Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Having Constant Trouble With Ad Redirects, Popups, and Security Scan O

Started by robkbriggs , Mar 13 2016 02:11 PM

  • Please log in to reply

#1
robkbriggs
Posted 13 March 2016 - 02:11 PM

robkbriggs

    Member

  • Member
  • PipPipPip
  • 152 posts

Hello,

I had a friend ask me to take a look at her laptop, as she said it was really slow. She said she had lent it out to someone for about a year or so, and had just recently got it back. When we turned it on, I noticed she was right, everything (boot, loading the desktop, etc.) did seem to take a long time. I also noticed that it was using Microsoft Security Essentials for AV, and that it was turned off. Opening up a browser window redirects to "Search Conduit", and that variously, there are pop out windows that start running videos for Motorycle news, redirects to different sites, and offers to scan or update your PC.

 

 

 

So far the things I have tried are;

1. ran Bitdefender Rescue CD on it, and set it to delete infected files.

2. went into msconfig and tried to uncheck unnecessary programs from running on startup. There is one, Win8Security_scanner.exe that lets you uncheck it, but just checks itself back once you hit apply.

3. Attempted to unistall programs that were unnecessary. This is is where I discovered that it looks like a lot of the programs (iTunes, Chrome, IE, CCleaner, MalwareBytes) are old and out of date.

 

It was at this point that I decided it would probably be better to get someone who knows what they are doing invovled. It's a Dell Inspiron 1545, running Windows 7 Home Premium, 64bit. She did say that she would like to have the popups and stuff taken care of, but she didn't have a backup copy of any of her files or information. I would appreciate any assistance someone can give me.

 

Below are the results of the FRST scan.

 

 

 

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Katrina (administrator) on KATRINA-PC (13-03-2016 13:17:46)
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\Run: [Win8Security_scanner.exe] => C:\Users\Katrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EGZ40IG\Win8Security_scanner.exe
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2009-07-13] (Microsoft Corporation)
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1913726647-2047149097-3475585360-1001] => http=127.0.0.1:59274
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{474AFFBE-88EA-4F40-8277-5BD712E33E37}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{8432D0EB-FA70-4B19-AF29-15B2F52E3964}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2A00D426-143C-4C27-A5CF-14EBAA32497D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6744EFFA-7F76-41E6-898C-C54661DA8E15} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> DefaultScope {0B02FF70-C1E4-4270-8730-3A384B9119EE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> {0B02FF70-C1E4-4270-8730-3A384B9119EE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: FlaShCouuppono -> {3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C} -> C:\ProgramData\FlaShCouuppono\I_KqTQF.x64.dll [2014-07-27] ()
BHO: TidyNetwork -> {6935DCC0-259B-3C41-D6B4-C791FAF27D11} -> C:\Program Files (x86)\TidyNetwork\petn64.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: LuckyCoupon -> {914732CD-5506-9D9A-6478-27E79918DBFF} -> C:\ProgramData\LuckyCoupon\2dUFuPFVh.x64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: FlaShCouuppono -> {3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C} -> C:\ProgramData\FlaShCouuppono\I_KqTQF.dll [2014-07-27] ()
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: LuckyCoupon -> {914732CD-5506-9D9A-6478-27E79918DBFF} -> C:\ProgramData\LuckyCoupon\2dUFuPFVh.dll => No File
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-28] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-04-06] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2010-11-10] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1913726647-2047149097-3475585360-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Katrina\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [No File]
FF Plugin HKU\S-1-5-21-1913726647-2047149097-3475585360-1001: @nsroblox.roblox.com/launcher -> C:\Users\Katrina\AppData\Local\Roblox\Versions\version-9ae7cc04e47a4b12\\NPRobloxProxy.dll [2013-02-13] ( ROBLOX Corporation)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2014-09-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-17]
CHR Extension: (Google Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-17]
CHR Extension: (BugDigger) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpchhjbdicfkjpdccjcclfpgbobgedd [2014-08-18] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Instant Dictionary) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjmbgoamdpbndikpbaoeoidaabejfmd [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Bootstrap Twitter Offline Docs) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Yula) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpghbggehfodnapmcddffmnamgijhe [2014-10-13] [UpdateUrl: hxxp://wwwyulaseecom-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Page Rank) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog [2014-07-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Do Share) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf [2014-07-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"d8a9369b330a0d5b" => service could not be unlocked. <===== ATTENTION

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
S2 Update Yula; "C:\Program Files (x86)\Yula\updateYulasee.exe" [X]
S2 Util Yula; "C:\Program Files (x86)\Yula\bin\utilYulasee.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-13] () [File not signed]
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [22520 2009-07-16] () [File not signed]
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [2769400 2009-07-16] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] ()
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-13] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-13] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-13] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] () [File not signed]
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-13] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [459216 2012-06-01] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-13] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-13] () [File not signed]
R3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [172704 2009-06-15] () [File not signed]
U5 d8a9369b330a0d5b; C:\Windows\System32\Drivers\d8a9369b330a0d5b.sys [90560 2012-08-28] () <===== ATTENTION Necurs Rootkit?
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2011-04-26] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982912 2011-01-26] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-13] () [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-13] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] () [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-13] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-13] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-13] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [22896 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-09-26] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-13] () [File not signed]
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-13] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-13] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-13] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-13] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-13] () [File not signed]
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-13] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-13] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-13] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [408600 2009-06-04] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7333472 2009-06-02] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-13] () [File not signed]
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-13] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-13] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-13] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] () [File not signed]
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-13] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-13] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] () [File not signed]
S3 kbdhid; C:\Windows\system32\DRIVERS\kbdhid.sys [33280 2009-07-13] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95088 2012-06-01] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [152432 2012-06-01] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-13] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-13] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] () [File not signed]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-13] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-13] () [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-13] () [File not signed]
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-13] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-13] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157696 2011-05-03] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [287744 2011-07-08] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [126464 2011-05-03] () [File not signed]
S3 msahci; C:\Windows\system32\DRIVERS\msahci.sys [30296 2010-04-08] () [File not signed]
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-13] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] () [File not signed]
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-13] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-13] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-13] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-13] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-13] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-13] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-13] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-13] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-13] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1657216 2011-03-11] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-13] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-13] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-13] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75632 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-13] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12352 2009-07-13] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-13] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-13] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-13] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-13] () [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55280 2009-07-09] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-13] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-13] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-13] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-13] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-13] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2012-04-27] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-13] () [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] () [File not signed]
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] () [File not signed]
R3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [11264 2009-07-13] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] () [File not signed]
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [215552 2009-05-08] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-13] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-13] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-13] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-13] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-13] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-13] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-10-09] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-13] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-13] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [461312 2011-04-28] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [399872 2011-04-28] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [161792 2011-04-28] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-13] () [File not signed]
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [487424 2009-06-28] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] () [File not signed]
R1 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1895280 2012-03-30] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1895280 2012-03-30] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-13] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-13] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-13] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-13] () [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-13] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-13] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327680 2010-04-08] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-13] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-13] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-13] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99328 2011-03-28] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-13] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52224 2011-03-28] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-28] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-03-28] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91136 2011-03-10] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2011-03-28] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184832 2010-03-03] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-13] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-13] () [File not signed]
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-13] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-13] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-13] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-13] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-13] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-13] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-13] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] () [File not signed]
S3 WimFltr; C:\Windows\System32\DRIVERS\wimfltr.sys [151656 2006-11-01] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-13] () [File not signed]
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-13] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-13] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-13] () [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () [File not signed]
U5 d8a9369b330a0d5b;  <===== ATTENTION: Locked Service
S1 {4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64; system32\drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys [X]
S1 {4df60d2c-927b-478c-83f0-b7dc923bae60}w64; system32\drivers\{4df60d2c-927b-478c-83f0-b7dc923bae60}w64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 13:17 - 2016-03-13 13:18 - 00037124 _____ C:\Users\Katrina\Desktop\FRST.txt
2016-03-13 13:17 - 2016-03-13 13:17 - 02374144 _____ (Farbar) C:\Users\Katrina\Desktop\FRST64.exe
2016-03-13 13:17 - 2016-03-13 13:17 - 00000000 ____D C:\FRST
2016-03-13 13:14 - 2016-03-13 13:15 - 00000000 ___HD C:\Windows\AxInstSV
2016-03-13 13:03 - 2016-03-13 13:03 - 00000383 _____ C:\siw_debug.txt
2016-03-13 13:02 - 2016-03-13 13:04 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\siw_tmp
2016-03-13 13:02 - 2016-03-13 13:02 - 00000000 ____D C:\Users\Katrina\AppData\Local\CrashRpt
2016-03-13 12:40 - 2016-03-13 12:40 - 00000000 ____D C:\Users\Katrina\AppData\Local\{F2958949-F7E5-4F84-AE40-6EDF184BAD05}
2016-03-04 07:28 - 2016-03-04 07:28 - 00000000 ____D C:\Program Files (x86)\LuckkyuCCoupon
2016-03-04 07:26 - 2016-03-04 07:26 - 00000000 ____D C:\Users\Katrina\AppData\Local\{4C20FEC3-1437-43F0-826B-72F93CA59986}
2016-03-02 07:28 - 2016-03-02 07:28 - 00000000 ____D C:\Users\Katrina\AppData\Local\{03C2AFB4-C36D-4CAF-8FBE-3006CBDD7A16}
2016-03-02 07:27 - 2016-03-02 07:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-03-02 07:23 - 2016-03-02 07:23 - 00000000 ____D C:\ProgramData\374311380
2016-03-02 07:06 - 2016-03-02 07:06 - 00000000 ____D C:\Program Files (x86)\FliashCoupon
2016-03-02 01:25 - 2016-03-02 04:55 - 00000000 ____D C:\RescueCD Logs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 13:17 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 13:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-13 13:14 - 2010-04-13 21:12 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 13:13 - 2010-04-13 21:12 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 13:13 - 2010-04-13 19:43 - 00000000 ____D C:\Users\Katrina\Tracing
2016-03-13 13:12 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 13:08 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 13:08 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 12:39 - 2009-07-13 23:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-13 12:38 - 2011-01-07 16:47 - 00000000 ____D C:\Windows\pss
2016-03-13 12:38 - 2010-04-13 21:11 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Skype
2016-03-13 12:32 - 2013-02-21 17:28 - 00000047 _____ C:\Users\Katrina\AppData\LocalLow\rbxcsettings.rbx
2016-03-13 12:30 - 2012-05-10 20:35 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA.job
2016-03-13 12:30 - 2012-05-10 20:35 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core.job
2016-03-13 12:30 - 2010-04-13 21:19 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\skypePM
2016-03-04 09:01 - 2014-09-07 22:35 - 00000000 ____D C:\ProgramData\LuckkyuCCoupon
2016-03-04 09:01 - 2010-04-13 21:12 - 00000000 ____D C:\Program Files\Google
2016-03-04 09:01 - 2010-04-13 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-04 07:55 - 2011-12-16 09:36 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-03-04 07:50 - 2011-01-11 12:56 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\FrostWire
2016-03-04 07:49 - 2010-04-29 21:53 - 00000000 ____D C:\Users\Katrina\AppData\Local\Adobe
2016-03-04 07:49 - 2010-04-13 21:12 - 00000000 ____D C:\Users\Katrina\AppData\Local\Google
2016-03-04 07:49 - 2010-04-13 21:11 - 00000000 ____D C:\ProgramData\Google
2016-03-04 07:49 - 2010-04-08 01:41 - 00000000 ____D C:\ProgramData\Adobe
2016-03-04 07:28 - 2014-07-25 22:34 - 00000000 ____D C:\ProgramData\82d7777149726745
2016-03-02 07:31 - 2011-01-25 15:51 - 00001945 _____ C:\Windows\epplauncher.mif
2016-03-02 07:26 - 2014-10-06 22:47 - 00000000 ____D C:\ProgramData\FliashCoupon
2016-03-02 07:17 - 2010-05-01 14:47 - 00000000 ____D C:\Program Files (x86)\Ask.com
2016-03-02 03:01 - 2014-08-24 13:07 - 00000000 ____D C:\ProgramData\LuckyCoupon
2016-03-02 03:01 - 2014-07-27 12:16 - 00000000 ____D C:\ProgramData\FlaShCouuppono

