {6987ADD7-B491-4DB5-B16D-EF1CA7EDD918} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {732C657E-12BD-467B-A5F3-E280098630C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {ADC1B254-1238-4558-8383-F638604A462D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {DFCEA7BE-0573-46B5-BF5B-821796504186} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-06-12 13:49 - 2009-07-17 01:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-06-12 13:49 - 2009-07-17 01:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-06-12 13:59 - 2010-07-21 15:36 - 00783680 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2014-10-21 00:48 - 2014-10-21 00:48 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\c29d8779b3a3599f44e21e017541cd0c\VistaBridgeLibrary.ni.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-06-12 13:59 - 2010-07-21 15:34 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-06-12 13:59 - 2010-07-21 15:34 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: googletalk => C:\Users\KATY\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2882669103-2359843712-3705734191-500 - Administrator - Disabled)
Guest (S-1-5-21-2882669103-2359843712-3705734191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2882669103-2359843712-3705734191-1003 - Limited - Enabled)
KATY (S-1-5-21-2882669103-2359843712-3705734191-1000 - Administrator - Enabled) => C:\Users\KATY
Simon (S-1-5-21-2882669103-2359843712-3705734191-1001 - Limited - Enabled) => C:\Users\Simon
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/15/2015 08:49:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 14.0.7140.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e8
 
Start Time: 01d0310200adec28
 
Termination Time: 31
 
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
 
Report Id: f487d53c-9cf7-11e4-8276-a4badbca99ed
 
 
System errors:
=============
Error: (01/16/2015 02:17:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (01/16/2015 01:48:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
 
Error: (01/16/2015 01:43:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/16/2015 01:42:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (01/16/2015 01:39:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/16/2015 01:23:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (01/16/2015 01:13:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (01/14/2015 07:26:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/14/2015 07:24:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/14/2015 07:24:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (01/15/2015 08:49:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE14.0.7140.5000e801d0310200adec2831C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEf487d53c-9cf7-11e4-8276-a4badbca99ed
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-16 13:42:59.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-16 13:42:58.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 3032.36 MB
Available physical RAM: 1978.83 MB
Total Pagefile: 6062.91 MB
Available Pagefile: 4507.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:156.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 63B76F8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 16 January 2015 - 02:37 PM

Hey, :)
Please move FRST to your Desktop.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 03:07 PM

ADWCleaner report....
 
 
# AdwCleaner v4.107 - Report created 16/01/2015 at 20:02:59
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : KATY - KATY-PC
# Running from : C:\Users\KATY\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.18667
 
 
-\\ Google Chrome v39.0.2171.99
 
[C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4048 octets] - [12/01/2015 18:16:53]
AdwCleaner[R1].txt - [4108 octets] - [12/01/2015 18:37:25]
AdwCleaner[R2].txt - [4030 octets] - [12/01/2015 18:47:23]
AdwCleaner[R3].txt - [1121 octets] - [12/01/2015 18:56:37]
AdwCleaner[R4].txt - [1240 octets] - [12/01/2015 19:07:24]
AdwCleaner[R5].txt - [1441 octets] - [13/01/2015 16:00:10]
AdwCleaner[R6].txt - [1500 octets] - [13/01/2015 16:15:52]
AdwCleaner[R7].txt - [1577 octets] - [14/01/2015 15:24:56]
AdwCleaner[R8].txt - [1637 octets] - [14/01/2015 18:06:43]
AdwCleaner[R9].txt - [1676 octets] - [16/01/2015 19:59:48]
AdwCleaner[S0].txt - [3863 octets] - [12/01/2015 18:51:18]
AdwCleaner[S1].txt - [1185 octets] - [12/01/2015 18:59:13]
AdwCleaner[S2].txt - [1601 octets] - [16/01/2015 20:02:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1661 octets] ##########


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 16 January 2015 - 03:12 PM

I'm waiting for the other logs. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 03:53 PM

