Can't remove V9 browser hijacker

[Simone]

Hi there,

 

I have the V9 browser hijacker on my system and have been unable to remove it using Malware bytes and Trend Micro Titanium. 

 

It started off as QVo6 and seems to have morphed into V9. Since the V9 infection I have had system problems with email software crashing, date changing, slow system, etc.

 

I have run Far bar as requested. Results below - FRST.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014

Ran by Simone (administrator) on MORGANS-PC on 11-06-2014 16:44:39

Running from C:\Users\Simone\Desktop

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe

(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe

(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

() C:\Program Files\DFX\DFX.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

() C:\Program Files\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe

() C:\Program Files\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe

(Western Digital) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe

(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe

(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

() C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe

() C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

() C:\Users\Simone\Desktop\tm_foot_pedal (1).exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(FrostWire LLC) C:\Users\Simone\AppData\Local\Temp\~nsu.tmp\Au_.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)

HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [DFX] => C:\Program Files\DFX\DFX.exe [1131880 2013-01-11] ()

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)

HKLM\...\Run: [CheckNDISPortf0aca3] => C:\Program Files\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe [421632 2013-05-25] ()

HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe [440648 2013-04-19] ()

HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)

HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-11-10] (Siber Systems)

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\MountPoints2: K - K:\AutoRun.exe

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\MountPoints2: {06c7e0f4-ba05-11e3-990a-4487fc8af1fd} - "K:\WD Drive Unlock.exe" autoplay=true

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\MountPoints2: {cae0646a-9501-11e3-b95c-4487fc8af1fd} - K:\AutoRun.exe

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\MountPoints2: {cae06475-9501-11e3-b95c-4487fc8af1fd} - K:\AutoRun.exe

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\MountPoints2: {cae06480-9501-11e3-b95c-4487fc8af1fd} - K:\AutoRun.exe

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\MountPoints2: {e1916d80-921a-11e3-b958-4487fc8af1fd} - K:\AutoRun.exe

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\MountPoints2: {e1916d91-921a-11e3-b958-4487fc8af1fd} - K:\AutoRun.exe

HKU\S-1-5-21-3543765632-621437425-1974938297-1002\...\MountPoints2: {e1916deb-921a-11e3-b958-4487fc8af1fd} - K:\AutoRun.exe

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E97FF2F95F9CC01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=AU&userid=c25cb20f-1ee3-4565-88e2-b982cadcbd24&searchtype=ds&q={searchTerms}

SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=AU&userid=c25cb20f-1ee3-4565-88e2-b982cadcbd24&searchtype=ds&q={searchTerms}

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=AU&userid=c25cb20f-1ee3-4565-88e2-b982cadcbd24&searchtype=ds&q={searchTerms}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://mixidj.delta-search.com/?q={searchTerms}&affID=121128&tt=gc_&babsrc=SP_ss&mntrId=945B4487FC8AF1FD

SearchScopes: HKCU - {55A385B4-A811-45FB-A855-B5B145F3AC63} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14197&src=kw&q={searchTerms}&locale=&apn_ptnrs=^FN&apn_dtid=^pfm013^YY^AU&apn_uid=7654eaf4-6d57-4389-8666-178810f1afd3&apn_sauid=B56E7997-D582-40FD-8F80-FAC8110CCD28

SearchScopes: HKCU - {7EE5A1AE-B059-4D36-8323-B0DBBEF7169E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826

SearchScopes: HKCU - {967339B5-A91D-4497-8055-598D7D3BA7B4} URL = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}

BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)

BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

BHO: Groove Folder Synchronization - {5AF16DF1-1649-5F90-6952-72AE2CD63D6C} - C:\Windows\system32\KBBDUKX.DLL ()

BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend Micro Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend Micro Inc.)

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

Tcpip\..\Interfaces\{2070C407-88C9-4866-A203-6D0AB605DF3F}: [NameServer]8.26.56.26,156.154.70.22

 

FireFox:

========

FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\fcw1r0mk.default

FF DefaultSearchEngine: qvo6

FF SearchEngineOrder.1: qvo6

FF SelectedSearchEngine: qvo6

FF Homepage: hxxp://start.roboform.com

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml

FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\fcw1r0mk.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2013-11-14]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013-11-10]

FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension

FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [12414-06-07]

FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-04-12]

FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\

FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []

 

Chrome: 

=======

CHR HomePage: hxxp://www.abc.net.au/

CHR StartupUrls: "hxxp://www.abc.net.au/"

CHR DefaultSearchKeyword: google.com.au

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]

CHR Extension: (YouTube) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-31]

CHR Extension: (Google Search) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-31]

CHR Extension: (The Daily Buddha) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoliceakafnglkokkdfohhgpcodghfn [2012-11-18]

CHR Extension: (Lone Tree) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2013-10-16]

CHR Extension: (Skype Click to Call) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-18]

CHR Extension: (Google Wallet) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-31]

CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Simone\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-10]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Simone\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-10]

 

========================== Services (Whitelisted) =================

 

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1558200 2014-05-16] (Microsoft Corporation)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )

R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)

R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-14] (Windows ® Win 7 DDK provider)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-11] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)

S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38656 2007-11-20] (Service & Quality Technology.) [File not signed]

R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [102904 2013-09-04] (Trend Micro Inc.)

R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [288840 2013-09-04] (Trend Micro Inc.)

R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-02] (Trend Micro Inc.)

R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-14] (Trend Micro Inc.)

R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83352 2013-09-04] (Trend Micro Inc.)

R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-23] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-03] (Trend Micro Inc.)

