Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Chrome Instances


  • This topic is locked This topic is locked
17 replies to this topic

#1 GothamExpat

GothamExpat

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 16 July 2015 - 11:34 AM

Hi there and thanks in advance for your help. My name is Kat.

 

I have multiple instances of Chrome running consistently making my computer as slow as molasses in January. I downloaded and ran the MalwareBytes file and it found nothing. I tried to download FRST.exe as instructed, but Norton catches it and removes it. Which is kind of ironic, seeing as it didn't catch whatever infected the machine in the first place. But I digress. What do I do next? If this is answered somewhere else, I apologize, I am brand new to the site.

 

Thanks again.



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:34 PM

Posted 17 July 2015 - 01:22 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

FRST is a safe program, so please temporarily disable norton real-time protection as described here and then download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 GothamExpat

GothamExpat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 17 July 2015 - 07:42 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Kat (administrator) on KAT-PC on 17-07-2015 08:27:43
Running from C:\Users\Kat\Downloads
Loaded Profiles: Kat & UpdatusUser (Available Profiles: Kat & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.7.0.11\n360.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.7.0.11\n360.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lexmark Pro910 Series\LMADJmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-04-02] (CyberLink Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-05-02] (RealNetworks, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [LMADJmon] => C:\Program Files\Lexmark Pro910 Series\LMADJmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-13] (Google Inc.)
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Run: [Facebook Update] => C:\Users\Kat\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-15] (Facebook Inc.)
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Run: [LMADJmon] => C:\Program Files\Lexmark Pro910 Series\LMADJmon.exe [952496 2012-09-07] ()
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Run: [OneDrive] => C:\Users\Kat\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-13] (Microsoft Corporation)
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Run: [Dropbox Update] => C:\Users\Kat\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\MountPoints2: {c349e406-e571-11e2-8a79-001d090fb723} - F:\iStudio.exe
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\MountPoints2: {d08849c0-3be8-11e4-988a-001d090fb723} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Kat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-10-02]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-16234375-3309802218-1078092072-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-16234375-3309802218-1078092072-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-16234375-3309802218-1078092072-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-16234375-3309802218-1078092072-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-26] (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{656BE0D7-0DD6-408A-8A38-6368E9AF766D}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A34F6458-E733-4903-8852-C26923225272}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2013-05-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-05-02] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-16234375-3309802218-1078092072-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kat\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-16234375-3309802218-1078092072-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kat\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-02]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-07-16]
 