It didn't get the option of viewing a detailed log as the scan hasn't found any things....
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 16/01/2015 20:10:30, SYSTEM, KATY-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 16/01/2015 20:10:30, SYSTEM, KATY-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, 
Update, 16/01/2015 20:10:36, SYSTEM, KATY-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.16.11, 
Scan, 16/01/2015 20:45:07, SYSTEM, KATY-PC, Manual, Start:16/01/2015 20:11:27, Duration:33 min 39 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)


#8 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 03:56 PM

<?xml version="1.0" encoding="UTF-8" ?>
- <logs>
  <record severity="debug" LoggingEventType="1" datetime="2015-01-16T20:10:30.232724+00:00" source="Manual" type="Update" username="SYSTEM" systemname="KATY-PC" fromVersion="2013.10.16.1" last_modified_tag="05abf3cf-adeb-47e5-b24d-832038bb815f" name="Remediation Database" toVersion="2014.12.6.1" />
  <record severity="debug" LoggingEventType="1" datetime="2015-01-16T20:10:30.357524+00:00" source="Manual" type="Update" username="SYSTEM" systemname="KATY-PC" fromVersion="2014.11.18.1" last_modified_tag="e97556da-5c3f-4e33-b2c4-03b19689f65f" name="Rootkit Database" toVersion="2015.1.14.1" />
  <record severity="debug" LoggingEventType="1" datetime="2015-01-16T20:10:36.357379+00:00" source="Manual" type="Update" username="SYSTEM" systemname="KATY-PC" fromVersion="2014.11.20.6" last_modified_tag="d3b57df0-0ae6-4e74-90ea-355301924780" name="Malware Database" toVersion="2015.1.16.11" />
  <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-01-16T20:11:27Z" datetime="2015-01-16T20:45:07.229853+00:00" source="Manual" type="Scan" username="SYSTEM" systemname="KATY-PC" last_modified_tag="37f5e6f9-5f0b-4521-9584-ae6414ee1aad" duration="2019" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" />
  </logs>


#9 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 04:05 PM

Anyway, here is the JRT report....
 
 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by KATY on 16/01/2015 at 21:00:04.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
 
~~~ Files
 
~~~ Folders
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/01/2015 at 21:04:26.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 04:10 PM