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]

S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]

S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

S3 STHDA; system32\DRIVERS\stwrt.sys [X]

U2 TMAgent; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-11 16:44 - 2014-06-11 16:45 - 00022839 _____ () C:\Users\Simone\Desktop\FRST.txt

2014-06-11 16:42 - 2014-06-11 16:44 - 00000000 ____D () C:\FRST

2014-06-11 16:41 - 2014-06-11 16:41 - 01072640 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe

2014-06-11 16:02 - 2014-06-11 16:02 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-06-11 16:02 - 2014-06-11 16:02 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-06-11 15:55 - 2014-06-11 15:56 - 04686336 _____ () C:\Users\Simone\Desktop\RogueKiller.exe

2014-06-11 09:21 - 2014-06-11 09:21 - 00000000 ____D () C:\Users\Simone\AppData\Local\{BA09418F-A6E8-42E4-9707-E4BA24CA0390}

2014-06-10 20:19 - 2014-06-10 20:19 - 00000000 ____D () C:\Users\Simone\AppData\Local\{33C8B537-B8B2-4F12-B2CF-88D5BC3248AC}

2014-06-10 08:19 - 2014-06-10 08:19 - 00000000 ____D () C:\Users\Simone\AppData\Local\{71B1B87B-40BF-43E5-927A-81B5EE1C7BFF}

2014-06-09 21:34 - 2014-06-09 21:35 - 00209432 _____ () C:\Windows\RegBootClean.exe

2014-06-09 21:31 - 2014-06-11 16:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-09 21:30 - 2014-06-09 21:30 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-09 21:30 - 2014-06-09 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-09 21:29 - 2014-06-09 21:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-09 21:29 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-09 21:29 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-09 21:28 - 2014-06-09 21:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Simone\Desktop\mbam-setup-2.0.2.1012.exe

2014-06-09 20:56 - 2014-06-09 21:10 - 46392681 _____ () C:\Users\Simone\Desktop\spybot-2.3.exe

2014-06-09 09:40 - 2014-06-09 09:40 - 00000000 ____D () C:\Users\Simone\AppData\Local\{DA7503AD-737B-4BEB-B785-72129D5D9A45}

2014-06-07 08:56 - 2014-06-07 08:57 - 00000000 ____D () C:\Users\Simone\AppData\Local\{26CDFE41-7FAF-4341-A8E9-8AE3290A8728}

2014-06-06 20:55 - 2014-06-06 20:55 - 00000000 ____D () C:\Users\Simone\AppData\Local\{C4A36EA9-ABEE-4540-83B1-DEFCE2DA5084}

2014-06-06 08:54 - 2014-06-06 08:54 - 00000000 ____D () C:\Users\Simone\AppData\Local\{E7565EEB-95DE-4E06-9FB4-8BD2F7B24ECD}

2014-06-05 20:44 - 2014-06-05 20:45 - 00000000 ____D () C:\Users\Simone\AppData\Local\{D86B1F07-DEA1-4064-AD25-9CC2EB28D412}

2014-06-05 08:43 - 2014-06-05 08:44 - 00000000 ____D () C:\Users\Simone\AppData\Local\{69F8581B-071C-4D89-BA58-A39514F08F21}

2014-06-04 20:43 - 2014-06-04 20:43 - 00000000 ____D () C:\Users\Simone\AppData\Local\{CAB65B9B-F8FD-438D-9619-7FEFD93AE2F3}

2014-06-04 08:42 - 2014-06-04 08:42 - 00000000 ____D () C:\Users\Simone\AppData\Local\{10CF2BEB-B4C6-4B17-9F89-A2F5B324A839}

2014-06-03 13:07 - 2014-06-03 13:07 - 00000000 ____D () C:\Users\Simone\AppData\Local\{5E333EDB-8070-4BC1-8538-FE95F9FBF169}

2014-06-02 20:47 - 2014-06-02 20:47 - 00000000 ____D () C:\Users\Simone\AppData\Local\{9CB4942A-6CB0-4D2C-9B24-E0499A97073A}

2014-06-02 08:46 - 2014-06-02 08:47 - 00000000 ____D () C:\Users\Simone\AppData\Local\{68FC84CE-7093-4BFC-9A07-E8B133E30628}

2014-06-01 20:39 - 2014-06-01 20:39 - 00000000 ____D () C:\Users\Simone\AppData\Local\{768AF2FE-99C9-4D7E-BBA7-830A536F419D}

2014-06-01 08:38 - 2014-06-01 08:38 - 00000000 ____D () C:\Users\Simone\AppData\Local\{A48AD9A4-24CA-4E0D-81F2-ACD85AD8D3CB}

2014-05-31 20:38 - 2014-05-31 20:38 - 00000000 ____D () C:\Users\Simone\AppData\Local\{37EAE648-4F08-48FC-A93A-C2F58DAA0C2C}

2014-05-31 08:38 - 2014-05-31 08:38 - 00000000 ____D () C:\Users\Simone\AppData\Local\{73F9FFE3-708A-4D68-826E-73467DA20D77}

2014-05-30 20:37 - 2014-05-30 20:37 - 00000000 ____D () C:\Users\Simone\AppData\Local\{9ECA1E48-C7A4-4CAF-9619-D31E463767DF}

2014-05-30 08:37 - 2014-05-30 08:37 - 00000000 ____D () C:\Users\Simone\AppData\Local\{612C44E1-D696-401E-B18F-EBDC184A94E8}

2014-05-29 20:35 - 2014-05-29 20:36 - 00000000 ____D () C:\Users\Simone\AppData\Local\{EC5C8F85-926D-40E5-8AA0-C08BAE7721AD}

2014-05-29 08:34 - 2014-05-29 08:35 - 00000000 ____D () C:\Users\Simone\AppData\Local\{E7AE1BBA-F69B-45A1-8E52-D7A9EF114FCA}

2014-05-28 20:33 - 2014-05-28 20:33 - 00000000 ____D () C:\Users\Simone\AppData\Local\{119441AA-8635-4294-B7A6-95C5C49DCF50}

2014-05-28 08:32 - 2014-05-28 08:32 - 00000000 ____D () C:\Users\Simone\AppData\Local\{1EA21265-1E01-4244-AFEF-E4827A82A2BA}

2014-05-27 20:31 - 2014-05-27 20:31 - 00000000 ____D () C:\Users\Simone\AppData\Local\{46D49176-683F-4918-9A0E-67CAD70E6CC8}

2014-05-27 08:30 - 2014-05-27 08:30 - 00000000 ____D () C:\Users\Simone\AppData\Local\{47890685-AF19-4B12-A8BB-29481E341A5C}

2014-05-26 19:32 - 2014-05-26 19:32 - 00000000 ____D () C:\Users\Simone\AppData\Local\{74DEBD6C-168F-4E27-A695-B49376BF7CFD}

2014-05-26 14:02 - 2014-06-10 19:58 - 00000000 ____D () C:\Users\Simone\Desktop\Affilorama

