Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

chatango.com/static.olark.com malware?


  • This topic is locked This topic is locked
6 replies to this topic

#1 angry@computers

angry@computers

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 April 2015 - 07:28 AM

Hi, for some reason, I keep getting this entry on the ADWCleaner: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com.ipaddress.com_0.localstorage-journal

 

I think it used to be called 'static.olark.com', but now it seems to have changed its name to 'chatango.com'.  The thing is, I never knowingly installed this software, and I have never used it, and have no interest in using it, but it just keeps showing up after ADWCleaner removes it. Any help on this problem would be great.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 AM

Posted 21 April 2015 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#3 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 24 April 2015 - 08:44 AM

  <?xml version="1.0" encoding="UTF-8" ?>
- <logs>
  <record severity="debug" LoggingEventType="1" datetime="2015-04-24T14:00:38.638802+01:00" source="Manual" type="Update" username="SYSTEM" systemname="KATY-PC" fromVersion="2015.3.9.1" last_modified_tag="dc4b5f06-6ba0-44eb-8a17-761276ba6097" name="Remediation Database" toVersion="2015.4.22.1" />
  <record severity="debug" LoggingEventType="1" datetime="2015-04-24T14:00:38.654402+01:00" source="Manual" type="Update" username="SYSTEM" systemname="KATY-PC" fromVersion="2015.2.25.1" last_modified_tag="b7cfd9dd-1f0d-4c10-9239-ac490df7515b" name="Rootkit Database" toVersion="2015.4.21.1" />
  <record severity="debug" LoggingEventType="1" datetime="2015-04-24T14:00:42.960010+01:00" source="Manual" type="Update" username="SYSTEM" systemname="KATY-PC" fromVersion="2015.3.20.3" last_modified_tag="ee3009d7-54b7-4dcf-85c1-5337af3f4bc2" name="Malware Database" toVersion="2015.4.24.2" />
  <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-04-24T14:01:20+01:00" datetime="2015-04-24T14:34:55.831468+01:00" source="Manual" type="Scan" username="SYSTEM" systemname="KATY-PC" last_modified_tag="c6ba297a-0f5e-4d10-9b09-2bc1ea6fd031" duration="2015" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" />
  </logs>

# AdwCleaner v4.201 - Logfile created 20/04/2015 at 20:33:04
# Updated 08/04/2015 by Xplode
# Database : 2015-04-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : KATY - KATY-PC
# Running from : C:\Users\KATY\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7601.18806
 
 
-\\ Google Chrome v42.0.2311.90
 
 
*************************
 
AdwCleaner[R0].txt - [875 bytes] - [07/03/2015 16:14:40]
AdwCleaner[R1].txt - [1189 bytes] - [10/04/2015 14:38:59]
AdwCleaner[R2].txt - [1269 bytes] - [17/04/2015 13:08:30]
AdwCleaner[R3].txt - [1378 bytes] - [17/04/2015 18:22:54]
AdwCleaner[R4].txt - [1356 bytes] - [20/04/2015 20:31:04]
AdwCleaner[S0].txt - [942 bytes] - [07/03/2015 16:27:06]
AdwCleaner[S1].txt - [1260 bytes] - [10/04/2015 14:42:37]
AdwCleaner[S2].txt - [1337 bytes] - [17/04/2015 13:12:05]
AdwCleaner[S3].txt - [1446 bytes] - [17/04/2015 18:25:03]
AdwCleaner[S4].txt - [1212 bytes] - [20/04/2015 20:33:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1271  bytes] ##########