Chrome: 
=======
CHR Profile: C:\Users\Kat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\Kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-09]
CHR Extension: (Norton Identity Safe) - C:\Users\Kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]
CHR Extension: (Google Wallet) - C:\Users\Kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 N360; C:\Program Files\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1093888 2011-12-12] (Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx86.sys [1181424 2015-06-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-07-14] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150716.001\IDSvix86.sys [523512 2015-07-12] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150716.009\NAVENG.SYS [104440 2015-07-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150716.009\NAVEX15.SYS [1645432 2015-07-16] (Symantec Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1507000.00B\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1507000.00B\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1507000.00B\SYMEFA.SYS [936152 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-14] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1507000.00B\SYMNETS.SYS [447704 2014-08-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 08:27 - 2015-07-17 08:28 - 00019760 _____ C:\Users\Kat\Downloads\FRST.txt
2015-07-17 08:26 - 2015-07-17 08:28 - 00000000 ____D C:\FRST
2015-07-17 08:20 - 2015-07-17 08:20 - 01636864 _____ (Farbar) C:\Users\Kat\Downloads\FRST (2).exe
2015-07-17 08:20 - 2015-07-17 08:20 - 01636864 _____ (Farbar) C:\Users\Kat\Downloads\FRST (1).exe
2015-07-17 08:19 - 2015-07-17 08:19 - 01636864 _____ (Farbar) C:\Users\Kat\Downloads\FRST.exe
2015-07-16 21:19 - 2015-07-17 08:09 - 00000646 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-16234375-3309802218-1078092072-1000.job
2015-07-16 11:35 - 2015-07-16 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-16 11:35 - 2015-07-16 11:35 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 11:34 - 2015-07-16 12:02 - 00000000 ____D C:\Users\Kat\Desktop\mbar
2015-07-16 11:32 - 2015-07-16 11:33 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kat\Downloads\mbar-1.09.1.1004 (1).exe
2015-07-16 11:30 - 2015-07-16 11:32 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kat\Downloads\mbar-1.09.1.1004.exe
2015-07-16 11:19 - 2015-07-16 11:19 - 00000000 ____D C:\Users\Kat\AppData\Local\GWX
2015-07-15 21:22 - 2015-07-15 21:22 - 00000000 ____D C:\Users\Kat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-15 21:20 - 2015-07-17 08:25 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000UA.job
2015-07-15 21:20 - 2015-07-16 21:25 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000Core.job
2015-07-15 21:20 - 2015-07-15 21:20 - 00000000 ____D C:\Users\Kat\AppData\Local\Dropbox
2015-07-15 21:20 - 2015-07-15 21:20 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-15 04:07 - 2015-07-15 04:07 - 00000000 __SHD C:\found.001
2015-07-14 17:11 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 17:11 - 2015-06-25 04:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 17:11 - 2015-06-19 14:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 17:11 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 17:11 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 17:11 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 17:11 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 17:11 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 17:11 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 17:11 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 17:11 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 17:11 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 17:11 - 2015-06-19 14:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 17:11 - 2015-06-19 14:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 17:11 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 17:11 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 17:11 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 17:11 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 17:11 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 17:11 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 17:11 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 17:11 - 2015-06-19 13:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 17:11 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 17:11 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 17:11 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 17:11 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 17:10 - 2015-07-01 16:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 17:10 - 2015-07-01 16:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 17:10 - 2015-07-01 16:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 17:10 - 2015-07-01 16:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 17:10 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 17:10 - 2015-07-01 16:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 17:10 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 17:10 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 17:10 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 17:10 - 2015-07-01 15:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 17:10 - 2015-07-01 15:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 17:10 - 2015-07-01 15:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 17:08 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 17:08 - 2015-06-15 17:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 17:08 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 17:08 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 17:08 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 17:08 - 2015-06-15 17:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 17:08 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 17:08 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 17:07 - 2015-07-09 13:44 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 17:07 - 2015-07-09 13:43 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 17:07 - 2015-07-09 13:42 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 17:07 - 2015-07-09 13:42 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 17:07 - 2015-07-09 13:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 17:07 - 2015-07-09 13:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 17:07 - 2015-07-09 13:42 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 17:07 - 2015-07-09 13:34 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 17:07 - 2015-06-03 16:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-14 17:04 - 2015-06-17 13:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 17:04 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-07-14 17:04 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-14 17:04 - 2015-05-25 14:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-14 17:04 - 2015-05-25 14:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-14 