Thank you for your patience...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by KATY (administrator) on KATY-PC on 16-01-2015 21:07:30
Running from C:\Users\KATY\Desktop
Loaded Profiles: KATY (Available profiles: KATY & Simon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\KATY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {A603BF68-2E0A-4DE2-8DE0-FA84E5335416} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {77001979-BE45-4583-9FE4-25D7AEBD2A48} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FA889BF0-F113-4780-B051-35694C2EC94C} http://download.isvinternet.com/public/ISVFlashIEOnline/ISVFlashIEOnline.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (Poper Blocker) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-01-14]
CHR Extension: (YouTube) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Gmail) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 21:07 - 2015-01-16 21:08 - 00014742 _____ () C:\Users\KATY\Desktop\FRST.txt
2015-01-16 21:04 - 2015-01-16 21:04 - 00000624 _____ () C:\Users\KATY\Desktop\JRT.txt
2015-01-16 20:47 - 2015-01-16 20:52 - 00000545 _____ () C:\Users\KATY\Desktop\malwarebytes.txt
2015-01-16 20:10 - 2015-01-16 20:10 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 20:09 - 2015-01-16 20:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\KATY\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-16 20:04 - 2015-01-16 20:04 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-16 19:24 - 2015-01-16 21:06 - 00000000 ____D () C:\Users\KATY\Desktop\FRST
2015-01-16 19:19 - 2015-01-16 21:07 - 00000000 ____D () C:\FRST
2015-01-16 19:15 - 2015-01-16 19:15 - 02125312 _____ (Farbar) C:\Users\KATY\Desktop\FRST64.exe
2015-01-16 19:07 - 2015-01-16 19:07 - 00201728 _____ (OldTimer Tools) C:\Users\Simon\Downloads\OTC.exe
2015-01-16 18:55 - 2015-01-16 20:04 - 00000112 _____ () C:\Windows\setupact.log
2015-01-16 18:55 - 2015-01-16 18:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-16 18:53 - 2015-01-16 18:53 - 00000350 _____ () C:\Users\KATY\Documents\cc_20150116_185332.reg
2015-01-16 14:00 - 2015-01-16 14:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-16 13:54 - 2015-01-16 20:09 - 00024987 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 13:54 - 2015-01-16 13:54 - 00000320 _____ () C:\Users\KATY\Documents\cc_20150116_135409.reg
2015-01-16 13:47 - 2015-01-16 13:47 - 00019917 _____ () C:\ComboFix.txt
2015-01-16 13:30 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-16 13:30 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-16 13:30 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-16 13:30 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-16 13:29 - 2015-01-16 13:47 - 00000000 ____D () C:\Qoobox
2015-01-16 13:29 - 2015-01-16 13:45 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 13:28 - 2015-01-16 13:28 - 09741664 _____ (SurfRight B.V.) C:\Users\Simon\Downloads\HitmanPro_x64.exe
2015-01-16 13:22 - 2015-01-16 13:22 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Simon\Downloads\iExplore.exe
2015-01-14 18:14 - 2015-01-16 13:23 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-14 18:14 - 2015-01-14 18:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-14 17:45 - 2015-01-14 17:46 - 00000000 ____D () C:\40bf44113862a7632c
2015-01-14 15:23 - 2015-01-14 15:23 - 00000000 ____D () C:\Users\KATY\Desktop\Scarlett Reaper
2015-01-14 15:22 - 2015-01-14 15:22 - 01707939 _____ (Thisisu) C:\Users\KATY\Desktop\JRT.exe
2015-01-14 15:21 - 2015-01-16 20:59 - 00000000 ____D () C:\Users\KATY\Desktop\Ad Aware Cleaners
2015-01-14 11:53 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:53 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:53 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:53 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:53 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:53 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 11:52 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:52 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:52 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:52 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:52 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:52 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:52 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:13 - 2015-01-13 18:13 - 00000000 ____D () C:\Windows\ERUNT
2015-01-13 17:56 - 2015-01-16 21:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 17:56 - 2015-01-16 20:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 17:56 - 2015-01-15 21:04 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 17:56 - 2015-01-13 17:56 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 17:56 - 2015-01-13 17:56 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-13 17:56 - 2015-01-13 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-13 00:31 - 2015-01-13 17:55 - 00000000 ____D () C:\Users\Simon\AppData\Local\Deployment
2015-01-13 00:31 - 2015-01-13 00:31 - 00000000 ____D () C:\Users\Simon\AppData\Local\Apps\2.0
2015-01-12 18:16 - 2015-01-16 20:03 - 00000000 ____D () C:\AdwCleaner
2015-01-12 18:15 - 2015-01-12 18:15 - 02191360 _____ () C:\Users\KATY\Desktop\AdwCleaner.exe
2015-01-12 17:51 - 2015-01-12 17:51 - 00000000 ____D () C:\NPE
2015-01-12 17:48 - 2015-01-12 17:58 - 00000000 ____D () C:\Users\KATY\AppData\Local\NPE
2015-01-12 17:04 - 2015-01-12 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-10 11:03 - 2015-01-10 11:03 - 00006576 ____N () C:\bootsqm.dat
