Wow! Those scans took several hours and I don't believe the aswMBR scan totally completed. Hard to tell, you can see in the log where I saved the log. I still have it running but it has been running for several hours. The computer is extremely slow to respond when used under the Bobbie account. I have to wait several minutes just to select text and copy/paste.
Here follow the logs I have: I am still letting the aswMBR scan run just in case it is not finished. If it finishes over night I will list its findings.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by Bobbie (administrator) on DELL_LAPTOP on 19-12-2014 13:56:29
Running from C:\Users\Bobbie\Desktop
Loaded Profile: Bobbie (Available profiles: darin & Bobbie)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1346904285\ee\aolsoftware.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1346904285\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [khohvetj] => "C:\Users\Bobbie\AppData\Local\amqwigsr.exe"
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [uvafqhqt] => "C:\Users\Bobbie\AppData\Local\jrsxilre.exe"
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [Olpigeex] => C:\Users\Bobbie\AppData\Roaming\Ushoanyf\ryvue.exe
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7\AOL.EXE [42320 2012-04-20] (AOL Inc.)
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\RunOnce: [Adobe Speed Launcher] => 1419012268
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Bobbie\AppData\Roaming\Mozilla\Firefox\Profiles\ri5ac3t3.default
FF Homepage: www.cnn.com
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2779640238-3425638059-3520445709-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-04]
Chrome:
=======
CHR Profile: C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-22]
CHR Extension: (Google Docs) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-22]
CHR Extension: (Google Drive) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-22]
CHR Extension: (YouTube) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-22]
CHR Extension: (Google Search) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-22]
CHR Extension: (Google Sheets) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-22]
CHR Extension: (Google Wallet) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-22]
CHR Extension: (Gmail) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-12-13] (SUPERAntiSpyware.com)
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-19 13:56 - 2014-12-19 14:52 - 00013312 _____ () C:\Users\Bobbie\Desktop\FRST.txt
2014-12-19 13:47 - 2014-12-19 13:48 - 05198336 _____ (AVAST Software) C:\Users\Bobbie\Desktop\aswMBR.exe
2014-12-19 13:44 - 2014-12-19 13:46 - 01113600 _____ (Farbar) C:\Users\Bobbie\Desktop\FRST.exe
2014-12-19 13:05 - 2014-12-19 13:05 - 00000000 _____ () C:\Users\Bobbie\Desktop\bobbie txt.txt
2014-12-18 16:30 - 2014-12-18 16:30 - 00000640 _____ () C:\Users\darin\Desktop\JRT.txt
2014-12-18 16:27 - 2014-12-18 16:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-18 16:26 - 2014-12-18 16:26 - 01707646 _____ (Thisisu) C:\Users\darin\Desktop\JRT.exe
2014-12-18 16:11 - 2014-12-18 16:41 - 00009663 _____ () C:\Users\darin\Desktop\New Text Document.txt
2014-12-18 16:10 - 2014-12-18 16:17 - 00000000 ____D () C:\AdwCleaner
2014-12-18 16:05 - 2014-12-18 16:06 - 02166272 _____ () C:\Users\darin\Desktop\AdwCleaner.exe
2014-12-17 19:15 - 2014-12-17 19:16 - 00018959 _____ () C:\Users\darin\Desktop\Addition.txt
2014-12-17 19:14 - 2014-12-17 19:16 - 00025454 _____ () C:\Users\darin\Desktop\FRST.txt
2014-12-17 19:12 - 2014-12-19 14:19 - 00000000 ____D () C:\FRST
2014-12-17 19:11 - 2014-12-17 19:11 - 01113600 _____ (Farbar) C:\Users\darin\Desktop\FRST.exe
2014-12-16 21:36 - 2014-12-16 21:36 - 00037904 _____ () C:\Users\darin\Desktop\Extras.Txt
2014-12-16 21:34 - 2014-12-16 21:34 - 00052860 _____ () C:\Users\darin\Desktop\OTL.Txt
2014-12-16 21:14 - 2014-12-16 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\darin\Desktop\OTL.exe
2014-12-15 21:34 - 2014-12-15 21:34 - 00011275 _____ () C:\Users\Bobbie\Documents\FwdYoucannotmakethisup
2014-12-14 10:06 - 2014-12-14 10:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\AVG2015
2014-12-14 10:06 - 2014-12-14 10:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\Avg2015
2014-12-14 09:59 - 2014-12-14 09:59 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-14 00:13 - 2014-12-14 00:13 - 00000000 ____D () C:\Users\darin\AppData\Roaming\AVG2015