17:04 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-14 17:04 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-14 17:04 - 2015-05-25 14:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-14 17:04 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-14 17:04 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-14 17:04 - 2015-05-25 14:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-14 17:04 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-14 17:04 - 2015-05-25 14:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-14 17:04 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-14 17:04 - 2015-05-25 14:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-14 17:04 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-14 17:04 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-14 17:04 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-14 17:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-14 17:04 - 2015-05-25 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-14 17:04 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 17:04 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 17:04 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 17:04 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 17:04 - 2015-04-10 23:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-14 16:45 - 2015-07-09 13:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 16:45 - 2015-07-09 13:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 16:45 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 16:45 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 16:45 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 16:45 - 2015-07-09 13:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 16:45 - 2015-07-09 13:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 16:45 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 16:45 - 2015-07-09 13:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 16:45 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 16:45 - 2015-07-09 13:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 16:44 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-14 16:44 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-14 16:44 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-14 16:44 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-14 16:44 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-14 16:43 - 2015-07-03 13:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-14 16:43 - 2015-07-03 13:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-14 16:43 - 2015-07-03 13:56 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-14 16:43 - 2015-07-03 13:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-14 16:43 - 2015-07-03 12:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-14 16:43 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 16:43 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 16:43 - 2015-05-08 23:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-14 16:43 - 2015-05-08 23:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-14 16:43 - 2015-05-08 23:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-14 16:43 - 2015-05-08 23:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-14 16:43 - 2015-05-08 23:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 21:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-14 16:43 - 2015-05-08 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-14 16:43 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-14 16:42 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 16:42 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 16:42 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 16:42 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 16:42 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 16:42 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-17 08:27 - 2012-12-13 12:54 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 08:25 - 2013-04-08 09:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 08:24 - 2009-07-14 00:34 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 08:24 - 2009-07-14 00:34 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 08:09 - 2014-04-09 14:35 - 00000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-16234375-3309802218-1078092072-1000.job
2015-07-17 08:09 - 2014-02-15 12:44 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000UA.job
2015-07-17 08:09 - 2013-04-07 23:17 - 01746751 _____ C:\Windows\WindowsUpdate.log
2015-07-16 21:27 - 2012-12-13 12:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 12:13 - 2014-11-12 08:09 - 00000000 __SHD C:\Users\Kat\AppData\Local\EmieBrowserModeList
2015-07-16 12:13 - 2014-05-07 08:11 - 00000000 __SHD C:\Users\Kat\AppData\Local\EmieUserList
2015-07-16 12:13 - 2014-05-07 08:11 - 00000000 __SHD C:\Users\Kat\AppData\Local\EmieSiteList
2015-07-16 12:00 - 2013-05-15 19:36 - 00000000 ____D C:\ProgramData\LexmarkUpdate
2015-07-16 11:49 - 2014-02-15 12:44 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000Core.job
2015-07-16 11:35 - 2013-11-14 11:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-07-16 03:21 - 2010-11-20 17:48 - 00504592 _____ C:\Windows\PFRO.log
2015-07-16 03:21 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 03:21 - 2009-07-14 00:39 - 00047447 _____ C:\Windows\setupact.log
2015-07-16 03:18 - 2015-04-27 04:08 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-15 21:24 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-07-15 21:23 - 2014-07-06 17:15 - 00000000 ___RD C:\Users\Kat\Dropbox
2015-07-15 21:23 - 2014-07-06 17:10 - 00000000 ____D C:\Users\Kat\AppData\Roaming\Dropbox
2015-07-15 04:16 - 2010-11-20 17:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-15 04:10 - 2009-07-14 00:33 - 00412488 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 04:01 - 2015-04-27 04:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 04:01 - 2014-05-07 03:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 03:44 - 2013-08-08 03:06 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 03:29 - 2013-04-07 22:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 15:27 - 2013-04-08 09:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 15:27 - 2013-04-08 09:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 15:16 - 2014-01-18 16:55 - 00002136 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 15:10 - 2012-12-13 12:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-03 08:49 - 2013-04-07 23:26 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2013-08-08 09:00 - 2013-08-08 09:00 - 0000132 _____ () C:\Users\Kat\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-10-09 08:48 - 2014-10-09 08:48 - 0000049 _____ () C:\Users\Kat\AppData\Roaming\mbam.context.scan
2013-11-20 12:17 - 2014-11-18 08:44 - 0007639 _____ () C:\Users\Kat\AppData\Local\Resmon.ResmonCfg
2013-04-08 11:42 - 2014-08-18 09:04 - 0038736 _____ () C:\ProgramData\LMADJscan.log
2013-11-15 10:36 - 2013-11-15 10:36 - 0000592 _____ () C:\ProgramData\tmp215C.tmp
 