2014-05-26 07:31 - 2014-05-26 07:31 - 00000000 ____D () C:\Users\Simone\AppData\Local\{E26A6549-6F8A-4CE9-ACAC-6467848A5B38}

2014-05-25 08:57 - 2014-05-25 08:57 - 00000000 ____D () C:\Users\Simone\AppData\Local\{ABBBC41B-1DDD-49E0-A58B-0138F5AD2B85}

2014-05-24 09:22 - 2014-05-24 09:23 - 00000000 ____D () C:\Users\Simone\AppData\Local\{373D69D1-33C0-443F-9C59-1C5CFCCFB181}

2014-05-23 20:19 - 2014-05-23 20:19 - 00000000 ____D () C:\Users\Simone\AppData\Local\{3CE4C36B-82CA-4DE7-9C84-9D6F54A82555}

2014-05-23 08:18 - 2014-05-23 08:18 - 00000000 ____D () C:\Users\Simone\AppData\Local\{E56C69EF-1280-4000-BA35-99459975E167}

2014-05-22 20:01 - 2014-05-22 20:01 - 00000000 ____D () C:\Users\Simone\AppData\Local\{33B0BBF1-E51D-43BC-9541-84842269080E}

2014-05-22 08:01 - 2014-05-22 08:01 - 00000000 ____D () C:\Users\Simone\AppData\Local\{C17FD5E3-DCCF-442D-82F7-FD018F1690B8}

2014-05-21 19:23 - 2014-05-21 19:24 - 00000000 ____D () C:\Users\Simone\AppData\Local\{6975D2F3-2F70-4B74-9438-EBFE8394C046}

2014-05-21 07:23 - 2014-05-21 07:23 - 00000000 ____D () C:\Users\Simone\AppData\Local\{98E06A90-44A6-4F13-966C-B5CE38DB8CC1}

2014-05-20 13:12 - 2014-05-20 13:12 - 00000000 ____D () C:\Users\Simone\AppData\Local\{F53D1731-80FA-4860-A1B6-93A9D49D4C02}

2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\Simone\AppData\Local\{49BF6ECA-B3A1-444D-8AFE-E32CC59FF64E}

2014-05-19 09:49 - 2014-05-19 09:49 - 00000000 ____D () C:\Users\Simone\AppData\Local\{D4037567-EE69-4D5B-B9C5-2C36748B7CF2}

2014-05-18 20:55 - 2014-05-18 20:55 - 00000000 ____D () C:\Users\Simone\AppData\Local\{A7E6E50D-83E7-4ED6-9F7E-01F4827B109E}

2014-05-18 08:54 - 2014-05-18 08:54 - 00000000 ____D () C:\Users\Simone\AppData\Local\{2CFD3FF3-89B7-4335-97E1-5CB7FCAE3FF5}

2014-05-17 20:53 - 2014-05-17 20:53 - 00000000 ____D () C:\Users\Simone\AppData\Local\{4EE1E4AC-B5C8-474E-B7BD-65D86E12A3D4}

2014-05-17 08:53 - 2014-05-17 08:53 - 00000000 ____D () C:\Users\Simone\AppData\Local\{BEB2591E-2167-4F23-A70B-64DF5142C648}

2014-05-16 20:51 - 2014-05-16 20:51 - 00000000 ____D () C:\Users\Simone\AppData\Local\{2D6081ED-A91D-4500-AD52-CE813DAD84BD}

2014-05-16 08:49 - 2014-05-16 08:49 - 00000000 ____D () C:\Users\Simone\AppData\Local\{B9BACBEE-CB10-4DDD-8716-7CBFE13FCD13}

2014-05-15 20:47 - 2014-05-15 20:47 - 00000000 ____D () C:\Users\Simone\AppData\Local\{6930AE9B-1C3C-47B0-A42E-4FEC34399692}

2014-05-15 08:46 - 2014-05-15 08:46 - 00000000 ____D () C:\Users\Simone\AppData\Local\{D664C913-B675-4DCD-9335-34D1F37BD701}

2014-05-14 23:00 - 2014-05-06 12:55 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-14 23:00 - 2014-05-06 12:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-14 23:00 - 2014-05-06 11:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 20:46 - 2014-05-14 20:46 - 00000000 ____D () C:\Users\Simone\AppData\Local\{2B5FA21A-5F85-49D6-82D2-45C41F5E645E}

2014-05-14 14:32 - 2014-05-09 16:36 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-14 14:32 - 2014-05-09 16:34 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-14 14:32 - 2014-04-12 11:45 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 14:32 - 2014-04-12 11:45 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 14:32 - 2014-04-12 11:42 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 14:32 - 2014-04-12 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-14 14:32 - 2014-04-12 11:42 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 14:32 - 2014-04-12 11:41 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 14:32 - 2014-04-12 11:41 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 14:32 - 2014-03-25 11:39 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 14:32 - 2014-03-04 18:50 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-14 14:32 - 2014-03-04 18:50 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 14:32 - 2014-03-04 18:47 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 14:32 - 2014-03-04 18:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-14 14:32 - 2014-03-04 18:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-14 08:44 - 2014-05-14 08:45 - 00000000 ____D () C:\Users\Simone\AppData\Local\{855306F6-E2EB-4E5D-A582-AA201A956688}

2014-05-13 20:44 - 2014-05-13 20:44 - 00000000 ____D () C:\Users\Simone\AppData\Local\{26F02E6A-BF29-4F5F-B895-08E7361D9FC8}

2014-05-13 08:43 - 2014-05-13 08:43 - 00000000 ____D () C:\Users\Simone\AppData\Local\{A43E9A08-3BD7-469B-8CBB-349692B6A424}

2014-05-12 20:41 - 2014-05-12 20:42 - 00000000 ____D () C:\Users\Simone\AppData\Local\{8706B4BD-0DEA-480C-8CDB-55F17D89AA24}

2014-05-12 08:40 - 2014-05-12 08:40 - 00000000 ____D () C:\Users\Simone\AppData\Local\{9E91990A-8378-4AAD-96A2-F3F17812BF1A}

 

==================== One Month Modified Files and Folders =======

 

2099-06-07 18:04 - 2012-01-21 13:48 - 00001211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

2099-06-07 18:04 - 2012-01-21 13:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2099-06-07 18:03 - 2012-01-21 13:46 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