==================== Files in the root of some directories =======

2010-04-28 22:57 - 2010-04-28 22:57 - 0081920 _____ () C:\Users\Katrina\AppData\Roaming\DataSafeDotNet.exe
2011-04-04 22:39 - 2011-06-21 22:00 - 0000872 _____ () C:\Users\Katrina\AppData\Roaming\Rim.Desktop.Exception.log
2011-04-04 22:38 - 2011-04-04 22:38 - 0001153 _____ () C:\Users\Katrina\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2010-08-25 20:27 - 2013-09-23 21:26 - 0005144 _____ () C:\Users\Katrina\AppData\Roaming\wklnhst.dat
2010-11-20 15:27 - 2010-11-20 15:27 - 0003584 _____ () C:\Users\Katrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-13 21:19 - 2010-04-13 21:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Katrina\AppData\Local\Temp\AdobeAIRInstaller.exe
C:\Users\Katrina\AppData\Local\Temp\MSN193C.exe
C:\Users\Katrina\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Katrina\AppData\Local\Temp\setup.exe
C:\Users\Katrina\AppData\Local\Temp\Setup.X86.en-US_HomeStudentRetail_e4fc851f-5ff9-423f-bb2b-a20f68cfa74e_TX_PR_ (1).exe
C:\Users\Katrina\AppData\Local\Temp\Setup.X86.en-US_HomeStudentRetail_e4fc851f-5ff9-423f-bb2b-a20f68cfa74e_TX_PR_.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2009-07-13 17:20] - [2009-07-13 19:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION

 

testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

LastRegBack: 2013-01-17 16:26

==================== End of FRST.txt ============================

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Katrina (2016-03-13 13:19:08)
Running from C:\Users\Katrina\Desktop
Windows 7 Home Premium (X64) (2010-04-14 01:20:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1913726647-2047149097-3475585360-500 - Administrator - Disabled)
Guest (S-1-5-21-1913726647-2047149097-3475585360-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1913726647-2047149097-3475585360-1002 - Limited - Enabled)
Katrina (S-1-5-21-1913726647-2047149097-3475585360-1001 - Administrator - Enabled) => C:\Users\Katrina