Some files in TEMP:
====================
C:\Users\Kat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcikyyu.dll
C:\Users\Kat\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-15 04:39
 
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Kat at 2015-07-17 08:29:36
Running from C:\Users\Kat\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-16234375-3309802218-1078092072-500 - Administrator - Disabled)
Guest (S-1-5-21-16234375-3309802218-1078092072-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-16234375-3309802218-1078092072-1002 - Limited - Enabled)
Kat (S-1-5-21-16234375-3309802218-1078092072-1000 - Administrator - Enabled) => C:\Users\Kat
UpdatusUser (S-1-5-21-16234375-3309802218-1078092072-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.00.595.5857 - ABBYY) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 2009815776.48.56.23727338 - Audible, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Dropbox (HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Lexmark Pro910 Series Uninstaller (HKLM\...\Lexmark Pro910 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-16234375-3309802218-1078092072-1000\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Norton Security Suite (HKLM\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5202 - CyberLink Corp.)
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Kat\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Kat\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\localserver32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Kat\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{82E5DF24-51E8-47CD-864A-F4BD5005AA73}\InprocServer32 -> C:\Users\Kat\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\iCloud.ocx (Apple Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kat\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Kat\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Kat\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Kat\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\localserver32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Kat\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Kat\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Kat\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Kat\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kat\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kat\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FCD8FB20-15AE-3264-0989-17897C15B3F7}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Kat\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-16234375-3309802218-1078092072-1003_Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\InprocServer32 -> C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
 