2099-06-07 18:01 - 2012-01-21 13:44 - 00001364 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2014-06-11 16:45 - 2014-06-11 16:44 - 00022839 _____ () C:\Users\Simone\Desktop\FRST.txt

2014-06-11 16:45 - 2012-10-20 22:13 - 00000000 ____D () C:\Program Files\FrostWire 5

2014-06-11 16:45 - 2011-12-26 14:48 - 00000000 ____D () C:\Users\Simone\AppData\Local\Temp

2014-06-11 16:44 - 2014-06-11 16:42 - 00000000 ____D () C:\FRST

2014-06-11 16:41 - 2014-06-11 16:41 - 01072640 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe

2014-06-11 16:14 - 2012-04-26 17:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-11 16:08 - 2014-06-09 21:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-11 16:06 - 2009-07-14 14:04 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-11 16:06 - 2009-07-14 14:04 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-11 16:02 - 2014-06-11 16:02 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-06-11 16:02 - 2014-06-11 16:02 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-06-11 15:56 - 2014-06-11 15:55 - 04686336 _____ () C:\Users\Simone\Desktop\RogueKiller.exe

2014-06-11 15:54 - 2012-08-16 09:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-11 13:41 - 2011-12-27 09:05 - 01640658 _____ () C:\Windows\WindowsUpdate.log

2014-06-11 13:13 - 2012-04-26 17:26 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-11 12:14 - 2012-10-21 08:51 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job

2014-06-11 12:14 - 2009-07-14 14:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-11 12:14 - 2009-07-14 14:09 - 00151228 _____ () C:\Windows\setupact.log

2014-06-11 12:11 - 2011-12-27 18:29 - 00356082 _____ () C:\Windows\PFRO.log

2014-06-11 12:11 - 2009-07-14 12:07 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-06-11 09:21 - 2014-06-11 09:21 - 00000000 ____D () C:\Users\Simone\AppData\Local\{BA09418F-A6E8-42E4-9707-E4BA24CA0390}

2014-06-10 20:19 - 2014-06-10 20:19 - 00000000 ____D () C:\Users\Simone\AppData\Local\{33C8B537-B8B2-4F12-B2CF-88D5BC3248AC}

2014-06-10 19:58 - 2014-05-26 14:02 - 00000000 ____D () C:\Users\Simone\Desktop\Affilorama

2014-06-10 08:19 - 2014-06-10 08:19 - 00000000 ____D () C:\Users\Simone\AppData\Local\{71B1B87B-40BF-43E5-927A-81B5EE1C7BFF}

2014-06-09 22:13 - 2013-11-14 12:24 - 00000000 ____D () C:\Program Files\SqueakyChocolate

2014-06-09 22:13 - 2011-12-27 09:01 - 00000000 ____D () C:\Windows\Panther

2014-06-09 22:11 - 2013-08-16 21:27 - 00000000 ____D () C:\ProgramData\eSafe

2014-06-09 21:35 - 2014-06-09 21:34 - 00209432 _____ () C:\Windows\RegBootClean.exe

2014-06-09 21:34 - 2014-04-12 18:09 - 00000000 ____D () C:\ProgramData\Trend Micro

2014-06-09 21:30 - 2014-06-09 21:30 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-09 21:30 - 2014-06-09 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-09 21:30 - 2014-06-09 21:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-09 21:30 - 2013-01-27 20:03 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\Malwarebytes

2014-06-09 21:30 - 2013-01-27 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-09 21:29 - 2014-06-09 21:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Simone\Desktop\mbam-setup-2.0.2.1012.exe

2014-06-09 21:10 - 2014-06-09 20:56 - 46392681 _____ () C:\Users\Simone\Desktop\spybot-2.3.exe

2014-06-09 16:12 - 2013-03-18 16:45 - 00000418 _____ () C:\Windows\Tasks\At1.job

2014-06-09 09:40 - 2014-06-09 09:40 - 00000000 ____D () C:\Users\Simone\AppData\Local\{DA7503AD-737B-4BEB-B785-72129D5D9A45}

2014-06-07 08:57 - 2014-06-07 08:56 - 00000000 ____D () C:\Users\Simone\AppData\Local\{26CDFE41-7FAF-4341-A8E9-8AE3290A8728}

2014-06-06 20:55 - 2014-06-06 20:55 - 00000000 ____D () C:\Users\Simone\AppData\Local\{C4A36EA9-ABEE-4540-83B1-DEFCE2DA5084}

2014-06-06 08:54 - 2014-06-06 08:54 - 00000000 ____D () C:\Users\Simone\AppData\Local\{E7565EEB-95DE-4E06-9FB4-8BD2F7B24ECD}

2014-06-05 20:45 - 2014-06-05 20:44 - 00000000 ____D () C:\Users\Simone\AppData\Local\{D86B1F07-DEA1-4064-AD25-9CC2EB28D412}

2014-06-05 08:44 - 2014-06-05 08:43 - 00000000 ____D () C:\Users\Simone\AppData\Local\{69F8581B-071C-4D89-BA58-A39514F08F21}

2014-06-04 20:43 - 2014-06-04 20:43 - 00000000 ____D () C:\Users\Simone\AppData\Local\{CAB65B9B-F8FD-438D-9619-7FEFD93AE2F3}

2014-06-04 08:42 - 2014-06-04 08:42 - 00000000 ____D () C:\Users\Simone\AppData\Local\{10CF2BEB-B4C6-4B17-9F89-A2F5B324A839}

2014-06-03 13:07 - 2014-06-03 13:07 - 00000000 ____D () C:\Users\Simone\AppData\Local\{5E333EDB-8070-4BC1-8538-FE95F9FBF169}

2014-06-02 20:47 - 2014-06-02 20:47 - 00000000 ____D () C:\Users\Simone\AppData\Local\{9CB4942A-6CB0-4D2C-9B24-E0499A97073A}

2014-06-02 08:47 - 2014-06-02 08:46 - 00000000 ____D () C:\Users\Simone\AppData\Local\{68FC84CE-7093-4BFC-9A07-E8B133E30628}

2014-06-01 20:39 - 2014-06-01 20:39 - 00000000 ____D () C:\Users\Simone\AppData\Local\{768AF2FE-99C9-4D7E-BBA7-830A536F419D}