2015-01-03 11:40 - 2014-11-21 11:35 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 01541632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-03 11:40 - 2014-11-21 11:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-03 11:40 - 2014-11-21 11:33 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-03 11:40 - 2014-11-21 11:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-03 11:40 - 2014-11-21 11:33 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-03 11:40 - 2014-11-21 11:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-03 11:40 - 2014-11-21 11:32 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-03 11:40 - 2014-11-21 10:44 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-03 11:40 - 2014-11-21 10:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-03 11:40 - 2014-11-21 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-03 11:40 - 2014-11-21 10:41 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-03 11:40 - 2014-11-21 10:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-03 11:40 - 2014-11-21 10:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-03 11:40 - 2014-11-21 10:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-03 11:40 - 2014-11-21 10:23 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-03 11:40 - 2014-11-21 09:28 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-03 11:40 - 2014-11-21 08:55 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-03 11:40 - 2014-11-21 07:53 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-03 11:39 - 2014-11-21 11:34 - 12289024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-03 11:39 - 2014-11-21 11:34 - 09058816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-03 11:39 - 2014-11-21 11:34 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-03 11:39 - 2014-11-21 11:33 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-03 11:39 - 2014-11-21 10:43 - 06026240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-03 11:39 - 2014-10-30 02:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-03 11:39 - 2014-10-30 01:46 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-03 11:38 - 2012-06-16 05:15 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-03 11:38 - 2012-06-16 04:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-22 10:39 - 2014-12-22 10:39 - 00439250 _____ () C:\Users\KATY\Documents\cc_20141222_103920.reg
2014-12-21 17:50 - 2015-01-16 20:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 17:48 - 2015-01-16 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 17:48 - 2015-01-16 20:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 17:48 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 17:48 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 17:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-21 16:18 - 2014-12-21 16:18 - 00000000 ____D () C:\Users\KATY\Documents\ProcAlyzer Dumps
2014-12-20 18:27 - 2012-04-11 15:30 - 00442669 _____ () C:\Windows\system32\Drivers\etc\hosts.20141220-182755.backup
2014-12-20 18:22 - 2014-12-20 18:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 18:22 - 2014-12-20 18:22 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-20 18:22 - 2014-12-20 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-20 18:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 20:12 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 20:12 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 20:04 - 2010-07-31 13:49 - 00000000 ____D () C:\Users\KATY\AppData\Local\SoftThinks
2015-01-16 20:04 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 19:03 - 2011-01-15 23:17 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-16 16:29 - 2014-10-08 19:36 - 00000000 ____D () C:\Users\Simon\Desktop\Screenwriting
2015-01-16 13:47 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 13:43 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-15 20:50 - 2014-09-29 08:47 - 00000000 ____D () C:\Users\Simon\Desktop\Personal Info
2015-01-14 19:39 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 17:51 - 2013-12-30 20:52 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 17:51 - 2009-07-14 05:13 - 00766820 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 15:14 - 2014-09-29 08:44 - 00000000 ____D () C:\Users\Simon\Desktop\UNI
2015-01-14 12:04 - 2013-08-06 20:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:54 - 2011-05-23 08:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 18:16 - 2011-08-12 09:49 - 00000000 ____D () C:\Users\KATY\AppData\Local\Google
2015-01-13 17:56 - 2013-01-15 15:06 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 12:40 - 2014-10-08 19:36 - 00000000 ____D () C:\Users\Simon\Desktop\American Int
2015-01-12 17:48 - 2011-01-02 01:31 - 00000000 ____D () C:\ProgramData\Norton
2015-01-12 15:06 - 2014-09-17 20:25 - 00000000 ____D () C:\Users\Simon\Desktop\Scripts
2015-01-12 02:29 - 2014-10-08 19:37 - 00000000 ____D () C:\Users\Simon\Desktop\Adaptation
2015-01-09 23:07 - 2011-07-08 22:52 - 00000000 ____D () C:\Users\KATY\AppData\Local\Deployment
2015-01-09 12:56 - 2014-10-22 08:52 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-09 12:56 - 2014-09-01 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-04 20:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-01-02 18:31 - 2013-11-26 00:54 - 00112728 _____ () C:\Users\KATY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-02 18:24 - 2010-06-12 16:20 - 00000000 ____D () C:\Windows\Panther
2015-01-02 18:22 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-28 01:10 - 2009-07-14 02:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20150109-221325.backup
2014-12-22 21:41 - 2009-07-14 02:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20141228-011043.backup
2014-12-20 19:10 - 2011-05-22 23:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-20 18:27 - 2009-07-14 02:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20141222-214127.backup
 