==================== Restore Points =========================
 
15-07-2015 03:03:21 Windows Update
15-07-2015 22:18:02 Norton Security Suite Registry
16-07-2015 03:00:32 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0146C645-94BB-4D17-91B6-770CEA45F806} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000Core => C:\Users\Kat\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
Task: {07A570C0-9D4A-4151-8B7C-B90C488CFC00} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-16234375-3309802218-1078092072-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {1AA686A6-6935-40C0-86FB-4990236FE24E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {20D2CBB3-BF79-4E18-9360-44BBEDDE8FD9} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe
Task: {4048E8EB-C8E9-4861-9541-1551D725B733} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {43590A55-A8D2-425C-BC0B-E9BF9E3A4B79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4B1637F3-22AB-4A1B-B29A-EC27D00EF6C6} - System32\Tasks\ReclaimerUpdateXML_Kat => C:\Users\Kat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-14] (RealNetworks, Inc.)
Task: {4F3C89C3-4944-4C75-85B0-3E6BA05E7BFE} - System32\Tasks\RNUpgradeHelperResumePrompt_Kat => C:\Users\Kat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-14] (RealNetworks, Inc.)
Task: {5A66230B-63C9-45B4-99D4-64C05679113B} - System32\Tasks\RNUpgradeHelperLogonPrompt_Kat => C:\Users\Kat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-14] (RealNetworks, Inc.)
Task: {706873D6-DA23-41D0-9574-E2FA37AC5227} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {74451E95-6A54-43C4-9C75-8EC3396E5E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-16234375-3309802218-1078092072-1000 => C:\Users\Kat\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-07-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7903FFB7-B7C8-4E4C-AECA-39A125A1B081} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {7F39C790-09EA-439E-862C-E784EA001232} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000UA => C:\Users\Kat\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
Task: {87A5BBA3-A618-426D-931F-062A0FBAC0BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000UA => C:\Users\Kat\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-15] (Facebook Inc.)
Task: {8938B287-26E2-41D2-AF23-FD23AFC12C08} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000Core => C:\Users\Kat\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-15] (Facebook Inc.)
Task: {8B1E03D3-B440-4A75-8D99-C2EF74F3E392} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {A9742D37-A588-49AA-971E-B00A47BB9D01} - System32\Tasks\AdobeAAMUpdater-1.0-Kat-PC-Kat => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {BAC0FFE2-24EB-4D2D-8608-46BE7AF32CD4} - System32\Tasks\G2MUploadTask-S-1-5-21-16234375-3309802218-1078092072-1000 => C:\Users\Kat\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-07-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C14592DC-7B21-4FCA-AD53-821E5E70F253} - System32\Tasks\ReclaimerUpdateFiles_Kat => C:\Users\Kat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-14] (RealNetworks, Inc.)
Task: {C3D20E0C-3729-4078-AE6F-0D313302856C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-16234375-3309802218-1078092072-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {CA0D449E-8D95-4D9A-A5F2-F910508014F7} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E268F36A-FB29-48F6-B2CA-56AC72E3F8FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {F7EF1D48-1F22-438E-A199-7C8A42F619F1} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F8CA352C-404F-48FE-9FA7-36015414454C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000Core.job => C:\Users\Kat\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000UA.job => C:\Users\Kat\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000Core.job => C:\Users\Kat\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-16234375-3309802218-1078092072-1000UA.job => C:\Users\Kat\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-16234375-3309802218-1078092072-1000.job => C:\Users\Kat\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-16234375-3309802218-1078092072-1000.job => C:\Users\Kat\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-04-13 03:06 - 2013-01-31 05:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-24 12:48 - 2012-09-07 02:40 - 00952496 _____ () C:\Program Files\Lexmark Pro910 Series\LMADJmon.exe
2014-02-24 12:48 - 2012-08-22 06:05 - 01490944 _____ () C:\Program Files\Lexmark Pro910 Series\lmabdrs.dll
2014-02-24 12:48 - 2012-08-07 07:40 - 00645296 _____ () C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
2014-02-24 12:48 - 2012-08-07 07:37 - 00217088 _____ () C:\Program Files\Lexmark\ErrorApp\lmab1err.dll
2015-07-14 15:16 - 2015-07-13 17:55 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 15:16 - 2015-07-13 17:55 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-14 15:16 - 2015-07-13 17:55 - 16308040 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-16234375-3309802218-1078092072-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-16234375-3309802218-1078092072-1003\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{288EEB46-A1B6-4F54-B33A-50DDD87DAEEA}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{4804EDB3-C89E-40AB-B793-054D7CA7F8D9}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{F0B1AEE0-E62C-4B1D-A946-B80308B1763A}] => (Allow) C:\Users\Kat\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{C64D6614-9D1A-4081-BA56-1EB3E60B8D3D}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E316FC00-687A-4ED1-8CF7-20F2DE320C8A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{45170FA8-71FF-4BD8-AE6A-7DAD601934BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6C7F6CEE-E549-4E37-BFD2-29AB5A095E2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F42143C5-462F-40B2-97FA-24C010EE60E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AAFDEB80-0EC8-47B8-9592-F7409A0D22BA}] => (Allow) C:\Users\Kat\AppData\Local\Temp\7zS6CD.tmp\SymNRT.exe
FirewallRules: [{A7F47C06-A954-4763-85FE-A81CBA1E298C}] => (Allow) C:\Users\Kat\AppData\Local\Temp\7zS6CD.tmp\SymNRT.exe
FirewallRules: [{40E94F10-F467-4E44-8089-6D7B0D83893B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B5C364D7-3FA6-435A-B77B-DA527417482D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{16615441-EAC8-4C6B-AA91-DAC72D1A1155}] => (Allow) C:\Users\Kat\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{113DCCBB-2270-4C33-88C4-E432D78A5157}] => (Allow) C:\Users\Kat\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A4DB9265-5530-4A41-A282-122AE00FA2D0}] => (Allow) C:\Users\Kat\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{C0CD6626-D710-4865-9F5C-C0555CBD06A0}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{CD4A74E3-8EE7-407E-926B-4DA4CEA1687A}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{6FF5F074-F5FE-4CF1-9BED-E5656A202A71}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{C34FC55A-EBC8-4B25-A52C-816B1E9A0257}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{7B87EC91-1316-4D57-973F-BAB503389FC1}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{2B4FBA40-2826-4322-AE31-21CE85A7132B}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{1939F90D-EE0D-4D61-9C80-EAE1BD720B34}] => (Allow) C:\Program Files\Lexmark Pro910 Series\LMADJmon.exe
FirewallRules: [{39CA17D5-A6A5-400A-8957-B25B4C167263}] => (Allow) C:\Program Files\Lexmark Pro910 Series\LMADJmon.exe
FirewallRules: [{4DD3EF3E-E735-4449-ABD3-F3B256657BCA}] => (Allow) C:\Program Files\Lexmark Pro910 Series\LMADJlscn.exe
FirewallRules: [{4FBD2F0A-1FA1-45D6-83CD-8D84BDB3705B}] => (Allow) C:\Program Files\Lexmark Pro910 Series\LMADJlscn.exe
FirewallRules: [{B440B5A3-172D-4DD6-A65D-C0EBAF67E27D}] => (Allow) C:\Program Files\Lexmark Pro910 Series\LMabscw.dll
FirewallRules: [{5B802986-D994-4A3F-950B-CD0CB0368440}] => (Allow) C:\Program Files\Lexmark Pro910 Series\LMabscw.dll
FirewallRules: [{DBF647A0-6060-40C6-BD37-3200EE69CAFE}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{DB19775E-130C-491B-8F69-FA68CEB0CD94}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{10B77A09-DC8E-4BD7-82E8-7B7278F1FF33}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{D035180B-6DDA-49FE-A52C-8FB9307DB9E5}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{EBD1AD3B-37B8-448E-BD2B-DFEA043FB6EC}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{BBF5B532-523F-493D-BA57-8A96F04779B7}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{18ED1D8D-3A12-4544-AF61-FADBD57F3929}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{EE07A91C-109C-415B-980F-EDA4C9BB3C0B}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{7EB5EC49-BEAE-4AA6-84E9-7599B4C1627C}] => (Allow) C:\Windows\system32\lmadj_32coms.exe
FirewallRules: [TCP Query User{41C1431D-C8EE-4D5C-9E86-9FE29EF84017}C:\program files\lexmark pro910 series\lmadjmon.exe] => (Allow) C:\program files\lexmark pro910 series\lmadjmon.exe
FirewallRules: [UDP Query User{52C17654-4AD7-425E-B075-84DAD2B0C485}C:\program files\lexmark pro910 series\lmadjmon.exe] => (Allow) C:\program files\lexmark pro910 series\lmadjmon.exe
FirewallRules: [{09634406-44C0-471B-9100-CF2BA6DC72DE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2015 08:09:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32143335
 