2014-06-01 08:38 - 2014-06-01 08:38 - 00000000 ____D () C:\Users\Simone\AppData\Local\{A48AD9A4-24CA-4E0D-81F2-ACD85AD8D3CB}

2014-05-31 20:38 - 2014-05-31 20:38 - 00000000 ____D () C:\Users\Simone\AppData\Local\{37EAE648-4F08-48FC-A93A-C2F58DAA0C2C}

2014-05-31 08:38 - 2014-05-31 08:38 - 00000000 ____D () C:\Users\Simone\AppData\Local\{73F9FFE3-708A-4D68-826E-73467DA20D77}

2014-05-30 20:37 - 2014-05-30 20:37 - 00000000 ____D () C:\Users\Simone\AppData\Local\{9ECA1E48-C7A4-4CAF-9619-D31E463767DF}

2014-05-30 08:37 - 2014-05-30 08:37 - 00000000 ____D () C:\Users\Simone\AppData\Local\{612C44E1-D696-401E-B18F-EBDC184A94E8}

2014-05-29 20:36 - 2014-05-29 20:35 - 00000000 ____D () C:\Users\Simone\AppData\Local\{EC5C8F85-926D-40E5-8AA0-C08BAE7721AD}

2014-05-29 08:35 - 2014-05-29 08:34 - 00000000 ____D () C:\Users\Simone\AppData\Local\{E7AE1BBA-F69B-45A1-8E52-D7A9EF114FCA}

2014-05-28 20:33 - 2014-05-28 20:33 - 00000000 ____D () C:\Users\Simone\AppData\Local\{119441AA-8635-4294-B7A6-95C5C49DCF50}

2014-05-28 08:32 - 2014-05-28 08:32 - 00000000 ____D () C:\Users\Simone\AppData\Local\{1EA21265-1E01-4244-AFEF-E4827A82A2BA}

2014-05-27 20:31 - 2014-05-27 20:31 - 00000000 ____D () C:\Users\Simone\AppData\Local\{46D49176-683F-4918-9A0E-67CAD70E6CC8}

2014-05-27 08:30 - 2014-05-27 08:30 - 00000000 ____D () C:\Users\Simone\AppData\Local\{47890685-AF19-4B12-A8BB-29481E341A5C}

2014-05-26 19:32 - 2014-05-26 19:32 - 00000000 ____D () C:\Users\Simone\AppData\Local\{74DEBD6C-168F-4E27-A695-B49376BF7CFD}

2014-05-26 14:02 - 2013-06-20 23:41 - 00000000 ____D () C:\Users\Simone\Desktop\TranscribeMe

2014-05-26 07:31 - 2014-05-26 07:31 - 00000000 ____D () C:\Users\Simone\AppData\Local\{E26A6549-6F8A-4CE9-ACAC-6467848A5B38}

2014-05-25 09:15 - 2014-04-12 09:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-05-25 08:57 - 2014-05-25 08:57 - 00000000 ____D () C:\Users\Simone\AppData\Local\{ABBBC41B-1DDD-49E0-A58B-0138F5AD2B85}

2014-05-24 09:23 - 2014-05-24 09:22 - 00000000 ____D () C:\Users\Simone\AppData\Local\{373D69D1-33C0-443F-9C59-1C5CFCCFB181}

2014-05-23 20:19 - 2014-05-23 20:19 - 00000000 ____D () C:\Users\Simone\AppData\Local\{3CE4C36B-82CA-4DE7-9C84-9D6F54A82555}

2014-05-23 08:18 - 2014-05-23 08:18 - 00000000 ____D () C:\Users\Simone\AppData\Local\{E56C69EF-1280-4000-BA35-99459975E167}

2014-05-22 20:01 - 2014-05-22 20:01 - 00000000 ____D () C:\Users\Simone\AppData\Local\{33B0BBF1-E51D-43BC-9541-84842269080E}

2014-05-22 08:01 - 2014-05-22 08:01 - 00000000 ____D () C:\Users\Simone\AppData\Local\{C17FD5E3-DCCF-442D-82F7-FD018F1690B8}

2014-05-21 19:24 - 2014-05-21 19:23 - 00000000 ____D () C:\Users\Simone\AppData\Local\{6975D2F3-2F70-4B74-9438-EBFE8394C046}

2014-05-21 07:23 - 2014-05-21 07:23 - 00000000 ____D () C:\Users\Simone\AppData\Local\{98E06A90-44A6-4F13-966C-B5CE38DB8CC1}

2014-05-20 13:12 - 2014-05-20 13:12 - 00000000 ____D () C:\Users\Simone\AppData\Local\{F53D1731-80FA-4860-A1B6-93A9D49D4C02}

2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\Simone\AppData\Local\{49BF6ECA-B3A1-444D-8AFE-E32CC59FF64E}

2014-05-19 09:49 - 2014-05-19 09:49 - 00000000 ____D () C:\Users\Simone\AppData\Local\{D4037567-EE69-4D5B-B9C5-2C36748B7CF2}

2014-05-18 20:55 - 2014-05-18 20:55 - 00000000 ____D () C:\Users\Simone\AppData\Local\{A7E6E50D-83E7-4ED6-9F7E-01F4827B109E}

2014-05-18 08:54 - 2014-05-18 08:54 - 00000000 ____D () C:\Users\Simone\AppData\Local\{2CFD3FF3-89B7-4335-97E1-5CB7FCAE3FF5}

2014-05-17 20:53 - 2014-05-17 20:53 - 00000000 ____D () C:\Users\Simone\AppData\Local\{4EE1E4AC-B5C8-474E-B7BD-65D86E12A3D4}

2014-05-17 08:53 - 2014-05-17 08:53 - 00000000 ____D () C:\Users\Simone\AppData\Local\{BEB2591E-2167-4F23-A70B-64DF5142C648}

2014-05-16 20:57 - 2014-05-09 13:56 - 00000103 _____ () C:\Users\Simone\Desktop\Effective discipline.txt

2014-05-16 20:51 - 2014-05-16 20:51 - 00000000 ____D () C:\Users\Simone\AppData\Local\{2D6081ED-A91D-4500-AD52-CE813DAD84BD}

2014-05-16 16:54 - 2013-08-28 14:31 - 00000000 ____D () C:\Users\Simone\Desktop\TRA