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BlackBerry Desktop Software 6.0.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.1 (x32 Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.102 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
FrostWire 4.21.3 (HKLM-x32\...\FrostWire) (Version: 4.21.3.0 - FrostWire Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4454.1511 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.158 - Skype Technologies S.A.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14448416-68C6-4363-B885-65A13F53FA7C} - System32\Tasks\{DF0D8AE4-BC86-406B-B018-EBE6905974BF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-04-06] (Skype Technologies S.A.)
Task: {1E755429-1E79-4B13-827E-54297C44E24B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {3358239F-1772-4A11-8C98-C3A0300E68D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {47940C08-2B0E-4A1B-9CA1-90DB526F877B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {56FB3172-472C-4249-876A-A981C2B5BF97} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {61055D94-A6BB-495F-AF51-FA1D75FA9CBD} - System32\Tasks\{81AA38E6-61C9-4DD3-A99D-F725B2D83F07} => pcalua.exe -a D:\HijackThis.exe -d D:\
Task: {6F40C4A0-80E9-4A59-B7CD-EB7FD66AEF31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B196F75D-16BB-4C98-A6AA-94BC802917AD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {B2C1FDE9-918F-46D4-82B3-E4D082817D49} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {D07540CA-916E-4E2A-8551-5F805A7CE81F} - System32\Tasks\D5SD7BL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {EEDC901B-B832-4BC1-9104-015677737647} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core.job => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA.job => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-12-15 21:12 - 2011-10-25 23:19 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-13 17:19 - 2009-07-13 19:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-13 17:19 - 2009-07-13 19:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-13 17:19 - 2009-07-13 19:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-04-08 01:40 - 2009-07-16 19:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-04-08 01:40 - 2009-07-16 19:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2013-02-28 20:15 - 2012-11-24 18:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-28 20:15 - 2012-12-07 08:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-02-28 20:15 - 2012-12-07 08:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-27 12:16 - 2014-07-27 12:16 - 00449024 _____ () C:\ProgramData\FlaShCouuppono\I_KqTQF.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4A74A9A7 [128]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-01-08 15:59 - 2011-01-08 13:44 - 00000824 ___RA C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 2) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Gamevance => C:\Program Files (x86)\Gamevance\gamevance32.exe a
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Security Shield => "C:\ProgramData\6ffaa86\MS6ffa_302.exe" /s /d
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: smmyiyqm => C:\Users\Katrina\AppData\Local\Temp\wxyehrjvd\tqhutfmaffm.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C4C02A5-5E71-4326-B6A4-61265FEFD981}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{377CED40-80D9-4253-B52D-A4B08E2985FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{5D01657A-BDAB-42ED-AF15-A06799F74EDB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{74F96A34-FF03-481E-A66F-E12E7356E956}] => (Allow) svchost.exe
FirewallRules: [{C6C988B0-8E8A-4A27-9F96-6E2FF61FC5B1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{C363E2E9-7AF7-4453-955F-39D0AAA57CA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{075F6029-ABEC-4CEA-AB30-143EC8135B77}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{BCF96557-107B-42D9-BC87-DD297C6456E7}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{19752848-D692-46DD-8B4D-0906E32E5C2F}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{BBF365C9-7EDC-4817-8571-9AED7E5C9BFB}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{12AF28F1-AF6E-4923-91A8-7CD2DDF2B815}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{0A193A02-0BED-4122-BFBF-3C9F98C60823}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [{BC6BE23D-D8B9-44E7-AE82-1038E541F9A5}] => (Allow) C:\ProgramData\6ffaa86\MS6ffa_302.exe
FirewallRules: [{05A9A756-F0BA-4460-964D-DE86F16C19ED}] => (Allow) C:\ProgramData\6ffaa86\MS6ffa_302.exe
FirewallRules: [{E6A23121-3206-458C-9F19-B864073A0C40}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{BB9C57E7-908E-4163-B1CB-BA734B4AD362}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{75421F6A-EEFE-404F-ADF0-14084C0949FD}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{190BD70A-C25D-482E-A855-CB06FE48DE6D}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{182CD473-BC20-4AE0-A24B-C4696448CBE7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8C25C4FA-9FE1-4163-88B0-EEE71CEEE23A}] => (Allow) LPort=2869
FirewallRules: [{A778C053-1447-4CC5-941F-2E62DAD64C21}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9A2E156E-9D21-4BDA-83A7-AB3EE9E77C88}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{C9FD39F1-8F1A-402A-B735-F514ED902872}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [{C9C14AD2-EE22-41E9-973D-9466B073A4D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9E0A073-B987-4077-B17A-75E2B8E2A97E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{514F999B-3C6F-4EE5-8F0C-10C99C72FB81}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{1DB947CF-4ACD-44F1-8B9C-0033B574797A}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [TCP Query User{3337604A-1593-48A0-8D4E-7A376DFF5565}C:\program files (x86)\frostwire\frostwire.exe] => (Block) C:\program files (x86)\frostwire\frostwire.exe
FirewallRules: [UDP Query User{305A20FB-FD0D-4622-A46D-E42313FB3DB6}C:\program files (x86)\frostwire\frostwire.exe] => (Block) C:\program files (x86)\frostwire\frostwire.exe
FirewallRules: [TCP Query User{6F9AA430-AC77-4659-B45D-4160C47B50D6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5F421D04-EF32-4A0E-BFCC-D16E16EBA680}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9DD5A539-F173-4F81-A81E-0A1F0FE365C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{4E15EFB8-219D-47AA-A9ED-A56B2C967E62}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{4E2E65BD-5205-4853-95FB-78DF9950E32D}] => (Allow) LPort=4481
FirewallRules: [{241A6D64-0B36-4CFB-9CFC-5FED45AE14A0}] => (Allow) LPort=4481
FirewallRules: [{68E2A4B4-CA9B-4A6F-8AC8-3FEBDB58A43C}] => (Allow) LPort=4482
FirewallRules: [{3D9262DF-6841-423B-BA8F-D0570B11882D}] => (Allow) LPort=4482
FirewallRules: [{7156CEF4-D952-4CBF-A972-C67E3DEAE7F6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E0BB488D-AA7B-4909-AD95-A35A61E18108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8695175A-0723-44F8-BE9D-1C47FCA25F9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2D217B7-186B-4A63-9296-CE97A67FAE4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3807B484-6B28-44BA-8F83-DF490CF51248}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52C6D636-27F7-45A4-80C4-552883F813BE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 12:38:35 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/04/2016 06:09:50 PM) (Source: Google Update) (EventID: 20) (User: Katrina-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7216232

Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7216232

Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2016 04:08:27 PM) (Source: Google Update) (EventID: 20) (User: Katrina-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2016 07:44:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5133

Error: (03/04/2016 07:44:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5133

Error: (03/04/2016 07:44:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2016 07:44:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3900

System errors:
=============
Error: (03/13/2016 01:13:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64
{4df60d2c-927b-478c-83f0-b7dc923bae60}w64

Error: (03/13/2016 01:13:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Yula service failed to start due to the following error:
%%2

Error: (03/13/2016 01:13:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Yula service failed to start due to the following error:
%%2

Error: (03/13/2016 01:12:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (03/13/2016 01:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cpuz138 service failed to start due to the following error:
%%31

Error: (03/13/2016 12:39:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64
{4df60d2c-927b-478c-83f0-b7dc923bae60}w64

Error: (03/13/2016 12:39:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Yula service failed to start due to the following error:
%%2

Error: (03/13/2016 12:39:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Yula service failed to start due to the following error:
%%2

Error: (03/13/2016 12:39:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (03/13/2016 12:38:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

CodeIntegrity:
===================================
  Date: 2012-08-28 16:27:47.042
  Description: N/A

  Date: 2012-08-28 16:27:46.793
  Description: N/A

  Date: 2011-05-06 22:15:08.268
  Description: N/A

  Date: 2011-05-06 22:15:08.241
  Description: N/A

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 3032.36 MB
Available physical RAM: 1731.52 MB
Total Virtual: 6062.87 MB
Available Virtual: 4663.49 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:145.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 430A03C8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Thanks in Advance,

 

Rob


  • 0

Advertisements

#2
RKinner
Posted 13 March 2016 - 09:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You have an ugly necors rootkit.

 

We'll give it a shot with FRST fixlist but odds are that you will need to run an offline scan.

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 

 

This one use a randomly named driver that changes every boot so it's hard for us to catch it with FRST.

 

See if ESET's tool has any luck

 

http://support.eset....7/?locale=en_US

 

 

 

You might want to try Windows Defender Offline:

 

https://blogs.micros...fender-offline/

 

Run a FRST scan with the Addition.txt box checked and post both logs.


  • 0

#3
robkbriggs
Posted 14 March 2016 - 07:36 AM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts

Thanks for taking a look at this. I'm at the office now, so I won't be able to try it for a few hours.

 

I've been keeping the laptop offline, should I continue doing that?


  • 0

#4
RKinner
Posted 14 March 2016 - 07:42 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Your PC is part of a botnet so keep it offline except to download programs.


  • 0

#5
robkbriggs
Posted 14 March 2016 - 07:42 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts

Here is the fixlog file. Would you like me to go ahead and run the Eset tool and the Windows Defender Offline also?