Error: (07/17/2015 08:09:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32143335
 
Error: (07/17/2015 08:09:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2015 08:09:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32142134
 
Error: (07/17/2015 08:09:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32142134
 
Error: (07/17/2015 08:09:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2015 08:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32140901
 
Error: (07/17/2015 08:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32140901
 
Error: (07/17/2015 08:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/16/2015 11:13:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15413
 
 
System errors:
=============
Error: (07/16/2015 03:00:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (07/15/2015 09:33:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (07/15/2015 09:33:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (07/15/2015 09:33:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (07/15/2015 03:00:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (07/14/2015 05:10:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/14/2015 05:10:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/14/2015 05:10:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/14/2015 05:10:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/14/2015 05:10:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Windows.
 
 
Microsoft Office:
=========================
Error: (07/17/2015 08:09:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32143335
 
Error: (07/17/2015 08:09:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32143335
 
Error: (07/17/2015 08:09:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2015 08:09:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32142134
 
Error: (07/17/2015 08:09:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32142134
 
Error: (07/17/2015 08:09:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2015 08:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32140901
 
Error: (07/17/2015 08:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32140901
 
Error: (07/17/2015 08:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/16/2015 11:13:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15413
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 57%
Total physical RAM: 1982.43 MB
Available physical RAM: 850.91 MB
Total Virtual: 3964.86 MB
Available Virtual: 2360.43 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:71.03 GB) (Free:15.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 3D4B3C11)
Partition 1: (Active) - (Size=3.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=71 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:34 PM

Posted 17 July 2015 - 11:35 AM

Hello,

 

 

It is completely normal to have multiple instances of chrome.exe if you have multiple tabs opened at the same time.

Your problem is probably related to errors in the Windows File System:

 

Error: (07/14/2015 05:10:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

 

 

Run CHKDSK to check for disk errors
 

  • Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "Run as administrator".
  • At the command prompt, copy and paste the following command chkdsk c: /x /f /r and then press Enter. (There is a free space between chkdsk /x /f and /r and the command is case sensitive).
  • If you are prompted to schedule CHKDSK to run the next time the computer restarts (because CHKDSK may be unable to gain exclusive access to the drive under Windows), type the following text y, and then press Enter.
  • At the command prompt, type exit and then press Enter.
  • Restart your computer. While Windows is loading, CHKDSK should automatically run and check the drive that you specified earlier.
    This process can take up to an hour or even more!
  • When all is done and you are back into normal mode click Start => and type in eventvwr.msc and then hit Enter.
  • Once Event Viewer is open, select Windows logs => Application  => The 3th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
  • Scroll through the Source column to find the most recent entry titled WinInit and id of 1001.
  • Double-click WinInit to open the CHKDSK results.
  • Click on the Copy button and post the result in your next reply.

 

Check the link below if you need more info on how to retrieve the log file:

 

www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html

 

 

 

Regards,

Georgi

 


cXfZ4wS.png


#5 GothamExpat

GothamExpat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 17 July 2015 - 12:25 PM