2014-12-14 00:12 - 2014-12-14 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-14 00:11 - 2014-12-14 08:00 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-14 00:11 - 2014-12-14 00:11 - 00000000 ___HD () C:\$AVG
2014-12-14 00:10 - 2014-12-14 00:10 - 00000000 ____D () C:\Program Files\AVG
2014-12-14 00:01 - 2014-12-19 12:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-14 00:01 - 2014-12-14 08:02 - 00000000 ____D () C:\Users\darin\AppData\Local\Avg2015
2014-12-14 00:01 - 2014-12-14 00:01 - 00000000 ____D () C:\Users\darin\AppData\Local\MFAData
2014-12-14 00:00 - 2014-12-14 00:01 - 04637504 _____ (AVG Technologies) C:\Users\darin\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-12-13 21:58 - 2014-12-13 21:58 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-13 21:58 - 2014-12-13 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-13 21:25 - 2014-12-19 15:31 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 21:25 - 2014-12-19 13:47 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-13 21:25 - 2014-12-13 21:58 - 00000000 ____D () C:\Users\darin\AppData\Local\Google
2014-12-13 21:25 - 2014-12-13 21:57 - 00000000 ____D () C:\Program Files\Google
2014-12-13 21:24 - 2014-12-13 21:25 - 00000000 ____D () C:\Users\darin\AppData\Local\Deployment
2014-12-13 21:24 - 2014-12-13 21:24 - 00000000 ____D () C:\Users\darin\AppData\Local\Apps\2.0
2014-12-13 12:34 - 2014-12-13 12:34 - 00000000 __RSH () C:\MSDOS.SYS
2014-12-13 12:34 - 2014-12-13 12:34 - 00000000 __RSH () C:\IO.SYS
2014-12-13 12:06 - 2014-12-18 16:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 12:06 - 2014-12-13 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 12:06 - 2014-12-13 12:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-13 12:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-13 12:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-13 12:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-13 11:24 - 2014-12-13 11:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\darin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-12 18:11 - 2014-12-12 18:11 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\SUPERAntiSpyware.com
2014-12-10 19:29 - 2014-12-13 16:05 - 00000680 _____ () C:\Users\Bobbie\AppData\Local\d3d9caps.dat
2014-12-10 13:01 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 13:00 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 12:52 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 14:56 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 14:56 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 14:56 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 14:56 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 14:56 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 14:56 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 14:56 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 14:56 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 14:56 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 14:56 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 14:56 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-01 14:50 - 2014-12-01 14:50 - 00143728 _____ () C:\Windows\Minidump\Mini120114-01.dmp
2014-12-01 08:29 - 2014-12-01 08:29 - 00000000 ____D () C:\Users\Bobbie\Documents\20141130_222731
2014-12-01 08:28 - 2014-12-01 08:29 - 02730740 _____ () C:\Users\Bobbie\Documents\20141130_222731.zip
2014-11-26 15:39 - 2014-11-26 15:39 - 00726009 _____ () C:\Users\Bobbie\Documents\scan0004.zip
2014-11-26 15:39 - 2014-11-26 15:39 - 00000000 ____D () C:\Users\Bobbie\Documents\scan0004
2014-11-22 19:44 - 2014-12-13 21:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\Google
2014-11-19 14:10 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-19 14:38 - 2006-11-02 07:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-19 14:38 - 2006-11-02 07:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-19 12:44 - 2008-01-20 20:38 - 01358848 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 12:40 - 2014-06-14 08:09 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-19 12:38 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 16:33 - 2006-11-02 07:58 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-18 16:18 - 2008-01-20 22:02 - 00088340 _____ () C:\Windows\PFRO.log
2014-12-14 10:00 - 2006-11-02 05:33 - 00758862 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 09:59 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-14 05:31 - 2012-09-04 16:24 - 00001356 _____ () C:\Users\darin\AppData\Local\d3d9caps.dat