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Katrina (2016-03-14 19:34:11) Run:1
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\Run: [Win8Security_scanner.exe] => C:\Users\Katrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EGZ40IG\Win8Security_scanner.exe
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1913726647-2047149097-3475585360-1001] => http=127.0.0.1:59274
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
BHO: FlaShCouuppono -> {3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C} -> C:\ProgramData\FlaShCouuppono\I_KqTQF.x64.dll [2014-07-27] ()
BHO: TidyNetwork -> {6935DCC0-259B-3C41-D6B4-C791FAF27D11} -> C:\Program Files (x86)\TidyNetwork\petn64.dll => No File
BHO: LuckyCoupon -> {914732CD-5506-9D9A-6478-27E79918DBFF} -> C:\ProgramData\LuckyCoupon\2dUFuPFVh.x64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: FlaShCouuppono -> {3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C} -> C:\ProgramData\FlaShCouuppono\I_KqTQF.dll [2014-07-27] ()
BHO-x32: LuckyCoupon -> {914732CD-5506-9D9A-6478-27E79918DBFF} -> C:\ProgramData\LuckyCoupon\2dUFuPFVh.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin HKU\S-1-5-21-1913726647-2047149097-3475585360-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Katrina\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [No File]
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2014-09-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (BugDigger) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpchhjbdicfkjpdccjcclfpgbobgedd [2014-08-18] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Instant Dictionary) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjmbgoamdpbndikpbaoeoidaabejfmd [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Bootstrap Twitter Offline Docs) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Yula) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpghbggehfodnapmcddffmnamgijhe [2014-10-13] [UpdateUrl: hxxp://wwwyulaseecom-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Page Rank) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog [2014-07-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Do Share) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf [2014-07-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
"d8a9369b330a0d5b" => service could not be unlocked. <===== ATTENTION
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
S2 Update Yula; "C:\Program Files (x86)\Yula\updateYulasee.exe" [X]
S2 Util Yula; "C:\Program Files (x86)\Yula\bin\utilYulasee.exe" [X]
U5 d8a9369b330a0d5b; C:\Windows\System32\Drivers\d8a9369b330a0d5b.sys [90560 2012-08-28] () <===== ATTENTION Necurs Rootkit?
U5 d8a9369b330a0d5b;  <===== ATTENTION: Locked Service
S1 {4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64; system32\drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys [X]
S1 {4df60d2c-927b-478c-83f0-b7dc923bae60}w64; system32\drivers\{4df60d2c-927b-478c-83f0-b7dc923bae60}w64.sys [X]
2016-03-13 12:40 - 2016-03-13 12:40 - 00000000 ____D C:\Users\Katrina\AppData\Local\{F2958949-F7E5-4F84-AE40-6EDF184BAD05}
2016-03-04 07:28 - 2016-03-04 07:28 - 00000000 ____D C:\Program Files (x86)\LuckkyuCCoupon
2016-03-04 07:26 - 2016-03-04 07:26 - 00000000 ____D C:\Users\Katrina\AppData\Local\{4C20FEC3-1437-43F0-826B-72F93CA59986}
2016-03-02 07:28 - 2016-03-02 07:28 - 00000000 ____D C:\Users\Katrina\AppData\Local\{03C2AFB4-C36D-4CAF-8FBE-3006CBDD7A16}
2016-03-02 07:27 - 2016-03-02 07:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-03-02 07:23 - 2016-03-02 07:23 - 00000000 ____D C:\ProgramData\374311380
2016-03-02 07:06 - 2016-03-02 07:06 - 00000000 ____D C:\Program Files (x86)\FliashCoupon
2016-03-04 09:01 - 2014-09-07 22:35 - 00000000 ____D C:\ProgramData\LuckkyuCCoupon
2016-03-04 07:50 - 2011-01-11 12:56 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\FrostWire
2016-03-04 07:28 - 2014-07-25 22:34 - 00000000 ____D C:\ProgramData\82d7777149726745
2016-03-02 07:31 - 2011-01-25 15:51 - 00001945 _____ C:\Windows\epplauncher.mif
2016-03-02 07:26 - 2014-10-06 22:47 - 00000000 ____D C:\ProgramData\FliashCoupon
2016-03-02 07:17 - 2010-05-01 14:47 - 00000000 ____D C:\Program Files (x86)\Ask.com
2016-03-02 03:01 - 2014-08-24 13:07 - 00000000 ____D C:\ProgramData\LuckyCoupon
2016-03-02 03:01 - 2014-07-27 12:16 - 00000000 ____D C:\ProgramData\FlaShCouuppono
Task: {56FB3172-472C-4249-876A-A981C2B5BF97} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {61055D94-A6BB-495F-AF51-FA1D75FA9CBD} - System32\Tasks\{81AA38E6-61C9-4DD3-A99D-F725B2D83F07} => pcalua.exe -a D:\HijackThis.exe -d D:\
Task: {B196F75D-16BB-4C98-A6AA-94BC802917AD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {EEDC901B-B832-4BC1-9104-015677737647} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core.job => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA.job => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-07-27 12:16 - 2014-07-27 12:16 - 00449024 _____ () C:\ProgramData\FlaShCouuppono\I_KqTQF.dll
AlternateDataStreams: C:\ProgramData\TEMP:4A74A9A7 [128]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [252]
C:\Users\Katrina\AppData\Local\Temp\wxyehrjvd
C:\ProgramData\6ffaa86
FirewallRules: [{075F6029-ABEC-4CEA-AB30-143EC8135B77}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{BCF96557-107B-42D9-BC87-DD297C6456E7}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{19752848-D692-46DD-8B4D-0906E32E5C2F}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{BBF365C9-7EDC-4817-8571-9AED7E5C9BFB}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{12AF28F1-AF6E-4923-91A8-7CD2DDF2B815}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{0A193A02-0BED-4122-BFBF-3C9F98C60823}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [{BC6BE23D-D8B9-44E7-AE82-1038E541F9A5}] => (Allow) C:\ProgramData\6ffaa86\MS6ffa_302.exe
FirewallRules: [{05A9A756-F0BA-4460-964D-DE86F16C19ED}] => (Allow) C:\ProgramData\6ffaa86\MS6ffa_302.exe
FirewallRules: [{E6A23121-3206-458C-9F19-B864073A0C40}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{BB9C57E7-908E-4163-B1CB-BA734B4AD362}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{75421F6A-EEFE-404F-ADF0-14084C0949FD}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{190BD70A-C25D-482E-A855-CB06FE48DE6D}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{8C25C4FA-9FE1-4163-88B0-EEE71CEEE23A}] => (Allow) LPort=2869
FirewallRules: [{A778C053-1447-4CC5-941F-2E62DAD64C21}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9A2E156E-9D21-4BDA-83A7-AB3EE9E77C88}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{C9FD39F1-8F1A-402A-B735-F514ED902872}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [{514F999B-3C6F-4EE5-8F0C-10C99C72FB81}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{1DB947CF-4ACD-44F1-8B9C-0033B574797A}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [TCP Query User{3337604A-1593-48A0-8D4E-7A376DFF5565}C:\program files (x86)\frostwire\frostwire.exe] => (Block) C:\program files (x86)\frostwire\frostwire.exe
FirewallRules: [UDP Query User{305A20FB-FD0D-4622-A46D-E42313FB3DB6}C:\program files (x86)\frostwire\frostwire.exe] => (Block) C:\program files (x86)\frostwire\frostwire.exe
FirewallRules: [{4E2E65BD-5205-4853-95FB-78DF9950E32D}] => (Allow) LPort=4481
FirewallRules: [{241A6D64-0B36-4CFB-9CFC-5FED45AE14A0}] => (Allow) LPort=4481
FirewallRules: [{68E2A4B4-CA9B-4A6F-8AC8-3FEBDB58A43C}] => (Allow) LPort=4482
FirewallRules: [{3D9262DF-6841-423B-BA8F-D0570B11882D}] => (Allow) LPort=4482
C:\Users\Katrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EGZ40IG\Win8Security_scanner.exe
C:\Windows\System32\Drivers\d8a9369b330a0d5b.sys
CMD: sc stop d8a9369b330a0d5b
CMD: sc delete d8a9369b330a0d5b
CMD: sfc /scanfile=C:\Windows\system32\Drivers\volsnap.sys
EmptyTemp:

 