+ System
    - Provider
      [ Name] Microsoft-Windows-Wininit       [ Guid] {206f6dea-d3c5-4d10-bc72-989f03c8b84b}       [ EventSourceName] Wininit
    - EventID 1001
      [ Qualifiers] 16384
      Version 0       Level 4       Task 0       Opcode 0       Keywords 0x80000000000000     - TimeCreated
      [ SystemTime] 2015-07-15T08:10:30.000000000Z
      EventRecordID 74138       Correlation     - Execution
      [ ProcessID] 0       [ ThreadID] 0
      Channel Application       Computer Kat-PC       Security
- EventData
      Checking file system on C: The type of the file system is NTFS. Volume label is Windows. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 3)... Attribute record of type 0x80 and instance tag 0x0 is cross linked starting at 0xb75625 for possibly 0x1f clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x0 in file 0xe243 is already in use. The attribute of type 0x80 and instance tag 0x0 in file 0xe243 has allocated length of 0x7de0000 instead of 0x2024000. Deleted corrupt attribute list entry with type code 128 in file 57923. Unable to locate attribute with instance tag 0x0 and segment reference 0x79000000003635. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 13877. Unable to locate attribute with instance tag 0x0 and segment reference 0x76c00000000cd5a. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 52570. Unable to locate attribute with instance tag 0x0 and segment reference 0x1b0000000016d29. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 93481. Unable to locate attribute with instance tag 0x0 and segment reference 0xc000000023187. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 143751. Unable to locate attribute with instance tag 0x0 and segment reference 0xb0000000231fb. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 143867. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0xb75384 for possibly 0x2a1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x17a0e is already in use. Deleting corrupt attribute record (128, "") from file record segment 96782. 149248 file records processed. File verification completed. Deleting orphan file record segment 13877. Deleting orphan file record segment 52570. 580 large file records processed. 0 bad file records processed. 0 EA records processed. 67 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... Index entry snapshot.etl of index $I30 in file 0x83cd points to unused file 0xe347. Deleting index entry snapshot.etl in index $I30 of file 33741. Index entry snapshot.etl of index $I30 in file 0xe2a4 points to unused file 0x1201a. Deleting index entry snapshot.etl in index $I30 of file 58020. 196142 index entries processed. Index verification completed. CHKDSK is scanning unindexed files for reconnect to their original directory. Recovering orphaned file IRONST~1.LOG (12397) into directory file 61428. Recovering orphaned file IronState.dat.log (12397) into directory file 61428. Recovering orphaned file {7089B~1 (33741) into directory file 1754. Recovering orphaned file {7089b0bf-93ec-44f4-a733-4c67dfb90d97} (33741) into directory file 1754. Recovering orphaned file {82290~1 (58020) into directory file 1754. Recovering orphaned file {82290750-cfc9-413e-8eb3-86f7c9cd0406} (58020) into directory file 1754. Recovering orphaned file {8FAD1~1 (61385) into directory file 1754. Recovering orphaned file {8fad131b-61c2-4b22-b667-288ca6c9a20c} (61385) into directory file 1754. 6 unindexed files scanned. Recovering orphaned file {8FFBB~1 (72287) into directory file 1754. Recovering orphaned file {8ffbb671-4a4c-455f-ad11-4cfef83b1584} (72287) into directory file 1754. CHKDSK is recovering remaining unindexed files. 1 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 149248 file SDs/SIDs processed. Cleaning up 498 unused index entries from index $SII of file 0x9. Cleaning up 498 unused index entries from index $SDH of file 0x9. Cleaning up 498 unused security descriptors. Security descriptor verification completed. Inserting data attribute into file 57923. Inserting data attribute into file 96782. 23450 data files processed. CHKDSK is verifying Usn Journal... 36860704 USN bytes processed. Usn Journal verification completed. Correcting errors in the master file table's (MFT) BITMAP attribute. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 74477567 KB total disk space. 56937316 KB in 122072 files. 73768 KB in 23450 indexes. 0 KB in bad sectors. 255591 KB in use by the system. 65536 KB occupied by the log file. 17210892 KB available on disk. 4096 bytes in each allocation unit. 18619391 total allocation units on disk. 4302723 allocation units available on disk. Internal Info: 00 47 02 00 79 38 02 00 d1 0b 04 00 00 00 00 00 .G..y8.......... a5 13 00 00 43 00 00 00 00 00 00 00 00 00 00 00 ....C........... 14 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. 


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:34 PM

Posted 17 July 2015 - 12:28 PM

Hi Kat,

 

Can you please attach the report to your next reply since it is unreadable for me looking like that.

 

Thanks! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:34 PM

Posted 17 July 2015 - 12:31 PM

Btw...it seems that for some reason CHKDSK went through 3 stages only. I need CHKDSK to go through all 5 stages.

 

 

Open My Computer and right-click on the C:\ Drive and select Properties. Click on the Tools Tab and select Check Now under the Error-checking header. Place a check mark next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors and click Start. You will be prompt to "Schedule disk check". Click it and restart your system and when done post the log.


cXfZ4wS.png


#8 GothamExpat

GothamExpat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 17 July 2015 - 12:42 PM

Yeah I thought it was weird it only took less than three minutes. It's chugging away now, 23% done on Stage 4.