2014-05-16 08:49 - 2014-05-16 08:49 - 00000000 ____D () C:\Users\Simone\AppData\Local\{B9BACBEE-CB10-4DDD-8716-7CBFE13FCD13}

2014-05-15 20:47 - 2014-05-15 20:47 - 00000000 ____D () C:\Users\Simone\AppData\Local\{6930AE9B-1C3C-47B0-A42E-4FEC34399692}

2014-05-15 20:17 - 2009-07-14 12:07 - 00000000 ____D () C:\Windows\rescache

2014-05-15 08:46 - 2014-05-15 08:46 - 00000000 ____D () C:\Users\Simone\AppData\Local\{D664C913-B675-4DCD-9335-34D1F37BD701}

2014-05-15 07:35 - 2014-05-06 22:19 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-14 23:13 - 2013-08-16 03:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-14 23:08 - 2012-01-05 21:08 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-14 20:54 - 2012-04-26 17:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-14 20:54 - 2011-12-26 20:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-05-14 20:46 - 2014-05-14 20:46 - 00000000 ____D () C:\Users\Simone\AppData\Local\{2B5FA21A-5F85-49D6-82D2-45C41F5E645E}

2014-05-14 12:37 - 2011-12-27 12:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-05-14 12:37 - 2011-12-27 12:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-05-14 08:45 - 2014-05-14 08:44 - 00000000 ____D () C:\Users\Simone\AppData\Local\{855306F6-E2EB-4E5D-A582-AA201A956688}

2014-05-13 20:44 - 2014-05-13 20:44 - 00000000 ____D () C:\Users\Simone\AppData\Local\{26F02E6A-BF29-4F5F-B895-08E7361D9FC8}

2014-05-13 08:43 - 2014-05-13 08:43 - 00000000 ____D () C:\Users\Simone\AppData\Local\{A43E9A08-3BD7-469B-8CBB-349692B6A424}

2014-05-12 20:42 - 2014-05-12 20:41 - 00000000 ____D () C:\Users\Simone\AppData\Local\{8706B4BD-0DEA-480C-8CDB-55F17D89AA24}

2014-05-12 18:52 - 2012-10-20 22:14 - 00000000 ____D () C:\Users\Simone\.frostwire5

2014-05-12 16:28 - 2012-11-17 19:36 - 00000000 ____D () C:\Users\Simone\Desktop\Movies

2014-05-12 08:40 - 2014-05-12 08:40 - 00000000 ____D () C:\Users\Simone\AppData\Local\{9E91990A-8378-4AAD-96A2-F3F17812BF1A}

2014-05-12 07:26 - 2014-06-09 21:29 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-06-09 21:29 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:25 - 2013-01-27 20:03 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

 

 

Some content of TEMP:

====================

C:\Users\Simone\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Simone\AppData\Local\Temp\LEGOBatman2.exe

C:\Users\Simone\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Simone\AppData\Local\Temp\uninst.exe

C:\Users\Simone\AppData\Local\Temp\Uninstall.exe

C:\Users\Simone\AppData\Local\Temp\_is7B56.exe

C:\Users\Simone\AppData\Local\Temp\{B30E87BD-935C-4251-AD62-6DFB0D37A7BD}-33.0.1750.146_33.0.1750.117_chrome_updater.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 12414-06-07 19:05

 

==================== End Of Log ============================

[Simone]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-06-2014

Ran by Simone at 2014-06-11 16:46:43

Running from C:\Users\Simone\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

 

==================== Installed Programs ======================

 

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

abc-CD (HKLM\...\abc-CD) (Version:  - )

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)

Adobe AIR (Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden

Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)

Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Cadenza Music Betrayal and Death Collectors 1.00 (HKLM\...\Cadenza Music Betrayal and Death Collectors 1.00) (Version: 1.00 - Games)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DAMN NFO Viewer 2.10.0031 RC3 (HKLM\...\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}) (Version: 2.10.0031 - DAMN)

Dark Tales 6- Edgar Allan Poes The Fall of the House of Usher CE (HKLM\...\Dark Tales 6- Edgar Allan Poes The Fall of the House of Usher CEFinal) (Version: Final - AllSmartGames)

DFX (HKLM\...\DFX) (Version: 11.109.0.0 - Power Technology)

Dream Chronicles 2 (HKLM\...\Dream Chronicles 2) (Version:  - )

Express Scribe (HKLM\...\Scribe) (Version: 5.57 - NCH Software)

Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)

Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)

HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden

Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)

Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LeapFrog Connect (HKLM\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)

LeapFrog Connect (Version: 5.3.0.18537 - LeapFrog) Hidden

LeapFrog LeapPad Explorer Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden

MAGIX Photo Manager MX (HKLM\...\MAGIX_{56579D0E-FBDC-4EFD-BC1A-B38556A319A9}) (Version: 9.0.1.243 - MAGIX AG)

MAGIX Photo Manager MX (Version: 9.0.1.243 - MAGIX AG) Hidden

MAGIX Screenshare (HKLM\...\MAGIX_{D14EDBF4-6059-44B0-B96E-4565FB1EC598}) (Version: 4.3.6.1987 - MAGIX AG)

MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 24.0 (x86 en-US) (HKLM\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

Muppet Babies (HKLM\...\{97866725-0588-4C6C-8FDC-0FC5E8FAF27F}) (Version:  - )

MyDSC2 (HKLM\...\{83d96ed0-98aa-4515-8ddc-816f3efdd104}) (Version: 1.0 - My Company Name)

neroxml (Version: 1.0.0 - Nero AG) Hidden

Office 15 Click-to-Run Extensibility Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden

PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RoboForm 7-9-2-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-2-5 - Siber Systems)

Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)

Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

TELSTRA PRE-PAID 4G USB (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)

Tomb Raider: Legend 1.1 (HKLM\...\Tomb Raider: Legend) (Version:  - )

Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden

Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)

Uninstall Helper (HKLM\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - W3i, LLC)

Uninstall Helper (Version: 2.0.1.0 - W3i, LLC) Hidden

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)

VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden

VLC Config Update 2009.10 (HKLM\...\vlcconfig_is1) (Version: 2009.10 - James M. Voelker)

VLC Foot Pedal 2009.10 (HKLM\...\VLC Foot Pedal_is1) (Version: 2009.10 - James M. Voelker)

VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)

WD Drive Utilities (HKLM\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)

WD Security (HKLM\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)

WD SmartWare (HKLM\...\{71980982-AEA1-480C-B748-0CB376DACDFE}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Restore Points  =========================

 

18-05-2014 09:38:23 Windows Backup

25-05-2014 09:31:02 Windows Backup

01-06-2014 09:30:50 Windows Backup

08-06-2014 09:30:34 Windows Backup

11-06-2014 01:31:44 Windows Update

60-40-1241 70:72:13 Windows Backup

60-40-1241 70:81:91 Installed DirectX

60-40-1241 70:82:30 Installed DirectX

 

==================== Hosts content: ==========================

 

2009-07-14 11:34 - 2009-06-11 07:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0008267A-4C78-42E5-A2AA-6A8DCA2232A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {0EDBADC6-DAA7-4E39-881A-83DD4F5848A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)

Task: {14A4C98E-2745-45BA-BC24-1ED6FC1D823F} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-05-09] (Trend Micro Inc.)

Task: {1CD17473-2D00-43E8-9F97-A7489B60B586} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-26] (Google Inc.)

Task: {20E3004F-8D66-4B2B-88A2-BE333A401DFF} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-11-10] (Siber Systems)

Task: {26DE73C3-3786-4D66-82CA-3A6B11A929C8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe

Task: {31E3A512-4D07-4381-87E2-F27996D34C46} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe

Task: {42CA391E-49EA-442C-9788-A1D52C623A9E} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNJLJMMLMLMJJPMOMCNLMLJMJLMCNLMJMIMKJCNGMLMJMKJCNJMJMJMHMIMOMMJMMLMIMMJOMJNJICMIMCNGMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMMKGJCJAJBJKJJNKJCMJNNICMJNDJCMKJBJ"

Task: {4BBAA582-C2E1-432D-8864-6E127F6CE01E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {A1AE51C5-E07F-475A-9AC1-678391560AF3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {B8B892A3-32C2-4B4E-83FF-A7677CAC6297} - System32\Tasks\At1 => C:\Windows\system32\wscrippt.exe <==== ATTENTION

Task: {CCFBC8A5-1B01-49C1-9FDB-E358ADED9273} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-26] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\At1.job => C:\Windows\system32\wscrippt.exe

Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-04-12 18:10 - 2013-01-16 19:20 - 00039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll

2014-04-12 18:10 - 2013-04-02 21:55 - 00543744 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll

2014-04-12 18:10 - 2013-01-16 19:25 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll

2014-04-12 18:10 - 2012-12-19 13:34 - 01098240 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll

2014-04-12 18:10 - 2013-01-16 19:20 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll

2013-07-24 08:58 - 2013-07-24 08:58 - 00179872 ____N () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll

2014-04-13 11:58 - 2013-12-18 23:03 - 00047784 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll

2014-04-13 08:49 - 2013-10-31 18:14 - 00077992 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll

2014-04-12 09:22 - 2014-04-15 01:55 - 00420008 _____ () C:\Program Files\Microsoft Office 15\ClientX86\StreamServer.dll

2013-01-11 02:15 - 2013-01-11 02:15 - 01131880 _____ () C:\Program Files\DFX\DFX.exe

2013-01-11 02:35 - 2013-01-11 02:35 - 00049512 _____ () C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll

2014-02-27 11:29 - 2013-05-25 02:46 - 00421632 _____ () C:\Program Files\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe

2014-02-27 11:29 - 2013-04-19 23:51 - 00440648 _____ () C:\Program Files\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe

2013-01-11 02:22 - 2013-01-11 02:22 - 00129384 _____ () C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe

2013-01-11 02:18 - 2013-01-11 02:18 - 00160616 _____ () C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe

2014-05-26 17:20 - 2014-05-14 09:10 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-26 17:20 - 2014-05-14 09:10 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-26 17:20 - 2014-05-14 09:10 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-26 17:20 - 2014-05-14 09:10 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-26 17:20 - 2014-05-14 09:10 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2013-07-23 20:56 - 2013-07-23 20:57 - 00821248 _____ () C:\Users\Simone\Desktop\tm_foot_pedal (1).exe

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\TEMP:090FB735

AlternateDataStreams: C:\ProgramData\TEMP:183A9046

AlternateDataStreams: C:\ProgramData\TEMP:1A15E356

AlternateDataStreams: C:\ProgramData\TEMP:26499772

AlternateDataStreams: C:\ProgramData\TEMP:2652902F

AlternateDataStreams: C:\ProgramData\TEMP:3595B780

AlternateDataStreams: C:\ProgramData\TEMP:4A8EB1C4

AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344

AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C

AlternateDataStreams: C:\ProgramData\TEMP:58E38390

AlternateDataStreams: C:\ProgramData\TEMP:689AB7E9

AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A

AlternateDataStreams: C:\ProgramData\TEMP:774C075A

AlternateDataStreams: C:\ProgramData\TEMP:8AED9359

AlternateDataStreams: C:\ProgramData\TEMP:90865A6D

AlternateDataStreams: C:\ProgramData\TEMP:98DFF516

AlternateDataStreams: C:\ProgramData\TEMP:A4E7D25F

AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C

AlternateDataStreams: C:\ProgramData\TEMP:B30D9A49

AlternateDataStreams: C:\ProgramData\TEMP:B9B3B2FE

AlternateDataStreams: C:\ProgramData\TEMP:D6255023

AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5

AlternateDataStreams: C:\ProgramData\TEMP:DBB979D4

AlternateDataStreams: C:\ProgramData\TEMP:DD04902E

AlternateDataStreams: C:\ProgramData\TEMP:E0888117

AlternateDataStreams: C:\ProgramData\TEMP:E5B07840

AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66

AlternateDataStreams: C:\ProgramData\TEMP:ECF3C50F

AlternateDataStreams: C:\ProgramData\TEMP:FB4262DE

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/09/2014 00:14:23 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (06/08/2014 07:04:00 PM) (Source: Windows Backup) (EventID: 4104) (User: )

Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Faulting module name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Exception code: 0xc0000005

Fault offset: 0x00008f65

Faulting process id: 0xb88

Faulting application start time: 0xuiWatchDog.exe0

Faulting application path: uiWatchDog.exe1

Faulting module path: uiWatchDog.exe2

Report Id: uiWatchDog.exe3

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Faulting module name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Exception code: 0xc0000005