*****************

HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Win8Security_scanner.exe => value could not remove.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\\Debugger => value removed successfully
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk => moved successfully
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk => not found.
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C}" => key removed successfully
"HKCR\CLSID\{3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6935DCC0-259B-3C41-D6B4-C791FAF27D11}" => key removed successfully
"HKCR\CLSID\{6935DCC0-259B-3C41-D6B4-C791FAF27D11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{914732CD-5506-9D9A-6478-27E79918DBFF}" => key removed successfully
"HKCR\CLSID\{914732CD-5506-9D9A-6478-27E79918DBFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{914732CD-5506-9D9A-6478-27E79918DBFF}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{914732CD-5506-9D9A-6478-27E79918DBFF}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{32C3FEAE-0877-4767-8C20-62A5829A0945}" => key removed successfully
HKCR\Wow6432Node\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3" => key removed successfully
C:\Users\Katrina\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll => not found.
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpchhjbdicfkjpdccjcclfpgbobgedd <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjmbgoamdpbndikpbaoeoidaabejfmd <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpghbggehfodnapmcddffmnamgijhe <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf <==== ATTENTION => not found
"d8a9369b330a0d5b" => service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
DockLoginService => service removed successfully
Update Yula => service removed successfully
Util Yula => service removed successfully
d8a9369b330a0d5b => service could not remove
d8a9369b330a0d5b => service could not remove
{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64 => service removed successfully
{4df60d2c-927b-478c-83f0-b7dc923bae60}w64 => service removed successfully
C:\Users\Katrina\AppData\Local\{F2958949-F7E5-4F84-AE40-6EDF184BAD05} => moved successfully
C:\Program Files (x86)\LuckkyuCCoupon => moved successfully
C:\Users\Katrina\AppData\Local\{4C20FEC3-1437-43F0-826B-72F93CA59986} => moved successfully
C:\Users\Katrina\AppData\Local\{03C2AFB4-C36D-4CAF-8FBE-3006CBDD7A16} => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
C:\ProgramData\374311380 => moved successfully
C:\Program Files (x86)\FliashCoupon => moved successfully
C:\ProgramData\LuckkyuCCoupon => moved successfully
C:\Users\Katrina\AppData\Roaming\FrostWire => moved successfully
C:\ProgramData\82d7777149726745 => moved successfully
C:\Windows\epplauncher.mif => moved successfully
C:\ProgramData\FliashCoupon => moved successfully
C:\Program Files (x86)\Ask.com => moved successfully
C:\ProgramData\LuckyCoupon => moved successfully
C:\ProgramData\FlaShCouuppono => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56FB3172-472C-4249-876A-A981C2B5BF97} => key not found.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61055D94-A6BB-495F-AF51-FA1D75FA9CBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61055D94-A6BB-495F-AF51-FA1D75FA9CBD}" => key removed successfully
C:\Windows\System32\Tasks\{81AA38E6-61C9-4DD3-A99D-F725B2D83F07} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{81AA38E6-61C9-4DD3-A99D-F725B2D83F07}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B196F75D-16BB-4C98-A6AA-94BC802917AD} => key not found.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEDC901B-B832-4BC1-9104-015677737647}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEDC901B-B832-4BC1-9104-015677737647}" => key removed successfully
C:\Windows\System32\Tasks\RunAsStdUser Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => key removed successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core.job => not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => not found.
"C:\ProgramData\FlaShCouuppono\I_KqTQF.dll" => not found.
C:\ProgramData\TEMP => ":4A74A9A7" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
"C:\Users\Katrina\AppData\Local\Temp\wxyehrjvd" => not found.
C:\ProgramData\6ffaa86 => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{075F6029-ABEC-4CEA-AB30-143EC8135B77} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCF96557-107B-42D9-BC87-DD297C6456E7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19752848-D692-46DD-8B4D-0906E32E5C2F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBF365C9-7EDC-4817-8571-9AED7E5C9BFB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{12AF28F1-AF6E-4923-91A8-7CD2DDF2B815}C:\program files (x86)\ares\ares.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0A193A02-0BED-4122-BFBF-3C9F98C60823}C:\program files (x86)\ares\ares.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC6BE23D-D8B9-44E7-AE82-1038E541F9A5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05A9A756-F0BA-4460-964D-DE86F16C19ED} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6A23121-3206-458C-9F19-B864073A0C40} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB9C57E7-908E-4163-B1CB-BA734B4AD362} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75421F6A-EEFE-404F-ADF0-14084C0949FD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{190BD70A-C25D-482E-A855-CB06FE48DE6D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C25C4FA-9FE1-4163-88B0-EEE71CEEE23A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A778C053-1447-4CC5-941F-2E62DAD64C21} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9A2E156E-9D21-4BDA-83A7-AB3EE9E77C88}C:\program files (x86)\ares\ares.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9FD39F1-8F1A-402A-B735-F514ED902872}C:\program files (x86)\ares\ares.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{514F999B-3C6F-4EE5-8F0C-10C99C72FB81} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DB947CF-4ACD-44F1-8B9C-0033B574797A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3337604A-1593-48A0-8D4E-7A376DFF5565}C:\program files (x86)\frostwire\frostwire.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{305A20FB-FD0D-4622-A46D-E42313FB3DB6}C:\program files (x86)\frostwire\frostwire.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E2E65BD-5205-4853-95FB-78DF9950E32D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{241A6D64-0B36-4CFB-9CFC-5FED45AE14A0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68E2A4B4-CA9B-4A6F-8AC8-3FEBDB58A43C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D9262DF-6841-423B-BA8F-D0570B11882D} => value removed successfully
"C:\Users\Katrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EGZ40IG\Win8Security_scanner.exe" => not found.
Could not move "C:\Windows\System32\Drivers\d8a9369b330a0d5b.sys" => Scheduled to move on reboot.

=========  sc stop d8a9369b330a0d5b =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

========= End of CMD: =========

=========  sc delete d8a9369b330a0d5b =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

========= End of CMD: =========

=========  sfc /scanfile=C:\Windows\system32\Drivers\volsnap.sys =========

 

Windows Resource Protection found corrupt files and successfully repaired

them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For

example C:\Windows\Logs\CBS\CBS.log

 

The system file repair changes will take effect after the next reboot.

========= End of CMD: =========

EmptyTemp: => 2.7 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-14 19:37:46)

"C:\Windows\System32\Drivers\d8a9369b330a0d5b.sys" => Could not move

==== End of Fixlog 19:37:46 ====


  • 0

#6
RKinner
Posted 14 March 2016 - 10:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Yes.  Then run a new FRST scan so we can see if they worked.


  • 0

#7
robkbriggs
Posted 16 March 2016 - 06:20 AM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts

I ran both the ESET Tool and the Windows Defender Offline. Then I ran another FRST scan

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Katrina (administrator) on KATRINA-PC (16-03-2016 06:15:22)
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{474AFFBE-88EA-4F40-8277-5BD712E33E37}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{8432D0EB-FA70-4B19-AF29-15B2F52E3964}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131025668718811145&GUID=54831867-30F0-494D-93D1-1FBFCBC8C56A
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKLM -> {2A00D426-143C-4C27-A5CF-14EBAA32497D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKLM-x32 -> {6744EFFA-7F76-41E6-898C-C54661DA8E15} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKU\.DEFAULT -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> DefaultScope {0B02FF70-C1E4-4270-8730-3A384B9119EE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> {0B02FF70-C1E4-4270-8730-3A384B9119EE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-28] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-04-06] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2010-11-10] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1913726647-2047149097-3475585360-1001: @nsroblox.roblox.com/launcher -> C:\Users\Katrina\AppData\Local\Roblox\Versions\version-9ae7cc04e47a4b12\\NPRobloxProxy.dll [2013-02-13] ( ROBLOX Corporation)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2014-09-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-17]
CHR Extension: (Google Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-17]
CHR Extension: (BugDigger) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpchhjbdicfkjpdccjcclfpgbobgedd [2014-08-18] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Instant Dictionary) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjmbgoamdpbndikpbaoeoidaabejfmd [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Bootstrap Twitter Offline Docs) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Yula) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpghbggehfodnapmcddffmnamgijhe [2014-10-13] [UpdateUrl: hxxp://wwwyulaseecom-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Page Rank) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog [2014-07-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Do Share) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf [2014-07-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 06:15 - 2016-03-16 06:15 - 00000000 ____D C:\Users\Katrina\AppData\Local\{82060EB4-690F-445B-B924-561936F8BABA}
2016-03-15 16:34 - 2016-03-15 20:06 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-03-15 14:32 - 2016-03-15 14:29 - 00021154 _____ C:\Users\Katrina\Desktop\ESETNecursCleaner.exe_20160315.142944.2888.zip
2016-03-15 14:32 - 2016-03-15 07:05 - 00260296 _____ (ESET) C:\Users\Katrina\Desktop\ESETNecursCleaner.exe
2016-03-14 19:38 - 2016-03-14 19:38 - 00000000 ____D C:\Users\Katrina\AppData\Local\{EDA1ACAD-49CF-4685-813B-9EC03EAABE35}
2016-03-14 19:37 - 2016-03-14 19:37 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-14 19:34 - 2016-03-14 19:37 - 00028358 _____ C:\Users\Katrina\Desktop\Fixlog.txt
2016-03-14 19:34 - 2009-07-13 19:45 - 00294992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-03-13 13:19 - 2016-03-13 13:19 - 00029828 _____ C:\Users\Katrina\Desktop\Addition.txt
2016-03-13 13:17 - 2016-03-16 06:16 - 00013949 _____ C:\Users\Katrina\Desktop\FRST.txt
2016-03-13 13:17 - 2016-03-16 06:15 - 00000000 ____D C:\FRST
2016-03-13 13:17 - 2016-03-13 13:17 - 02374144 _____ (Farbar) C:\Users\Katrina\Desktop\FRST64.exe
2016-03-13 13:03 - 2016-03-13 13:03 - 00000383 _____ C:\siw_debug.txt
2016-03-13 13:02 - 2016-03-13 13:04 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\siw_tmp
2016-03-13 13:02 - 2016-03-13 13:02 - 00000000 ____D C:\Users\Katrina\AppData\Local\CrashRpt
2016-03-02 01:25 - 2016-03-02 04:55 - 00000000 ____D C:\RescueCD Logs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 06:15 - 2010-04-13 19:43 - 00000000 ____D C:\Users\Katrina\Tracing
2016-03-16 06:14 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 19:44 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 19:44 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 19:41 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 19:41 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-14 19:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-03-13 12:39 - 2009-07-13 23:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-13 12:38 - 2011-01-07 16:47 - 00000000 ____D C:\Windows\pss
2016-03-13 12:38 - 2010-04-13 21:11 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Skype
2016-03-13 12:32 - 2013-02-21 17:28 - 00000047 _____ C:\Users\Katrina\AppData\LocalLow\rbxcsettings.rbx
2016-03-13 12:30 - 2010-04-13 21:19 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\skypePM
2016-03-04 09:01 - 2010-04-13 21:12 - 00000000 ____D C:\Program Files\Google
2016-03-04 09:01 - 2010-04-13 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-04 07:55 - 2011-12-16 09:36 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-03-04 07:49 - 2010-04-29 21:53 - 00000000 ____D C:\Users\Katrina\AppData\Local\Adobe
2016-03-04 07:49 - 2010-04-13 21:12 - 00000000 ____D C:\Users\Katrina\AppData\Local\Google
2016-03-04 07:49 - 2010-04-13 21:11 - 00000000 ____D C:\ProgramData\Google
2016-03-04 07:49 - 2010-04-08 01:41 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2010-04-28 22:57 - 2010-04-28 22:57 - 0081920 _____ () C:\Users\Katrina\AppData\Roaming\DataSafeDotNet.exe
2011-04-04 22:39 - 2011-06-21 22:00 - 0000872 _____ () C:\Users\Katrina\AppData\Roaming\Rim.Desktop.Exception.log
2011-04-04 22:38 - 2011-04-04 22:38 - 0001153 _____ () C:\Users\Katrina\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2010-08-25 20:27 - 2013-09-23 21:26 - 0005144 _____ () C:\Users\Katrina\AppData\Roaming\wklnhst.dat
2010-11-20 15:27 - 2010-11-20 15:27 - 0003584 _____ () C:\Users\Katrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-13 21:19 - 2010-04-13 21:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