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:34 PM

Posted 17 July 2015 - 01:33 PM

Way to go :thumbup2:


cXfZ4wS.png


#10 GothamExpat

GothamExpat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 17 July 2015 - 01:33 PM

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          7/17/2015 2:26:02 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Kat-PC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  149248 file records processed.                                         
 
File verification completed.
  580 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  67 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  195856 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  149248 file SDs/SIDs processed.                                        
 
Cleaning up 56 unused index entries from index $SII of file 0x9.
Cleaning up 56 unused index entries from index $SDH of file 0x9.
Cleaning up 56 unused security descriptors.
Security descriptor verification completed.
  23305 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  36940648 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  149232 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  4152496 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
  74477567 KB total disk space.
  57537996 KB in 123155 files.
     73984 KB in 23306 indexes.
         0 KB in bad sectors.
    255603 KB in use by the system.
     65536 KB occupied by the log file.
  16609984 KB available on disk.
 
      4096 bytes in each allocation unit.
  18619391 total allocation units on disk.
   4152496 allocation units available on disk.
 
Internal Info:
00 47 02 00 24 3c 02 00 d9 0f 04 00 00 00 00 00  .G..$<..........
a8 13 00 00 43 00 00 00 00 00 00 00 00 00 00 00  ....C...........
80 8e 43 00 50 01 42 00 a8 1b 42 00 00 00 42 00  ..C.P.B...B...B.
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-17T18:26:02.000000000Z" />
    <EventRecordID>74440</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Kat-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  149248 file records processed.                                         
 
File verification completed.
  580 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  67 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  195856 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  149248 file SDs/SIDs processed.                                        
 
Cleaning up 56 unused index entries from index $SII of file 0x9.
Cleaning up 56 unused index entries from index $SDH of file 0x9.
Cleaning up 56 unused security descriptors.
Security descriptor verification completed.
  23305 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  36940648 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  149232 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  4152496 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
  74477567 KB total disk space.
  57537996 KB in 123155 files.
     73984 KB in 23306 indexes.
         0 KB in bad sectors.
    255603 KB in use by the system.
     65536 KB occupied by the log file.
  16609984 KB available on disk.
 
      4096 bytes in each allocation unit.
  18619391 total allocation units on disk.
   4152496 allocation units available on disk.
 
Internal Info:
00 47 02 00 24 3c 02 00 d9 0f 04 00 00 00 00 00  .G..$&lt;..........
a8 13 00 00 43 00 00 00 00 00 00 00 00 00 00 00  ....C...........
80 8e 43 00 50 01 42 00 a8 1b 42 00 00 00 42 00  ..C.P.B...B...B.
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:34 PM

Posted 17 July 2015 - 01:42 PM

Nice...there are no bad sectors on the drive which is a good sign. Do you see any improvement after CHKDSK?

Also please download the following file => Attached File  fixlist.txt   2.3KB   2 downloads and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

Let me know how are things after the fix above.
 
 
Regards,
Georgi


cXfZ4wS.png


#12 GothamExpat

GothamExpat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 17 July 2015 - 01:44 PM

Attached File  Chrome.JPG   104.16KB   0 downloads
By the way, this is a screen shot of Task Manager. I have four Google exe's open. My only tab is the one I'm working in.

#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:34 PM

Posted 17 July 2015 - 01:49 PM

It is normal to have a few processes for one tab too. Extensions and plugins also have a separate process so this can add to how many you have.

 

To see specifically what each chrome.exe process is press Shift + Esc to open the Chrome Task manager.
 
Also please have a look in Settings => Advanced settings => You may want to uncheck the setting beside => Continue running background apps when Google Chrome is closed.
 
 
 
Regards,
Georgi

 

cXfZ4wS.png


#14 GothamExpat

GothamExpat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 17 July 2015 - 02:10 PM

Did you want the c/p, too? Or just the uploaded file?

Attached Files



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:34 PM

Posted 17 July 2015 - 02:12 PM

No, that is ok. How are things now?

 

You may want to check the article below as well:

 

http://windows.microsoft.com/en-us/windows/optimize-windows-better-performance#optimize-windows-better-performance=windows-7

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users