Fault offset: 0x00008f65

Faulting process id: 0x1188

Faulting application start time: 0xuiWatchDog.exe0

Faulting application path: uiWatchDog.exe1

Faulting module path: uiWatchDog.exe2

Report Id: uiWatchDog.exe3

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Faulting module name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Exception code: 0xc0000005

Fault offset: 0x00008f65

Faulting process id: 0xaf0

Faulting application start time: 0xuiWatchDog.exe0

Faulting application path: uiWatchDog.exe1

Faulting module path: uiWatchDog.exe2

Report Id: uiWatchDog.exe3

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Faulting module name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Exception code: 0xc0000005

Fault offset: 0x00008f65

Faulting process id: 0x628

Faulting application start time: 0xuiWatchDog.exe0

Faulting application path: uiWatchDog.exe1

Faulting module path: uiWatchDog.exe2

Report Id: uiWatchDog.exe3

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Faulting module name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Exception code: 0xc0000005

Fault offset: 0x00008f65

Faulting process id: 0xcc0

Faulting application start time: 0xuiWatchDog.exe0

Faulting application path: uiWatchDog.exe1

Faulting module path: uiWatchDog.exe2

Report Id: uiWatchDog.exe3

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: WDContextMenuHandler.dll_unloaded, version: 0.0.0.0, time stamp: 0x505a9532

Exception code: 0xc0000005

Fault offset: 0x5cc8e78a

Faulting process id: 0x12a4

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Faulting module name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Exception code: 0xc0000005

Fault offset: 0x00008f65

Faulting process id: 0xb9c

Faulting application start time: 0xuiWatchDog.exe0

Faulting application path: uiWatchDog.exe1

Faulting module path: uiWatchDog.exe2

Report Id: uiWatchDog.exe3

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Faulting module name: uiWatchDog.exe, version: 3.0.0.1285, time stamp: 0x52551805

Exception code: 0xc0000005

Fault offset: 0x00008f65

Faulting process id: 0x1758

Faulting application start time: 0xuiWatchDog.exe0

Faulting application path: uiWatchDog.exe1

Faulting module path: uiWatchDog.exe2

Report Id: uiWatchDog.exe3

 

 

System errors:

=============

Error: (06/11/2014 00:14:08 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 12:12:30 PM on ‎11/‎06/‎2014 was unexpected.

 

Error: (06/11/2014 10:53:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The WD Backup service failed to start due to the following error: 

%%1053

 

Error: (06/11/2014 10:53:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the WD Backup service to connect.

 

Error: (06/11/2014 10:51:25 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:49:51 AM on ‎11/‎06/‎2014 was unexpected.

 

Error: (06/10/2014 04:25:22 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 4:24:03 PM on ‎10/‎06/‎2014 was unexpected.

 

Error: (06/09/2014 10:16:09 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk4\DR4.

 

Error: (06/09/2014 08:13:37 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (06/09/2014 08:05:16 AM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (06/09/2014 08:05:13 AM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (06/09/2014 08:05:09 AM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

Microsoft Office Sessions:

=========================

Error: (06/09/2014 00:14:23 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1050 J410 series\DriverStore\Pipeline\amd64\hpinkins8911.exe

 

Error: (06/08/2014 07:04:00 PM) (Source: Windows Backup) (EventID: 4104) (User: )

Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: uiWatchDog.exe3.0.0.128552551805uiWatchDog.exe3.0.0.128552551805c000000500008f65b882f5b3e4a7e38c060C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exebbecd515-aa3d-1f6f-ae1a-4487fc8af1fd

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: uiWatchDog.exe3.0.0.128552551805uiWatchDog.exe3.0.0.128552551805c000000500008f6511882f5b3e4a7a5954cbC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeb810ebfe-aa3d-1f6f-ae1a-4487fc8af1fd

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: uiWatchDog.exe3.0.0.128552551805uiWatchDog.exe3.0.0.128552551805c000000500008f65af02f5b3e4a77e34282C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeb5970916-aa3d-1f6f-ae1a-4487fc8af1fd

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: uiWatchDog.exe3.0.0.128552551805uiWatchDog.exe3.0.0.128552551805c000000500008f656282f5b3e4a75590bacC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeb30cf951-aa3d-1f6f-ae1a-4487fc8af1fd

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: uiWatchDog.exe3.0.0.128552551805uiWatchDog.exe3.0.0.128552551805c000000500008f65cc02f5b3e4a724fb7eaC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeb005c877-aa3d-1f6f-ae1a-4487fc8af1fd

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: explorer.exe6.1.7601.175674d6727a7WDContextMenuHandler.dll_unloaded0.0.0.0505a9532c00000055cc8e78a12a42f5b3e49cfc90792C:\Windows\explorer.exeWDContextMenuHandler.dllae8cb782-aa3d-1f6f-ae1a-4487fc8af1fd

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: uiWatchDog.exe3.0.0.128552551805uiWatchDog.exe3.0.0.128552551805c000000500008f65b9c2f5b3e4a6fcd2252C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exead7fb061-aa3d-1f6f-ae1a-4487fc8af1fd

 

Error: (01/01/1970 09:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: uiWatchDog.exe3.0.0.128552551805uiWatchDog.exe3.0.0.128552551805c000000500008f6517582f5b3e4a6d394e68C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeaaed3c0d-aa3d-1f6f-ae1a-4487fc8af1fd

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 71%

Total physical RAM: 1791.3 MB

Available physical RAM: 502.48 MB

Total Pagefile: 3582.61 MB

Available Pagefile: 1542.86 MB

Total Virtual: 2047.88 MB

Available Virtual: 1908.38 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.61 GB) (Free:283.89 GB) NTFS

Drive e: () (Fixed) (Total:74.52 GB) (Free:0.01 GB) NTFS

Drive j: (System Reserved) (Fixed) (Total:0.15 GB) (Free:0.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D024B751)

Partition 1: (Active) - (Size=157 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 13721371)

Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[Simone]

I would appreciate any help to rid my system of this pest. Thank you very much for any assistance!

[Simone]

Problem solved. I was contacted by another member who advised running AdwCleaner, which fixed the problem. Thanks so much!

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.