Some content of TEMP:
====================
C:\Users\KATY\AppData\Local\temp\Quarantine.exe
C:\Users\KATY\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 02:34
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by KATY at 2015-01-16 21:08:27
Running from C:\Users\KATY\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ableton Live 9 Lite (HKLM\...\{AEDFFBCA-66CA-4766-8958-AD6EC6E5589C}) (Version: 9.0.0.0 - Ableton)
Adobe Connect Add-in (HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Bass Station 2.0 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.0 - Novation)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version:  - )
Canon MP220 series User Registration (HKLM-x32\...\Canon MP220 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.4.174 - Final Draft, Inc.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickShare (HKLM-x32\...\{3F012E27-BC6C-43A8-9117-8C1363BCFEBF}) (Version: 1.6.1.827 - Linkury Inc.) <==== ATTENTION
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-01-2015 18:20:03 Windows Modules Installer
03-01-2015 11:40:22 Windows Update
12-01-2015 18:36:11 adwcleaner
14-01-2015 11:53:17 Windows Update
14-01-2015 17:45:12 Windows Update
16-01-2015 13:31:05 ComboFix created restore point
16-01-2015 14:10:26 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2015-01-16 13:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {36EB3ECE-60E3-40B0-B115-827465C3957B} - System32\Tasks\D6TRBDL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {520099FF-AC51-4FB5-AA90-A85DB9B6F9BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6395223B-E5B3-40B5-B3C1-32363D5B7612} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {6823CCA0-9B7C-4F4B-913B-0BEF31B21198} - System32\Tasks\{37D386B3-F131-48D2-9F0F-46F0E5B5FE66} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {6987ADD7-B491-4DB5-B16D-EF1CA7EDD918} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {732C657E-12BD-467B-A5F3-E280098630C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {ADC1B254-1238-4558-8383-F638604A462D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {DFCEA7BE-0573-46B5-BF5B-821796504186} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-06-12 13:49 - 2009-07-17 01:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-06-12 13:49 - 2009-07-17 01:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-06-12 13:59 - 2010-07-21 15:36 - 00783680 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2014-10-21 00:48 - 2014-10-21 00:48 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\c29d8779b3a3599f44e21e017541cd0c\VistaBridgeLibrary.ni.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-06-12 13:59 - 2010-07-21 15:34 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-06-12 13:59 - 2010-07-21 15:34 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-06-12 13:59 - 2010-07-21 15:33 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: googletalk => C:\Users\KATY\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2882669103-2359843712-3705734191-500 - Administrator - Disabled)
Guest (S-1-5-21-2882669103-2359843712-3705734191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2882669103-2359843712-3705734191-1003 - Limited - Enabled)
KATY (S-1-5-21-2882669103-2359843712-3705734191-1000 - Administrator - Enabled) => C:\Users\KATY
Simon (S-1-5-21-2882669103-2359843712-3705734191-1001 - Limited - Enabled) => C:\Users\Simon
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-16 13:42:59.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-16 13:42:58.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 3032.36 MB
Available physical RAM: 1971.42 MB
Total Pagefile: 6062.91 MB
Available Pagefile: 4656.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:156.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 63B76F8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 16 January 2015 - 04:49 PM

Hey, :)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 06:36 PM

Sorry about that. Here is the file....

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/08/2014
Scan Time: 10:52:22
Logfile: malware 2.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.26.01
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KATY
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403790
Time Elapsed: 16 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2882669103-2359843712-3705734191-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [d85119b2a3d8a88e18401699758d41bf], 
 
Registry Values: 3
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [8e9b45867a010531111c7076a75b46ba]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [e643834878032f07ab820dd90cf654ac]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2882669103-2359843712-3705734191-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [db4e18b35526330338cf5c946999a060]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:40 AM

Posted 16 January 2015 - 07:03 PM

Hey, :)
Please uninstall:
- QuickShare

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    Toolbar: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 09:49 PM

Hi, I tried to uninstalls quickshare, but it states that "The feature you are trying to use is on a network resource that is unavailable".



#15 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 January 2015 - 10:29 PM

Hello again, just to update you from my last post. I have managed to remove QuickShare. I will now proceed with your other instructions.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users