2014-12-13 21:12 - 2014-11-10 18:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 17:16 - 2012-09-05 21:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 17:01 - 2012-09-05 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 12:06 - 2013-01-11 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-13 11:13 - 2013-01-13 13:14 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\ID Vault
2014-12-13 11:13 - 2012-12-14 13:32 - 00000000 ____D () C:\Users\darin\AppData\Local\ID Vault
2014-12-13 11:13 - 2012-12-14 13:31 - 00000000 ____D () C:\Users\darin\AppData\Roaming\ID Vault
2014-12-13 11:13 - 2012-12-14 13:31 - 00000000 ____D () C:\Program Files\AOL OnePoint
2014-12-13 09:44 - 2014-04-07 21:53 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\ShopAtHome
2014-12-13 09:29 - 2012-09-05 22:05 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 09:29 - 2012-09-05 22:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-10 13:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 13:00 - 2013-08-14 16:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 12:53 - 2006-11-02 05:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-08 18:25 - 2014-06-14 12:11 - 00081920 _____ () C:\Users\Bobbie\Documents\image.jpeg
2014-12-01 14:50 - 2013-02-22 19:07 - 255052974 _____ () C:\Windows\MEMORY.DMP
2014-12-01 14:50 - 2013-02-22 19:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 14:04 - 2012-09-04 18:15 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\darin\AppData\Local\Temp\Quarantine.exe
C:\Users\darin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-19 12:44
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Bobbie at 2014-12-19 18:04:55
Running from C:\Users\Bobbie\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
==================== Restore Points =========================
01-12-2014 13:50:40 Scheduled Checkpoint
02-12-2014 18:30:44 Scheduled Checkpoint
03-12-2014 16:21:39 Scheduled Checkpoint
04-12-2014 16:24:38 Scheduled Checkpoint
05-12-2014 17:05:45 Scheduled Checkpoint
06-12-2014 08:18:51 Scheduled Checkpoint
07-12-2014 14:23:35 Scheduled Checkpoint
08-12-2014 17:20:19 Scheduled Checkpoint
09-12-2014 15:29:01 Scheduled Checkpoint
10-12-2014 12:49:38 Windows Update
13-12-2014 13:41:31 Scheduled Checkpoint
13-12-2014 16:59:54 Windows Update
14-12-2014 00:09:36 Installed AVG 2015
14-12-2014 00:10:49 Installed AVG 2015
17-12-2014 20:01:26 Scheduled Checkpoint
18-12-2014 13:50:12 Scheduled Checkpoint
18-12-2014 14:51:03 Restore Point Created by FRST
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {27676BE1-832C-4DD0-8AAD-E92B1EA2A7FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {4FBFB615-5F4E-4D7C-B099-A1B7E9BED852} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {F8CBB645-D945-4C76-982B-94568640B26A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2012-09-04 23:03 - 2007-12-08 13:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2012-09-04 23:03 - 2007-12-08 13:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2012-04-20 17:50 - 2012-04-20 17:50 - 00059392 _____ () c:\program files\common files\aol\1346904285\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Bobbie\Documents\Fwd_TheCrackerFiles.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2779640238-3425638059-3520445709-500 - Administrator - Disabled)
Bobbie (S-1-5-21-2779640238-3425638059-3520445709-1001 - Administrator - Enabled) => C:\Users\Bobbie
darin (S-1-5-21-2779640238-3425638059-3520445709-1000 - Administrator - Enabled) => C:\Users\darin
Guest (S-1-5-21-2779640238-3425638059-3520445709-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/19/2014 06:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0xf6c, application start time 0xiexplore.exe0.
Error: (12/19/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791913e, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x31e0, application start time 0xiexplore.exe0.
Error: (12/19/2014 06:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x3688, application start time 0xiexplore.exe0.
Error: (12/19/2014 06:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x35f8, application start time 0xiexplore.exe0.
Error: (12/19/2014 05:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791954c, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x37a4, application start time 0xiexplore.exe0.
Error: (12/19/2014 05:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x49e022d9, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x24b0, application start time 0xiexplore.exe0.