#4 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 24 April 2015 - 08:49 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by KATY (administrator) on KATY-PC on 24-04-2015 14:45:29
Running from C:\Users\KATY\Desktop
Loaded Profiles: KATY (Available profiles: KATY & Simon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FA889BF0-F113-4780-B051-35694C2EC94C} http://download.isvinternet.com/public/ISVFlashIEOnline/ISVFlashIEOnline.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-11-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR Profile: C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (YouTube) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Adblock Plus) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-17]
CHR Extension: (Google Search) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Bookmark Manager) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-24] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-10] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 14:45 - 2015-04-24 14:46 - 00013048 _____ () C:\Users\KATY\Desktop\FRST.txt
2015-04-24 14:45 - 2015-04-24 14:45 - 00000000 ____D () C:\FRST
2015-04-24 14:02 - 2015-04-24 14:02 - 02099712 _____ (Farbar) C:\Users\KATY\Desktop\FRST64.exe
2015-04-24 14:00 - 2015-04-24 14:34 - 00001343 _____ () C:\Users\KATY\Desktop\protection-log-2015-04-24.xml
2015-04-24 13:53 - 2015-04-24 13:54 - 02099712 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2015-04-21 09:37 - 2015-04-24 13:50 - 00000168 _____ () C:\Windows\setupact.log
2015-04-21 09:37 - 2015-04-21 09:37 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-20 20:33 - 2015-04-20 20:33 - 00001351 _____ () C:\Users\KATY\Desktop\AdwCleaner[S4].txt
2015-04-17 18:29 - 2015-04-24 14:14 - 00122259 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 13:05 - 2015-04-17 13:05 - 02217984 _____ () C:\Users\KATY\Desktop\adwcleaner_4.201.exe
2015-04-17 12:43 - 2015-04-17 12:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-17 12:43 - 2015-04-17 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-17 12:37 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-17 12:37 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-17 12:37 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-17 12:37 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-17 12:37 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-17 12:37 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-17 12:37 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-17 12:37 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-17 12:37 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-17 12:36 - 2015-03-27 04:25 - 01540096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-17 12:36 - 2015-03-27 04:25 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-17 12:36 - 2015-03-27 04:25 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-04-17 12:36 - 2015-03-27 04:25 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-17 12:36 - 2015-03-27 04:25 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 12298752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 09064448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 02469888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-04-17 12:36 - 2015-03-27 04:24 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-04-17 12:36 - 2015-03-27 04:23 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-17 12:36 - 2015-03-27 04:23 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-17 12:36 - 2015-03-27 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-17 12:36 - 2015-03-27 04:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-17 12:36 - 2015-03-27 04:04 - 06030848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-17 12:36 - 2015-03-27 04:04 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-04-17 12:36 - 2015-03-27 04:03 - 11026944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-17 12:36 - 2015-03-27 04:03 - 02087936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-17 12:36 - 2015-03-27 04:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-17 12:36 - 2015-03-27 04:03 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-17 12:36 - 2015-03-27 04:03 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-17 12:36 - 2015-03-27 04:03 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-17 12:36 - 2015-03-27 04:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-17 12:36 - 2015-03-27 04:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2015-04-17 12:36 - 2015-03-27 04:02 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-17 12:36 - 2015-03-27 04:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-17 12:36 - 2015-03-27 04:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-17 12:36 - 2015-03-27 04:02 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-17 12:36 - 2015-03-27 03:46 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-17 12:36 - 2015-03-27 03:33 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-17 12:36 - 2015-03-27 03:22 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-17 12:36 - 2015-03-27 03:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-17 12:36 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-17 12:36 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-17 12:36 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-17 12:36 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-17 12:36 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-17 12:36 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-17 12:36 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-17 12:36 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-17 