LastRegBack: 2013-01-17 16:26

==================== End of FRST.txt ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Katrina (2016-03-16 06:17:07)
Running from C:\Users\Katrina\Desktop
Windows 7 Home Premium (X64) (2010-04-14 01:20:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1913726647-2047149097-3475585360-500 - Administrator - Disabled)
Guest (S-1-5-21-1913726647-2047149097-3475585360-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1913726647-2047149097-3475585360-1002 - Limited - Enabled)
Katrina (S-1-5-21-1913726647-2047149097-3475585360-1001 - Administrator - Enabled) => C:\Users\Katrina

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BlackBerry Desktop Software 6.0.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.1 (x32 Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.102 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
FrostWire 4.21.3 (HKLM-x32\...\FrostWire) (Version: 4.21.3.0 - FrostWire Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4454.1511 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.158 - Skype Technologies S.A.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14448416-68C6-4363-B885-65A13F53FA7C} - System32\Tasks\{DF0D8AE4-BC86-406B-B018-EBE6905974BF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-04-06] (Skype Technologies S.A.)
Task: {1E755429-1E79-4B13-827E-54297C44E24B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {3358239F-1772-4A11-8C98-C3A0300E68D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {47940C08-2B0E-4A1B-9CA1-90DB526F877B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {6F40C4A0-80E9-4A59-B7CD-EB7FD66AEF31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2C1FDE9-918F-46D4-82B3-E4D082817D49} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {D07540CA-916E-4E2A-8551-5F805A7CE81F} - System32\Tasks\D5SD7BL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-04-08 01:40 - 2009-07-16 19:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-04-08 01:40 - 2009-07-16 19:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2013-02-28 20:15 - 2012-11-24 18:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-28 20:15 - 2012-12-07 08:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-02-28 20:15 - 2012-12-07 08:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-01-08 15:59 - 2011-01-08 13:44 - 00000824 ___RA C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 2) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Gamevance => C:\Program Files (x86)\Gamevance\gamevance32.exe a
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Security Shield => "C:\ProgramData\6ffaa86\MS6ffa_302.exe" /s /d
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: smmyiyqm => C:\Users\Katrina\AppData\Local\Temp\wxyehrjvd\tqhutfmaffm.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C4C02A5-5E71-4326-B6A4-61265FEFD981}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{377CED40-80D9-4253-B52D-A4B08E2985FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{5D01657A-BDAB-42ED-AF15-A06799F74EDB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{74F96A34-FF03-481E-A66F-E12E7356E956}] => (Allow) svchost.exe
FirewallRules: [{C6C988B0-8E8A-4A27-9F96-6E2FF61FC5B1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{C363E2E9-7AF7-4453-955F-39D0AAA57CA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{182CD473-BC20-4AE0-A24B-C4696448CBE7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C9C14AD2-EE22-41E9-973D-9466B073A4D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9E0A073-B987-4077-B17A-75E2B8E2A97E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6F9AA430-AC77-4659-B45D-4160C47B50D6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5F421D04-EF32-4A0E-BFCC-D16E16EBA680}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9DD5A539-F173-4F81-A81E-0A1F0FE365C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{4E15EFB8-219D-47AA-A9ED-A56B2C967E62}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{7156CEF4-D952-4CBF-A972-C67E3DEAE7F6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E0BB488D-AA7B-4909-AD95-A35A61E18108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8695175A-0723-44F8-BE9D-1C47FCA25F9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2D217B7-186B-4A63-9296-CE97A67FAE4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3807B484-6B28-44BA-8F83-DF490CF51248}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52C6D636-27F7-45A4-80C4-552883F813BE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

==================== Restore Points =========================

12-07-2012 21:40:04 Windows Update
17-07-2012 18:38:42 Windows Update
18-07-2012 03:00:22 Windows Update
21-07-2012 22:07:30 Windows Update
28-07-2012 10:09:08 Windows Update
01-08-2012 20:43:55 Windows Update
05-08-2012 11:48:35 Windows Update
10-08-2012 12:11:00 Windows Update
16-08-2012 19:23:33 Windows Update
02-03-2016 07:07:15 Removed Ask Toolbar.
04-03-2016 07:47:32 Removed Adobe Reader 9.5.5.
04-03-2016 07:54:02 Removed FlipToast
04-03-2016 07:54:51 Removed Fliptoast
04-03-2016 07:55:53 Removed Spelling Dictionaries Support For Adobe Reader 9.
04-03-2016 07:57:56 Removed Adobe Flash Player 10 Plugin.
04-03-2016 07:58:30 Removed Java™ 6 Update 21
13-03-2016 12:34:39 Removed Facebook Messenger 2.1.4814.0

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2016 02:29:57 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/15/2016 02:28:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66615703

Error: (03/15/2016 02:28:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66615703

Error: (03/15/2016 02:28:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/13/2016 02:05:53 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0xD0000022
6.1.7600.16385

Error: (03/13/2016 12:38:35 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/04/2016 06:09:50 PM) (Source: Google Update) (EventID: 20) (User: Katrina-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7216232

Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7216232

Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (03/14/2016 03:45:01 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (03/14/2016 11:29:49 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (03/14/2016 07:14:32 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (03/14/2016 02:59:19 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (03/13/2016 10:44:04 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (03/13/2016 06:28:48 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (03/13/2016 02:05:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error:
%%5

Error: (03/13/2016 01:13:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64
{4df60d2c-927b-478c-83f0-b7dc923bae60}w64

Error: (03/13/2016 01:13:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Yula service failed to start due to the following error:
%%2

Error: (03/13/2016 01:13:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Yula service failed to start due to the following error:
%%2

CodeIntegrity:
===================================
  Date: 2012-08-28 16:27:47.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\18e0ff18.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-28 16:27:46.793
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\18e0ff18.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-05-06 22:15:08.268
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-05-06 22:15:08.241
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 3032.36 MB
Available physical RAM: 1947.16 MB
Total Virtual: 6062.87 MB
Available Virtual: 4846.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:147.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 430A03C8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#8
RKinner
Posted 16 March 2016 - 08:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Looks like you made a lot of progress.  Still something in Chrome and a few remnants in msconfig.  Testsigning is on but I'm afraid to turn it off as long as you have an unsigned driver showing.

 

Can you see if Dell has a new version of the driver for Dell Wireless WLAN Card?  The current one is unsigned and I'm afraid if I turn signing back on it will take you off line.

 

Uninstall Bonjour as it's not working.  (You will get a new one if you update any Apple software)

 

 

 
Right click on Computer and select Manage (yes) Then click on the arrow in front of Event Viewer. Next click on the arrow in front of Windows Logs. Right click on System and Clear Log, Clear.
Repeat for Application.
 