Error: (12/19/2014 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791908c, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x2920, application start time 0xiexplore.exe0.
Error: (12/19/2014 00:44:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/19/2014 00:40:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/19/2014 00:36:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine LookupPrivilegeValue. hr = 0x800706ba.
System errors:
=============
Error: (12/19/2014 01:05:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/19/2014 01:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 01:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 01:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 01:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Microsoft Office Sessions:
=========================
Error: (12/19/2014 06:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bcef6c01d01be1b347fc04
Error: (12/19/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791913eMSHTML.dll9.0.8112.16599547397d5c000000500260bce31e001d01be0ad2f6d44
Error: (12/19/2014 06:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bce368801d01bdfdfd7d494
Error: (12/19/2014 06:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bce35f801d01bdfcce9f1b4
Error: (12/19/2014 05:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791954cMSHTML.dll9.0.8112.16599547397d5c000000500260bce37a401d01bde176d54e4
Error: (12/19/2014 05:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1659949e022d9MSHTML.dll9.0.8112.16599547397d5c000000500260bce24b001d01bdd8b202034
Error: (12/19/2014 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791908cMSHTML.dll9.0.8112.16599547397d5c000000500260bce292001d01bdd3fded624
Error: (12/19/2014 00:44:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/19/2014 00:40:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/19/2014 00:36:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: LookupPrivilegeValue0x800706ba
CodeIntegrity Errors:
===================================
Date: 2014-12-19 16:03:17.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 16:03:16.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 16:03:15.618
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 16:03:14.569
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 15:57:55.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 15:57:55.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 15:57:55.102
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 15:57:53.909
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 14:33:59.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 14:33:58.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 76%
Total physical RAM: 3573.12 MB
Available physical RAM: 848.13 MB
Total Pagefile: 7357.98 MB
Available Pagefile: 3173.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:220.58 GB) (Free:148.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:9.77 GB) (Free:9.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Bobbie at 2014-12-19 18:04:55
Running from C:\Users\Bobbie\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
==================== Restore Points =========================
01-12-2014 13:50:40 Scheduled Checkpoint
02-12-2014 18:30:44 Scheduled Checkpoint
03-12-2014 16:21:39 Scheduled Checkpoint
04-12-2014 16:24:38 Scheduled Checkpoint
05-12-2014 17:05:45 Scheduled Checkpoint
06-12-2014 08:18:51 Scheduled Checkpoint
07-12-2014 14:23:35 Scheduled Checkpoint
08-12-2014 17:20:19 Scheduled Checkpoint
09-12-2014 15:29:01 Scheduled Checkpoint
10-12-2014 12:49:38 Windows Update
13-12-2014 13:41:31 Scheduled Checkpoint
13-12-2014 16:59:54 Windows Update
14-12-2014 00:09:36 Installed AVG 2015
14-12-2014 00:10:49 Installed AVG 2015
17-12-2014 20:01:26 Scheduled Checkpoint
18-12-2014 13:50:12 Scheduled Checkpoint
18-12-2014 14:51:03 Restore Point Created by FRST
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {27676BE1-832C-4DD0-8AAD-E92B1EA2A7FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {4FBFB615-5F4E-4D7C-B099-A1B7E9BED852} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {F8CBB645-D945-4C76-982B-94568640B26A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2012-09-04 23:03 - 2007-12-08 13:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2012-09-04 23:03 - 2007-12-08 13:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2012-04-20 17:50 - 2012-04-20 17:50 - 00059392 _____ () c:\program files\common files\aol\1346904285\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Bobbie\Documents\Fwd_TheCrackerFiles.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2779640238-3425638059-3520445709-500 - Administrator - Disabled)
Bobbie (S-1-5-21-2779640238-3425638059-3520445709-1001 - Administrator - Enabled) => C:\Users\Bobbie
darin (S-1-5-21-2779640238-3425638059-3520445709-1000 - Administrator - Enabled) => C:\Users\darin
Guest (S-1-5-21-2779640238-3425638059-3520445709-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/19/2014 06:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0xf6c, application start time 0xiexplore.exe0.