12:36 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-17 12:36 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-17 12:36 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-17 12:36 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-17 12:36 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-17 12:36 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-17 12:36 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-17 12:36 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-17 12:36 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-17 12:36 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-17 12:36 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 12:36 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-17 12:36 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-17 12:36 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-17 12:36 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-17 12:36 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-17 12:36 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-17 12:36 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-17 12:36 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-17 12:36 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-17 12:36 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-17 12:36 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-17 12:36 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-17 12:36 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-17 12:36 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-17 12:36 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-17 12:36 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-17 12:36 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-17 12:36 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-17 12:36 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-17 12:36 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-17 12:36 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-17 12:36 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-17 12:36 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-17 12:36 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-17 12:36 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-17 12:36 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-17 12:36 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 12:36 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-17 12:36 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-17 12:36 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-17 12:36 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 12:36 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-17 12:32 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 12:32 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 12:32 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-17 12:32 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 17:53 - 2015-04-04 17:53 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 14:45 - 2015-01-24 15:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 14:00 - 2015-03-07 16:14 - 00000000 ____D () C:\AdwCleaner
2015-04-24 14:00 - 2015-02-17 14:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 13:59 - 2015-01-24 15:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 13:59 - 2010-07-31 14:49 - 00000000 ____D () C:\Users\KATY\AppData\Local\SoftThinks
2015-04-24 13:58 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 13:58 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 13:55 - 2011-01-16 00:17 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-24 13:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 20:11 - 2014-09-17 21:25 - 00000000 ____D () C:\Users\Simon\Desktop\Scripts
2015-04-20 13:29 - 2013-08-06 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 13:21 - 2011-05-23 09:04 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-17 18:20 - 2011-01-09 22:56 - 00000000 ____D () C:\Users\KATY\Documents\CV's and Employment
2015-04-17 18:16 - 2010-07-31 14:49 - 00000000 ____D () C:\Users\KATY
2015-04-17 17:47 - 2015-01-24 15:35 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 13:21 - 2014-09-13 20:56 - 00000000 ____D () C:\Windows\pss
2015-04-17 12:56 - 2014-12-10 20:09 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-17 12:56 - 2014-05-26 18:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-17 12:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-17 12:55 - 2011-04-08 12:37 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Skype
2015-04-17 12:50 - 2010-06-12 15:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-17 12:48 - 2013-12-30 21:52 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-17 12:48 - 2009-07-14 06:13 - 00766820 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 12:44 - 2011-03-29 21:28 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 12:43 - 2014-07-27 13:05 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-17 12:43 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-10 14:29 - 2015-01-14 19:14 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-08 14:34 - 2014-05-24 12:54 - 00004608 _____ () C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-08 13:21 - 2014-09-29 09:47 - 00000000 ____D () C:\Users\Simon\Desktop\Personal Info
2015-03-31 14:35 - 2014-10-08 20:36 - 00000000 ____D () C:\Users\Simon\Desktop\American Int
2015-03-31 14:17 - 2014-10-22 09:52 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-31 14:17 - 2014-09-01 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
==================== Files in the root of some directories =======
 