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix  (PC will restart)
A fixlog.txt will be created int he same folder that FRST uses.   please post that 
 
Chrome needs to be reinstalled.  You may want to back up your settings first:
 
 
Then download a new copy of the Chrome installer, 
 
 
Uninstall Chrome.  Install new.
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Run a new FRST scan with Addition.txt checked and post both logs.
 
 
 

  • 0

#9
robkbriggs
Posted 16 March 2016 - 07:09 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts

I unistalled Bonjour, Chrome and cleared the event logs. The newest WLAN driver Dell shows is from 2009, I didn't check to see if that's what was already on there. Sfc ran to completion without an issue. The logs from FRST and VEW are below.

 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Katrina (2016-03-16 18:36:23) Run:2
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2014-09-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (BugDigger) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpchhjbdicfkjpdccjcclfpgbobgedd [2014-08-18] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Instant Dictionary) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjmbgoamdpbndikpbaoeoidaabejfmd [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Bootstrap Twitter Offline Docs) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Yula) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpghbggehfodnapmcddffmnamgijhe [2014-10-13] [UpdateUrl: hxxp://wwwyulaseecom-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Page Rank) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog [2014-07-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Do Share) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf [2014-07-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
C:\Program Files (x86)\Ares
C:\ProgramData\6ffaa86
C:\Program Files (x86)\Optimizer Pro
C:\Users\Katrina\AppData\Local\Temp\wxyehrjvd
EmptyTemp:

 

*****************

C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpchhjbdicfkjpdccjcclfpgbobgedd <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjmbgoamdpbndikpbaoeoidaabejfmd <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpghbggehfodnapmcddffmnamgijhe <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found
C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf <==== ATTENTION => not found
"C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup" => not found.
"C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup" => not found.
"C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup" => not found.
"C:\Program Files (x86)\Ares" => not found.
"C:\ProgramData\6ffaa86" => not found.
"C:\Program Files (x86)\Optimizer Pro" => not found.
"C:\Users\Katrina\AppData\Local\Temp\wxyehrjvd" => not found.
EmptyTemp: => 56.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 18:36:27 ====

 

VEW.txt

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/03/2016 6:58:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/03/2016 12:37:33 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/03/2016 12:36:34 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/03/2016 12:36:33 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/03/2016 12:34:26 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/03/2016 12:34:26 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/03/2016 12:34:10 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/03/2016 12:34:09 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/03/2016 12:34:00 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/03/2016 12:33:59 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/03/2016 12:33:58 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Katrina (administrator) on KATRINA-PC (16-03-2016 18:59:03)
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{474AFFBE-88EA-4F40-8277-5BD712E33E37}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKLM -> {2A00D426-143C-4C27-A5CF-14EBAA32497D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKLM-x32 -> {6744EFFA-7F76-41E6-898C-C54661DA8E15} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKU\.DEFAULT -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> DefaultScope {0B02FF70-C1E4-4270-8730-3A384B9119EE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
SearchScopes: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> {0B02FF70-C1E4-4270-8730-3A384B9119EE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE4
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-28] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-04-06] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2010-11-10] ()
FF Plugin HKU\S-1-5-21-1913726647-2047149097-3475585360-1001: @nsroblox.roblox.com/launcher -> C:\Users\Katrina\AppData\Local\Roblox\Versions\version-9ae7cc04e47a4b12\\NPRobloxProxy.dll [2013-02-13] ( ROBLOX Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 18:58 - 2016-03-16 18:58 - 00002664 _____ C:\VEW.txt
2016-03-16 18:57 - 2016-03-16 18:57 - 00061440 _____ ( ) C:\Users\Katrina\Desktop\VEW.exe
2016-03-16 18:38 - 2016-03-16 18:39 - 00000000 ____D C:\Users\Katrina\AppData\Local\{44F70D16-6413-4A21-92A4-8627DC1B3FBC}
2016-03-16 18:35 - 2016-03-16 18:35 - 00000000 ____D C:\Windows\System32\Tasks\Katrina-PC
2016-03-16 18:33 - 2016-03-16 18:34 - 00000000 ____D C:\Users\Katrina\Desktop\GTG
2016-03-16 18:20 - 2016-03-16 18:23 - 00000000 ____D C:\Users\Katrina\AppData\Local\Deployment
2016-03-16 18:20 - 2016-03-16 18:20 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-16 18:20 - 2016-03-16 18:20 - 00000000 ____D C:\Users\Katrina\AppData\Local\Apps\2.0
2016-03-16 06:15 - 2016-03-16 06:15 - 00000000 ____D C:\Users\Katrina\AppData\Local\{82060EB4-690F-445B-B924-561936F8BABA}
2016-03-15 16:34 - 2016-03-15 20:06 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-03-14 19:38 - 2016-03-14 19:38 - 00000000 ____D C:\Users\Katrina\AppData\Local\{EDA1ACAD-49CF-4685-813B-9EC03EAABE35}
2016-03-14 19:37 - 2016-03-14 19:37 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-14 19:34 - 2016-03-16 18:36 - 00005068 _____ C:\Users\Katrina\Desktop\Fixlog.txt
2016-03-14 19:34 - 2009-07-13 19:45 - 00294992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-03-13 13:19 - 2016-03-16 06:17 - 00026105 _____ C:\Users\Katrina\Desktop\Addition.txt
2016-03-13 13:17 - 2016-03-16 19:00 - 00010695 _____ C:\Users\Katrina\Desktop\FRST.txt
2016-03-13 13:17 - 2016-03-16 18:59 - 00000000 ____D C:\FRST
2016-03-13 13:17 - 2016-03-13 13:17 - 02374144 _____ (Farbar) C:\Users\Katrina\Desktop\FRST64.exe
2016-03-13 13:03 - 2016-03-13 13:03 - 00000383 _____ C:\siw_debug.txt
2016-03-13 13:02 - 2016-03-13 13:04 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\siw_tmp
2016-03-13 13:02 - 2016-03-13 13:02 - 00000000 ____D C:\Users\Katrina\AppData\Local\CrashRpt
2016-03-02 01:25 - 2016-03-02 04:55 - 00000000 ____D C:\RescueCD Logs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 18:46 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-16 18:46 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-16 18:45 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 18:45 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-16 18:38 - 2010-04-13 19:43 - 00000000 ____D C:\Users\Katrina\Tracing
2016-03-16 18:37 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-16 18:34 - 2010-04-08 01:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
2016-03-16 18:33 - 2010-04-08 04:02 - 00000000 ____D C:\dell
2016-03-16 18:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-03-16 18:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-03-16 18:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-03-16 18:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Help
2016-03-16 18:23 - 2010-04-13 21:12 - 00000000 ____D C:\Users\Katrina\AppData\Local\Google
2016-03-16 18:23 - 2010-04-13 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-14 19:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-03-13 12:39 - 2009-07-13 23:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-13 12:38 - 2011-01-07 16:47 - 00000000 ____D C:\Windows\pss
2016-03-13 12:38 - 2010-04-13 21:11 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Skype
2016-03-13 12:32 - 2013-02-21 17:28 - 00000047 _____ C:\Users\Katrina\AppData\LocalLow\rbxcsettings.rbx
2016-03-13 12:30 - 2010-04-13 21:19 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\skypePM
2016-03-04 09:01 - 2010-04-13 21:12 - 00000000 ____D C:\Program Files\Google
2016-03-04 07:55 - 2011-12-16 09:36 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-03-04 07:49 - 2010-04-29 21:53 - 00000000 ____D C:\Users\Katrina\AppData\Local\Adobe
2016-03-04 07:49 - 2010-04-13 21:11 - 00000000 ____D C:\ProgramData\Google
2016-03-04 07:49 - 2010-04-08 01:41 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2010-04-28 22:57 - 2010-04-28 22:57 - 0081920 _____ () C:\Users\Katrina\AppData\Roaming\DataSafeDotNet.exe
2011-04-04 22:39 - 2011-06-21 22:00 - 0000872 _____ () C:\Users\Katrina\AppData\Roaming\Rim.Desktop.Exception.log
2011-04-04 22:38 - 2011-04-04 22:38 - 0001153 _____ () C:\Users\Katrina\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2010-08-25 20:27 - 2013-09-23 21:26 - 0005144 _____ () C:\Users\Katrina\AppData\Roaming\wklnhst.dat
2010-11-20 15:27 - 2010-11-20 15:27 - 0003584 _____ () C:\Users\Katrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-13 21:19 - 2010-04-13 21:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