Error: (12/19/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791913e, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x31e0, application start time 0xiexplore.exe0.
Error: (12/19/2014 06:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x3688, application start time 0xiexplore.exe0.
Error: (12/19/2014 06:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x35f8, application start time 0xiexplore.exe0.
Error: (12/19/2014 05:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791954c, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x37a4, application start time 0xiexplore.exe0.
Error: (12/19/2014 05:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x49e022d9, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x24b0, application start time 0xiexplore.exe0.
Error: (12/19/2014 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791908c, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x2920, application start time 0xiexplore.exe0.
Error: (12/19/2014 00:44:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/19/2014 00:40:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/19/2014 00:36:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine LookupPrivilegeValue. hr = 0x800706ba.
System errors:
=============
Error: (12/19/2014 01:05:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/19/2014 01:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 01:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 01:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 01:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Microsoft Office Sessions:
=========================
Error: (12/19/2014 06:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bcef6c01d01be1b347fc04
Error: (12/19/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791913eMSHTML.dll9.0.8112.16599547397d5c000000500260bce31e001d01be0ad2f6d44
Error: (12/19/2014 06:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bce368801d01bdfdfd7d494
Error: (12/19/2014 06:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bce35f801d01bdfcce9f1b4
Error: (12/19/2014 05:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791954cMSHTML.dll9.0.8112.16599547397d5c000000500260bce37a401d01bde176d54e4
Error: (12/19/2014 05:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1659949e022d9MSHTML.dll9.0.8112.16599547397d5c000000500260bce24b001d01bdd8b202034
Error: (12/19/2014 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791908cMSHTML.dll9.0.8112.16599547397d5c000000500260bce292001d01bdd3fded624
Error: (12/19/2014 00:44:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/19/2014 00:40:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/19/2014 00:36:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: LookupPrivilegeValue0x800706ba
CodeIntegrity Errors:
===================================
Date: 2014-12-19 16:03:17.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 16:03:16.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 16:03:15.618
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 16:03:14.569
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 15:57:55.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 15:57:55.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 15:57:55.102
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 15:57:53.909
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 14:33:59.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-19 14:33:58.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 76%
Total physical RAM: 3573.12 MB
Available physical RAM: 848.13 MB
Total Pagefile: 7357.98 MB
Available Pagefile: 3173.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:220.58 GB) (Free:148.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:9.77 GB) (Free:9.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-19 19:43:31
-----------------------------
19:43:31.557 OS Version: Windows 6.0.6002 Service Pack 2
19:43:31.558 Number of processors: 2 586 0xF0D
19:43:31.653 ComputerName: DELL_LAPTOP UserName: Bobbie
19:43:43.131 Initialize success
19:43:44.688 VM: initialized successfully
19:43:44.689 VM: Intel CPU virtualization not supported
19:45:26.282 AVAST engine defs: 14121901
19:46:02.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:46:07.841 Disk 0 Vendor: WDC_WD2500BEVS-75UST0 01.01A01 Size: 238475MB BusType: 3
19:46:18.801 Disk 0 MBR read successfully
19:46:29.325 Disk 0 MBR scan
19:46:32.508 Disk 0 Windows VISTA default MBR code
19:46:32.885 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:46:32.954 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
19:46:33.022 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225874 MB offset 20561920
19:46:34.888 Disk 0 scanning sectors +483152232
19:46:39.099 Disk 0 scanning C:\Windows\system32\drivers
19:49:36.386 Service scanning
19:53:36.871 Modules scanning
19:53:37.037 Disk 0 trace - called modules:
19:53:37.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
19:53:37.096 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8634d378]
19:53:37.131 3 CLASSPNP.SYS[8bb9d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8589b030]
19:53:49.323 AVAST engine scan C:\Windows
19:54:09.348 AVAST engine scan C:\Windows\system32
20:37:48.786 AVAST engine scan C:\Windows\system32\drivers
20:42:04.707 AVAST engine scan C:\Users\Bobbie
22:10:55.419 Disk 0 MBR has been saved successfully to "C:\Users\Bobbie\Desktop\MBR.dat"
22:10:56.535 The log file has been saved successfully to "C:\Users\Bobbie\Desktop\aswMBR.txt"