2012-04-16 15:58 - 2012-09-08 11:04 - 0006228 _____ () C:\Users\KATY\AppData\Roaming\My Profile.xml
2010-08-09 13:52 - 2014-05-14 14:22 - 0000274 _____ () C:\Users\KATY\AppData\Roaming\wklnhst.dat
2011-08-16 16:33 - 2014-03-20 12:33 - 0005120 _____ () C:\Users\KATY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-29 21:30 - 2011-03-29 21:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-12-16 17:28 - 2013-12-16 17:28 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some content of TEMP:
====================
C:\Users\KATY\AppData\Local\temp\Quarantine.exe
C:\Users\KATY\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 16:48
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by KATY at 2015-04-24 14:46:31
Running from C:\Users\KATY\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2882669103-2359843712-3705734191-500 - Administrator - Disabled)
Guest (S-1-5-21-2882669103-2359843712-3705734191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2882669103-2359843712-3705734191-1003 - Limited - Enabled)
KATY (S-1-5-21-2882669103-2359843712-3705734191-1000 - Administrator - Enabled) => C:\Users\KATY
Simon (S-1-5-21-2882669103-2359843712-3705734191-1001 - Limited - Enabled) => C:\Users\Simon
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ableton Live 9 Lite (HKLM\...\{AEDFFBCA-66CA-4766-8958-AD6EC6E5589C}) (Version: 9.0.0.0 - Ableton)
Adobe Connect Add-in (HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4334 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
Bass Station 2.0 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.0 - Novation)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version:  - )
Canon MP220 series User Registration (HKLM-x32\...\Canon MP220 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.5.178 - Final Draft, Inc.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-03-2015 17:02:47 Removed Adobe Reader XI (11.0.10).
13-03-2015 15:45:40 Scheduled Checkpoint
15-03-2015 16:13:05 Windows Update
27-03-2015 15:27:48 Scheduled Checkpoint
03-04-2015 16:57:15 Scheduled Checkpoint
04-04-2015 17:53:13 Windows Update
15-04-2015 14:00:12 Scheduled Checkpoint
17-04-2015 12:37:50 Windows Update
20-04-2015 13:21:03 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-04-10 14:36 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {072300AD-235C-4FE5-A499-02C004904DAE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1CB215DD-7EB1-4BE1-BFC1-BB479542E596} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {36EB3ECE-60E3-40B0-B115-827465C3957B} - System32\Tasks\D6TRBDL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {520099FF-AC51-4FB5-AA90-A85DB9B6F9BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6823CCA0-9B7C-4F4B-913B-0BEF31B21198} - System32\Tasks\{37D386B3-F131-48D2-9F0F-46F0E5B5FE66} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {6987ADD7-B491-4DB5-B16D-EF1CA7EDD918} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {7F782C4D-9915-4576-A9B3-38E452578432} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {ADC1B254-1238-4558-8383-F638604A462D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {CB1EBFEB-4493-4E99-9ED8-807359E0826D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D48B1A38-D61A-479B-89CA-606CB2BE1432} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {DFCEA7BE-0573-46B5-BF5B-821796504186} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {ED61BC4E-850B-4531-82F9-99A95E073925} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F7109B76-4CA3-4AEB-B16D-8A9BAB26AF71} - System32\Tasks\{9DFCF029-FD9C-4B80-B326-909827D973B2} => Iexplore.exe http://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-06-12 14:49 - 2009-07-17 02:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-06-12 14:49 - 2009-07-17 02:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-06-12 14:59 - 2010-07-21 16:36 - 00783680 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2010-06-12 14:59 - 2010-07-21 16:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-06-12 14:59 - 2010-07-21 16:34 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-06-12 14:59 - 2010-07-21 16:34 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2015-04-17 17:47 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 17:47 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\KATY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^KATY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: googletalk => C:\Users\KATY\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2015 09:40:53 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (04/15/2015 01:54:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/15/2015 01:54:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Dependent Assembly UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/15/2015 01:53:28 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/15/2015 01:53:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/12/2015 08:57:36 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (04/10/2015 04:25:56 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/10/2015 04:25:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Dependent Assembly UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/10/2015 04:25:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/10/2015 04:25:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/20/2015 08:33:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (04/20/2015 08:33:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (04/20/2015 08:33:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (04/20/2015 08:33:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/20/2015 08:33:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2015 08:33:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2015 08:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2015 08:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2015 08:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2015 08:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (04/19/2015 09:40:53 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (04/15/2015 01:54:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLLC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL2
 
Error: (04/15/2015 01:54:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe
 
Error: (04/15/2015 01:53:28 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2
 
Error: (04/15/2015 01:53:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (04/12/2015 08:57:36 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (04/10/2015 04:25:56 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLLC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL2
 
Error: (04/10/2015 04:25:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe
 
Error: (04/10/2015 04:25:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2
 
Error: (04/10/2015 04:25:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-16 13:42:59.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-16 13:42:58.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 4056.36 MB
Available physical RAM: 2273.49 MB
Total Pagefile: 8110.92 MB
Available Pagefile: 5958.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:150.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 63B76F8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 AM

Posted 24 April 2015 - 10:41 AM

Nothing suspicious was found on your logs.

If the problem persists try this.

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 AM

Posted 30 April 2015 - 08:00 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 AM

Posted 06 May 2015 - 10:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users