LastRegBack: 2013-01-17 16:26

==================== End of FRST.txt ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Katrina (2016-03-16 19:00:34)
Running from C:\Users\Katrina\Desktop
Windows 7 Home Premium (X64) (2010-04-14 01:20:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1913726647-2047149097-3475585360-500 - Administrator - Disabled)
Guest (S-1-5-21-1913726647-2047149097-3475585360-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1913726647-2047149097-3475585360-1002 - Limited - Enabled)
Katrina (S-1-5-21-1913726647-2047149097-3475585360-1001 - Administrator - Enabled) => C:\Users\Katrina

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BlackBerry Desktop Software 6.0.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.1 (x32 Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.102 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
FrostWire 4.21.3 (HKLM-x32\...\FrostWire) (Version: 4.21.3.0 - FrostWire Team)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4454.1511 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.158 - Skype Technologies S.A.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006B523D-E0D1-45D4-B215-AF49A93DFA6D} - System32\Tasks\Katrina-PC\Katrina - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {14448416-68C6-4363-B885-65A13F53FA7C} - System32\Tasks\{DF0D8AE4-BC86-406B-B018-EBE6905974BF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-04-06] (Skype Technologies S.A.)
Task: {47940C08-2B0E-4A1B-9CA1-90DB526F877B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {6F40C4A0-80E9-4A59-B7CD-EB7FD66AEF31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2C1FDE9-918F-46D4-82B3-E4D082817D49} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {D07540CA-916E-4E2A-8551-5F805A7CE81F} - System32\Tasks\D5SD7BL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-04-08 01:40 - 2009-07-17 09:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-04-08 01:40 - 2009-07-17 09:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2013-02-28 20:15 - 2012-11-24 18:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-28 20:15 - 2012-12-07 08:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-02-28 20:15 - 2012-12-07 08:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-01-08 15:59 - 2011-01-08 13:44 - 00000824 ___RA C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 2) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Gamevance => C:\Program Files (x86)\Gamevance\gamevance32.exe a
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Security Shield => "C:\ProgramData\6ffaa86\MS6ffa_302.exe" /s /d
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: smmyiyqm => C:\Users\Katrina\AppData\Local\Temp\wxyehrjvd\tqhutfmaffm.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C4C02A5-5E71-4326-B6A4-61265FEFD981}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{377CED40-80D9-4253-B52D-A4B08E2985FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{5D01657A-BDAB-42ED-AF15-A06799F74EDB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{74F96A34-FF03-481E-A66F-E12E7356E956}] => (Allow) svchost.exe
FirewallRules: [{C6C988B0-8E8A-4A27-9F96-6E2FF61FC5B1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{C363E2E9-7AF7-4453-955F-39D0AAA57CA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{182CD473-BC20-4AE0-A24B-C4696448CBE7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{6F9AA430-AC77-4659-B45D-4160C47B50D6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5F421D04-EF32-4A0E-BFCC-D16E16EBA680}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9DD5A539-F173-4F81-A81E-0A1F0FE365C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{4E15EFB8-219D-47AA-A9ED-A56B2C967E62}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{7156CEF4-D952-4CBF-A972-C67E3DEAE7F6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E0BB488D-AA7B-4909-AD95-A35A61E18108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8695175A-0723-44F8-BE9D-1C47FCA25F9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2D217B7-186B-4A63-9296-CE97A67FAE4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3807B484-6B28-44BA-8F83-DF490CF51248}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52C6D636-27F7-45A4-80C4-552883F813BE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

==================== Restore Points =========================

21-07-2012 22:07:30 Windows Update
28-07-2012 10:09:08 Windows Update
01-08-2012 20:43:55 Windows Update
05-08-2012 11:48:35 Windows Update
10-08-2012 12:11:00 Windows Update
16-08-2012 19:23:33 Windows Update
02-03-2016 07:07:15 Removed Ask Toolbar.
04-03-2016 07:47:32 Removed Adobe Reader 9.5.5.
04-03-2016 07:54:02 Removed FlipToast
04-03-2016 07:54:51 Removed Fliptoast
04-03-2016 07:55:53 Removed Spelling Dictionaries Support For Adobe Reader 9.
04-03-2016 07:57:56 Removed Adobe Flash Player 10 Plugin.
04-03-2016 07:58:30 Removed Java™ 6 Update 21
13-03-2016 12:34:39 Removed Facebook Messenger 2.1.4814.0
16-03-2016 18:18:25 Removed Bonjour

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2016 06:36:30 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

System errors:
=============

CodeIntegrity:
===================================
  Date: 2012-08-28 16:27:47.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\18e0ff18.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-28 16:27:46.793
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\18e0ff18.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-05-06 22:15:08.268
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-05-06 22:15:08.241
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 43%
Total physical RAM: 3032.36 MB
Available physical RAM: 1704.24 MB
Total Virtual: 6062.87 MB
Available Virtual: 4624.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:149.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 430A03C8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#10
RKinner
Posted 16 March 2016 - 07:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  Let's see if we can fix the testsigning that FRST is complaining about

 

 
Download the attached fixlist.txt and undofixlist.txt to the same location as FRST
 
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
reboot.  
 
If your wifi still works then no problem.  If you lose your wifi then rename the undofixlist.txt file to fixlist.txt and run the fix again.
 
You don't have an anti-virus.  Can I get you to install the free Avast and let it run a boot-time scan?
 
Click on Download then choose the free version.
 
Do not let them give you the demo version.  Stick with the Basic.
 
You will need to register but they just want an email address and they don't sell it or annoy you with emails.
 
Click on the orange ball or open Avast then click on the gear.  Scroll down to Popups and click on the down arrow to the right.  Change the first one to 1 second.
 
You may also want to click on the down arrow to the right of Sounds and uncheck Scan Complete.
 
Now click on Tools (on the left).
 
If they are not already off, turn off Passwords, Browser Cleanup, Cleanup and SecureLine VPN
If you haven't registered yet, click on Registration.  Just follow the instructions and stick to the Basic Free.
 
One of the really good features of Avast is the boot-time scan.
 
It takes like 6 hours so I usually let it run at night.
 
Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
 
Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 

 


  • 0

Advertisements

#11
robkbriggs
Posted 17 March 2016 - 07:57 PM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts

After running FRST with the fixlist, I was able to connect to my WiFi network without issue. I installed Avast and am getting ready to reboot and run the boot time scan now. I will post the log for it when it's done.

 

fixlist.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Katrina (2016-03-17 19:38:01) Run:3
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

 

*****************

=========================  bcdedit ========================

The operation completed successfully.

========= End of bcdedit =========

==== End of Fixlog 19:38:01 ====


  • 0

#12
RKinner
Posted 17 March 2016 - 08:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  Last time I ran it it took about 6 hours.


  • 0

#13
robkbriggs
Posted 18 March 2016 - 10:11 AM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts

Avast log

03/17/2016 19:58
Scan of C:
 
Scan of *STARTUP
 
File C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\Windows Live\.cache\d65cf9781cbaec702\UXPlatform.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\Katrina\AppData\Local\Microsoft\Messenger\[email protected]\SocialNews\WNResponse.xml is infected by HTML:FakeWarn-A [Trj], Moved to chest
File C:\Windows\SoftwareDistribution\Download\3334dda5fbfa4462f9fddd9a8d175bc3\BITBBFB.tmp|>mrt.exe Error 42127 {CAB archive is corrupted.}
File C:\FRST\Quarantine\C\Users\Katrina\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe|>$PLUGINSDIR\OCSetupHlp.dll is infected by Win32:OpenCandy-D [PUP], Moved to chest
File C:\FRST\Quarantine\C\Users\Katrina\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe is infected by Win32:Adware-gen [Adw], Moved to chest
Number of searched folders: 28713
Number of tested files: 427951
Number of infected files: 3

  • 0

#14
robkbriggs
Posted 18 March 2016 - 10:14 AM

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts

Sorry, I hit post before I added this. I am absolutely fine to uninstall anything. Most of the programs on the laptop aren't used or needed. 


  • 0

#15
RKinner
Posted 18 March 2016 - 12:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I would first go in to msconfig and check everything then restart (you may get some complaints about missing files but we will fix those)

 

Then uninstall:

 

CCleaner 
FrostWire 4.21.3 
Skype Toolbars 
Windows Live Essentials 
 
Plus any of these that aren't in use:
 
Apple Application Support 
Apple Mobile Device Support 
Apple Software Update 
BlackBerry Desktop Software 6.0.1 
 
Then run a FRST scan with Addition.txt checked and post both logs.
 
Let's see what we still need to fix.  (When things are in msconfig I can't fix them and when you uninstall a program with pieces in msconfig it can't uninstall completely.)

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP