Jump to content

thedownedsystem

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Everything posted by thedownedsystem

  1. thedownedsystem
    I was able to get the last update after dealing with that error. Browsing seems a little slow still but it just may be me and this laptop is 4yrs old. Thank you again for your time, it is much appreciated!!!
  2. thedownedsystem
    Did a giant update of 198 items, and then the updates came ranges of 8-10 at a time and now I am getting this error when trying to get updates.
  3. thedownedsystem
    Slowly but surely, windows is updating.
  4. thedownedsystem
    Thank you for the information! When I try to browse this site I am now getting this question in the attached picture, and those icons are not loading. Could this be due to windows not being updated? Also, I turned on windows update and it has been on the "checking for updates" step for about 20 min now. Currently internet explorer version 8.0.7601 is installed.
  5. thedownedsystem
    Yep, seems so, thank you!!
  6. thedownedsystem
    Just curious, was this the only issue that prevented me from connecting to the internet? Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION. And this is the command that i needed to run? cmd: netsh winsock reset Or was there more to it? Thanks
  7. thedownedsystem
    Alright, internet successfully connected once I ran the fixlist so I was able to run the update on AdwCleaner and here are the logs for everything. ThankS! Fixlog.txt SvcRepair.log AdwCleanerR0.txt AdwCleanerS0.txt
  8. thedownedsystem
    Thanks for the reply! I am downloading these programs from another computer, so I will not be able to update the database for AdwCleaner on the infected computer, I hope this is ok for now....I will report back in a few minutes.
  9. thedownedsystem
    Those logs were created in safemode, here are the ones in regular boot mode. Addition.txt FRST.txt
  10. thedownedsystem
    Hello, I used Malwarebytes hyper scan and quarantined around 1100 items, rebooted, can't connect to the internet,can't get mbam.exe to load, I tried all the options in chameleon but it couldn't load the scan and also pops up saying "Application unable to start correctly 0xe06d7363 mbam.exe" Here is the logs, thank you in advance! Addition.txt FRST.txt
  11. thedownedsystem
    Yes everything seems fine now, CPU usage down soo much. May I ask what gave it away that it was a RootKit trojan? or is that a secret, haha. Thank you very much for the help this site is awesome!
  12. thedownedsystem
    So far so good. Fixlog.txt
  13. thedownedsystem
    Thanks for the quick response! mbar-log-2014-12-04 (13-35-31).txt system-log.txt Addition.txt FRST.txt
  14. thedownedsystem
    Recently the Powershell has stopped working dialog box has been randomly popping up and MB has been showing the searchnet.blinkxcore.com popping up also. Thank you for the help in advance! FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014 Ran by MattyIcE (administrator) on MATTYICE-PC on 04-12-2014 11:51:30 Running from C:\Users\MattyIcE\Desktop Loaded Profile: MattyIcE (Available profiles: MattyIcE & Mcx1-MATTYICE-PC) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\sarconsogulpe\sarconsogulpe.exe (SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe (SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2011-02-22] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-02-01] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-02-01] (Realtek Semiconductor) HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation) HKLM\...\Run: [] => [X] HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [703088 2010-12-17] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1545584 2011-01-10] () HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Tsgbbqkr] => C:\Windows\system32\regsvr32.exe /s "C:\Windows\TEMP\vnykjkw.dll" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\MountPoints2: {0ebbe119-f03c-11e0-bd17-5c260a64c3a2} - E:\setup.exe HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\MountPoints2: {21897062-b241-11e0-b079-5c260a64c3a2} - Q:\Autorun.exe HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION! AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-13] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\MattyIcE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-186085234-3646380278-2500217465-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-186085234-3646380278-2500217465-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\MattyIcE\AppData\Roaming\Mozilla\Firefox\Profiles\a4j32bcd.default-1417711747388 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\MattyIcE\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-11] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-11-11] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-11] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 sarconsogulpe; C:\Program Files\sarconsogulpe\sarconsogulpe.exe [266240 2014-10-06] () [File not signed] S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-13] (DT Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299152 2014-09-13] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 X6va005; \??\C:\Users\MattyIcE\AppData\Local\Temp\005B717.tmp [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 11:51 - 2014-12-04 11:52 - 00019626 _____ () C:\Users\MattyIcE\Desktop\FRST.txt 2014-12-04 11:51 - 2014-12-04 11:51 - 00000000 ____D () C:\FRST 2014-12-04 11:50 - 2014-12-04 11:50 - 02117632 _____ (Farbar) C:\Users\MattyIcE\Desktop\FRST64.exe 2014-12-04 11:49 - 2014-12-04 11:49 - 00000000 ____D () C:\Users\MattyIcE\Desktop\Old Firefox Data 2014-12-04 10:20 - 2014-12-04 10:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-04 10:20 - 2014-12-04 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-04 10:19 - 2014-12-04 10:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\MattyIcE\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-04 10:19 - 2014-12-04 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-04 10:19 - 2014-12-04 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-04 10:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-04 10:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-04 10:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-03 19:31 - 2014-12-03 19:31 - 05307235 _____ () C:\Users\MattyIcE\Desktop\FLLSB.zip 2014-12-03 02:03 - 2014-12-04 10:34 - 27444616 _____ () C:\Windows\SysWOW64\debug.log 2014-12-02 18:46 - 2014-12-02 18:46 - 05496982 _____ () C:\Users\MattyIcE\Desktop\Master Records.zip 2014-12-02 16:06 - 2014-12-04 10:34 - 00000000 ____D () C:\Program Files (x86)\mediainformationaccess 2014-12-01 19:30 - 2014-12-01 19:30 - 00000218 _____ () C:\Users\MattyIcE\AppData\Local\recently-used.xbel 2014-11-30 23:58 - 2014-12-02 01:41 - 00000293 _____ () C:\Users\MattyIcE\Desktop\notes dec1.txt 2014-11-30 23:48 - 2014-11-30 23:48 - 00940416 _____ () C:\Users\MattyIcE\Desktop\Msiege_Starbucks RVC Missing Items.xlsx 2014-11-30 23:25 - 2014-11-30 23:25 - 00941681 _____ () C:\Users\MattyIcE\Desktop\new starbucks.xlsx 2014-11-30 22:48 - 2014-11-30 22:48 - 00079335 _____ () C:\Users\MattyIcE\Desktop\Msiegel_Catalina BeerWine missing items.xlsx 2014-11-30 21:49 - 2014-11-30 21:49 - 00078267 _____ () C:\Users\MattyIcE\Desktop\Msiegel_Plunge BeerWine missing items.xlsx 2014-11-30 20:51 - 2014-11-30 20:51 - 00157697 _____ () C:\Users\MattyIcE\Desktop\TUSSP Beer and Wine- Catalina and Plunge RVCs.zip 2014-11-30 18:17 - 2014-11-30 18:42 - 00000000 ____D () C:\Users\MattyIcE\Desktop\TUSSP - MIC, SLU, 2014-11-28 12:33 - 2014-11-28 12:34 - 06748508 _____ () C:\Users\MattyIcE\Desktop\TUSSP - MIC, SLU,.zip 2014-11-26 03:20 - 2014-11-26 03:20 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-11-25 21:14 - 2014-11-25 21:14 - 02294693 _____ () C:\Users\MattyIcE\Desktop\HMSHost Simphony Conversion - Sacramento Intl Airport - 128.zip 2014-11-24 11:46 - 2014-11-27 00:35 - 00002590 _____ () C:\Users\MattyIcE\Desktop\rvc n zones.txt 2014-11-24 11:35 - 2014-11-24 11:35 - 00290389 _____ () C:\Users\MattyIcE\Desktop\IMPORTANT! Programming This Week.zip 2014-11-20 14:36 - 2014-11-24 12:11 - 00000145 _____ () C:\Users\MattyIcE\Desktop\FINALBILLS.txt 2014-11-20 10:20 - 2014-11-20 10:20 - 01358088 _____ () C:\Users\MattyIcE\Desktop\Outlook.com.zip 2014-11-20 10:20 - 2014-11-20 10:20 - 00000000 ____D () C:\Users\MattyIcE\Desktop\Outlook.com 2014-11-19 14:52 - 2014-11-19 14:52 - 00689833 _____ () C:\Users\MattyIcE\Desktop\STTRZ changes.zip 2014-11-18 18:36 - 2014-11-18 18:36 - 00102820 _____ () C:\Users\MattyIcE\Desktop\adfasdfsdafsf.xlsx 2014-11-17 21:24 - 2014-11-17 21:24 - 00674486 _____ () C:\Users\MattyIcE\Desktop\STTRZ - Bluewater Restaurant - Food Item Workbook - 1112014.xlsx 2014-11-14 15:38 - 2014-11-14 15:38 - 00675600 _____ () C:\Users\MattyIcE\Desktop\PDXNH - food, beer & wine, liquor.zip 2014-11-13 10:54 - 2014-11-13 16:21 - 00000000 ____D () C:\Users\MattyIcE\Desktop\bosbb11_13 2014-11-13 10:53 - 2014-11-13 10:53 - 00172529 _____ () C:\Users\MattyIcE\Desktop\Status Update.zip 2014-11-12 10:48 - 2014-11-12 10:48 - 01046156 _____ () C:\Users\MattyIcE\Desktop\PHXST- Greatroom- Food Menu Item Workbook- FINAL SW10072014.xlsx 2014-11-12 10:36 - 2014-11-12 10:36 - 00441653 _____ () C:\Users\MattyIcE\Desktop\BOSCO Starbucks FINAL 10-17-14.xlsx 2014-11-11 01:00 - 2014-11-11 01:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 15:58 - 2014-11-10 15:58 - 03410179 _____ () C:\Users\MattyIcE\Desktop\OMAWE.zip 2014-11-10 15:58 - 2014-11-10 12:58 - 00110806 _____ () C:\Users\MattyIcE\Desktop\OMAWE - All Outlets -BeerWineWorkbook - 12-19-13 FINAL 1226 SW.xlsx 2014-11-10 15:58 - 2014-11-10 12:58 - 00104085 _____ () C:\Users\MattyIcE\Desktop\OMAWE - All Outlets LiquorCocktailSignatureDrinkWorkbook - 12-20-13 FINAL MM.xlsx 2014-11-10 12:00 - 2014-11-10 15:20 - 00000000 ____D () C:\Users\MattyIcE\Desktop\1110 Programming 2014-11-10 12:00 - 2014-11-10 12:00 - 00000000 __SHD () C:\Users\MattyIcE\AppData\Local\EmieUserList 2014-11-10 12:00 - 2014-11-10 12:00 - 00000000 __SHD () C:\Users\MattyIcE\AppData\Local\EmieSiteList 2014-11-10 11:58 - 2014-11-10 11:58 - 01248460 _____ () C:\Users\MattyIcE\Desktop\1110 Programming.zip 2014-11-07 10:02 - 2014-11-07 10:02 - 00712702 _____ () C:\Users\MattyIcE\Desktop\NYCLM.zip 2014-11-04 10:10 - 2014-11-04 10:10 - 00000534 _____ () C:\Users\MattyIcE\Desktop\nov2.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 11:47 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-04 11:47 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-04 11:20 - 2012-10-26 14:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-04 10:51 - 2009-07-14 00:13 - 00876042 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-04 10:50 - 2011-07-05 21:37 - 01553058 _____ () C:\Windows\WindowsUpdate.log 2014-12-04 10:49 - 2011-07-05 20:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-12-04 10:49 - 2011-07-05 20:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-12-04 10:49 - 2011-07-05 20:06 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn 2014-12-04 10:47 - 2014-09-29 04:37 - 00007193 _____ () C:\Windows\setupact.log 2014-12-04 10:47 - 2011-07-05 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-04 10:47 - 2010-11-20 22:47 - 00345122 _____ () C:\Windows\PFRO.log 2014-12-04 10:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-04 10:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web 2014-12-04 10:34 - 2014-10-07 14:38 - 00000000 ____D () C:\Program Files\biforder 2014-12-04 10:34 - 2013-03-01 20:44 - 00000000 ____D () C:\Windows\Hewlett-Packard 2014-12-04 10:33 - 2011-07-05 20:07 - 00000000 ____D () C:\Temp 2014-12-04 10:20 - 2014-10-07 14:48 - 00000112 _____ () C:\ProgramData\VWq3nbxgu.dat 2014-12-04 09:14 - 2012-02-01 10:38 - 00000000 ____D () C:\Users\MattyIcE\AppData\Roaming\Skype 2014-12-04 00:07 - 2014-10-17 21:34 - 00000000 ____D () C:\Users\MattyIcE\AppData\Local\Battle.net 2014-12-03 16:37 - 2012-02-03 22:18 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-12-03 10:51 - 2014-10-10 07:26 - 00000000 ____D () C:\Users\MattyIcE\Desktop\Microse 2014-12-03 00:22 - 2014-10-17 21:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-12-02 01:43 - 2011-10-10 16:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-12-01 17:54 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-11-30 18:19 - 2014-10-04 01:03 - 00000000 ____D () C:\Users\MattyIcE\AppData\Local\CrashDumps 2014-11-26 03:20 - 2012-10-26 14:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-26 03:20 - 2012-06-04 22:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 03:20 - 2011-07-14 14:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-25 21:15 - 2014-11-03 09:59 - 00000000 ____D () C:\Users\MattyIcE\Desktop\Oracle Workbooks 2014-11-24 11:19 - 2014-10-14 10:26 - 00000000 __SHD () C:\Users\MattyIcE\Documents\cache 2014-11-24 10:08 - 2014-10-14 10:26 - 00000000 ____D () C:\Users\MattyIcE\AppData\Roaming\webex 2014-11-12 03:32 - 2012-12-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service Files to move or delete: ==================== C:\ProgramData\VWq3nbxgu.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 13:03 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014 Ran by MattyIcE at 2014-12-04 11:52:30 Running from C:\Users\MattyIcE\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Alienware) AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Alienware) Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.) Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden Alienware M14x Manual (HKLM-x32\...\InstallShield_{B90A9452-2233-4B2A-8277-5DC4FEC239CB}) (Version: 1.0.1.0 - Alienware Corp.) Alienware M14x Manual (Version: 1.0.1.0 - Alienware Corp.) Hidden Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.31.1.8C - ) Alienware On-Screen Display (x32 Version: 0.31.1.8C - ) Hidden Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Banctec Service Agreement (HKLM-x32\...\{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}) (Version: 2.0.0 - Dell Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCNA_Security_English (HKLM-x32\...\CCNA_Security_English) (Version: 4.0.0.2 - Cisco Networking Academy Curriculum) Cisco Networking Academy curriculum 4.0 (HKLM-x32\...\Cisco Networking Academy curriculum_is1) (Version: - Cisco Systems, Inc.) Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version: - Cisco Systems, Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DiskAid 4.53 (HKLM-x32\...\DiskAid_is1) (Version: 4.53 - DigiDNA) EA Download Manager (HKLM-x32\...\EADM) (Version: 7.2.0.32 - Electronic Arts, Inc.) EMCClient (HKLM-x32\...\{B5AC4C21-8968-4912-8BDE-F89B92485EA2}) (Version: 1.00.0000 - MICROS) EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) GDR 1617 for SQL Server 2008 R2 (KB2494088) (HKLM-x32\...\KB2494088) (Version: 10.50.1617.0 - Microsoft Corporation) GunboundIS (HKLM-x32\...\GunboundIS_is1) (Version: - Softnyx co.,ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden Integrated Webcam Live! Central (HKLM-x32\...\Integrated Webcam Live! Central) (Version: 2.00.44 - Creative Technology Ltd) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation) iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{362A3FDF-B12E-436A-9097-1B795A9FFCC5}) (Version: 10.50.1617.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{76866BE3-B2C7-40BB-B267-927792AED0C3}) (Version: 10.50.1617.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation) Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NBA 2K12 (HKLM-x32\...\{04E9B02B-4F85-4B73-B865-27B9B8B35877}) (Version: 1.0.0 - 2K Sports) NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden PremiumSoft Navicat 10.0 for SQL Server (HKLM-x32\...\PremiumSoft Navicat for SQL Server_is1) (Version: - PremiumSoft CyberTech Ltd.) QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6291 - Realtek Semiconductor Corp.) Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Rusty Hearts (HKLM-x32\...\Steam App 36630) (Version: - ) SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega) SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden Simple Port Tester (HKLM-x32\...\Simple Port Tester2.1.5) (Version: 2.1.5 - PcWinTech.com) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden SQL Server 2008 R2 Common Files (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Services (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Shared (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Management Studio (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SUPER © v2013.build.58+Recorder (2013/11/13) version v2013.buil (HKLM-x32\...\{8E2A1F92-9B4F-4DF9-8459-5C06B0813C69}_is1) (Version: v2013.build.58+Recorder - eRightSoft) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.19.0 - Synaptics Incorporated) Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer) Trine 2 (HKLM-x32\...\Trine 2_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.) VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions) VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation) Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation) WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.17128 - Blizzard Entertainment) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-186085234-3646380278-2500217465-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? ==================== Restore Points ========================= 09-11-2014 00:06:07 Scheduled Checkpoint 16-11-2014 18:12:36 Scheduled Checkpoint 24-11-2014 14:38:57 Scheduled Checkpoint 01-12-2014 20:33:43 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3E9DA57D-FE42-4164-87CF-C5997CFBFFF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {43358864-8E13-41F5-A403-2B94CC3D1575} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MATTYICE-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation) Task: {7241C2DD-A958-4F60-9D61-A491E39A48F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-07-05 21:15 - 2014-09-13 18:48 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2013-02-09 09:57 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-18 09:57 - 2014-10-06 10:58 - 00266240 _____ () C:\Program Files\sarconsogulpe\sarconsogulpe.exe 2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2014-09-27 16:52 - 2010-12-17 09:27 - 00703088 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe 2011-07-05 21:18 - 2011-05-03 21:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-07-05 20:06 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE 2011-01-10 16:16 - 2011-01-10 16:16 - 01545584 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe 2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-07-05 21:15 - 2014-09-13 18:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2009-12-18 11:07 - 2009-12-18 11:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll 2012-11-14 03:34 - 2012-11-14 03:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\78ce3d0cfeeee2a8c5b5f748ad9250bf\IsdiInterop.ni.dll 2011-07-05 19:52 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2014-11-11 01:00 - 2014-11-11 01:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: Integrated Webcam Live! Central => "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-186085234-3646380278-2500217465-500 - Administrator - Disabled) Guest (S-1-5-21-186085234-3646380278-2500217465-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-186085234-3646380278-2500217465-1013 - Limited - Enabled) MattyIcE (S-1-5-21-186085234-3646380278-2500217465-1002 - Administrator - Enabled) => C:\Users\MattyIcE Mcx1-MATTYICE-PC (S-1-5-21-186085234-3646380278-2500217465-1005 - Limited - Enabled) => C:\Users\Mcx1-MATTYICE-PC ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/04/2014 10:47:55 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2014 10:35:24 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2014 10:34:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Exception code: 0xc0000005 Fault offset: 0x0018be9c Faulting process id: 0x2698 Faulting application start time: 0xupdater.exe0 Faulting application path: updater.exe1 Faulting module path: updater.exe2 Report Id: updater.exe3 Error: (12/04/2014 10:34:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Exception code: 0xc0000005 Fault offset: 0x0018be9c Faulting process id: 0x1b70 Faulting application start time: 0xupdater.exe0 Faulting application path: updater.exe1 Faulting module path: updater.exe2 Report Id: updater.exe3 Error: (12/04/2014 10:34:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Exception code: 0xc0000005 Fault offset: 0x0018be9c Faulting process id: 0x2570 Faulting application start time: 0xupdater.exe0 Faulting application path: updater.exe1 Faulting module path: updater.exe2 Report Id: updater.exe3 Error: (12/04/2014 10:34:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Exception code: 0xc0000005 Fault offset: 0x0018be9c Faulting process id: 0x22c4 Faulting application start time: 0xupdater.exe0 Faulting application path: updater.exe1 Faulting module path: updater.exe2 Report Id: updater.exe3 Error: (12/04/2014 09:53:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Exception code: 0xc0000005 Fault offset: 0x0018be9c Faulting process id: 0x25f8 Faulting application start time: 0xupdater.exe0 Faulting application path: updater.exe1 Faulting module path: updater.exe2 Report Id: updater.exe3 Error: (12/04/2014 09:53:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e Exception code: 0xc0000005 Fault offset: 0x0018be9c Faulting process id: 0x22f8 Faulting application start time: 0xupdater.exe0 Faulting application path: updater.exe1 Faulting module path: updater.exe2 Report Id: updater.exe3 Error: (12/04/2014 09:51:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2014 09:18:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/04/2014 10:50:40 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (12/04/2014 10:49:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (12/04/2014 10:37:13 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (12/04/2014 10:36:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (12/04/2014 09:52:06 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (12/04/2014 09:51:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (12/04/2014 09:20:38 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (12/04/2014 09:20:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (12/04/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (12/03/2014 09:42:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel® Core i5-2410M CPU @ 2.30GHz Percentage of memory in use: 50% Total physical RAM: 10187.86 MB Available physical RAM: 5069.7 MB Total Pagefile: 20373.9 MB Available Pagefile: 14147.47 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:446.99 GB) (Free:170.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BEF02D01) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=18.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=447 GB) - (Type=07 NTFS) ==================== End Of Log ============================ MB daily protection Log: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 12/4/2014 10:20:45 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Starting, Protection, 12/4/2014 10:20:45 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Started, Protection, 12/4/2014 10:20:46 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Starting, Update, 12/4/2014 10:20:50 AM, SYSTEM, MATTYICE-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.3.1, Protection, 12/4/2014 10:21:20 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Started, Detection, 12/4/2014 10:21:27 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 55814, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:21:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 55814, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:21:30 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 55874, Outbound, C:\Windows\SysWOW64\dllhost.exe, Update, 12/4/2014 10:21:38 AM, SYSTEM, MATTYICE-PC, Manual, Malware Database, 2014.11.20.6, 2014.12.4.7, Detection, 12/4/2014 10:21:39 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 55936, Outbound, C:\Windows\SysWOW64\dllhost.exe, Protection, 12/4/2014 10:21:41 AM, SYSTEM, MATTYICE-PC, Protection, Refresh, Starting, Protection, 12/4/2014 10:21:41 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/4/2014 10:21:41 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/4/2014 10:21:47 AM, SYSTEM, MATTYICE-PC, Protection, Refresh, Success, Protection, 12/4/2014 10:21:47 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Starting, Protection, 12/4/2014 10:21:48 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Started, Detection, 12/4/2014 10:21:50 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 56184, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:21:50 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 56184, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:22:15 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 56820, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:22:19 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 57086, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:22:30 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 57645, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:22:45 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 58177, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:22:48 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 58252, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:22:56 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 58446, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:23:11 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 58694, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:23:38 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 59222, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:23:56 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 60006, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:24:13 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 60473, Outbound, C:\Windows\SysWOW64\dllhost.exe, Detection, 12/4/2014 10:24:55 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 60873, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 10:24:55 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 60874, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 10:24:55 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 60873, Outbound, C:\Windows\SysWOW64\svchost.exe, Scan, 12/4/2014 10:33:43 AM, SYSTEM, MATTYICE-PC, Manual, Start:12/4/2014 10:23:09 AM, Duration:10 min 18 sec, Threat Scan, Cancelled, 3 Malware Detections, 32 Non-Malware Detections, Detection, 12/4/2014 10:34:11 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, File, PUP.Optional.Adpeak, C:\Program Files (x86)\mediainformationaccess\updater.exe, Quarantine Failed, 5, Access is denied. , [429576e86d0f7abc196120d15ea36d93] Detection, 12/4/2014 10:34:18 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, File, PUP.Optional.Adpeak, C:\Program Files (x86)\mediainformationaccess\updater.exe, Quarantine Failed, 5, Access is denied. , [429576e86d0f7abc196120d15ea36d93] Detection, 12/4/2014 10:34:24 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, File, PUP.Optional.Adpeak, C:\Program Files (x86)\mediainformationaccess\updater.exe, Quarantine Failed, 5, Access is denied. , [429576e86d0f7abc196120d15ea36d93] Protection, 12/4/2014 10:35:17 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Starting, Protection, 12/4/2014 10:35:17 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Started, Protection, 12/4/2014 10:35:18 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Starting, Protection, 12/4/2014 10:36:06 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Started, Detection, 12/4/2014 10:40:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53153, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:40:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53153, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:40:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53154, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:40:34 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53299, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:40:34 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53300, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:43:48 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58746, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:43:48 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58745, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:43:53 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58871, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 10:43:53 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58872, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 10:44:39 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59884, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 10:44:39 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59885, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 10:45:51 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62259, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:45:51 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62260, Outbound, C:\Windows\SysWOW64\rundll32.exe, Scan, 12/4/2014 10:45:55 AM, SYSTEM, MATTYICE-PC, Manual, Start:12/4/2014 10:38:15 AM, Duration:6 min 56 sec, Hyper Scan, Completed, 0 Malware Detections, 19 Non-Malware Detections, Detection, 12/4/2014 10:46:06 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62680, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:46:06 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62681, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 10:46:06 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62680, Outbound, C:\Windows\SysWOW64\rundll32.exe, Protection, 12/4/2014 10:47:53 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Starting, Protection, 12/4/2014 10:47:54 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Started, Protection, 12/4/2014 10:47:54 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Starting, Protection, 12/4/2014 10:48:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Started, Detection, 12/4/2014 10:57:31 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61438, Outbound, C:\Windows\SysWOW64\regsvr32.exe, Detection, 12/4/2014 10:57:31 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61439, Outbound, C:\Windows\SysWOW64\regsvr32.exe, Detection, 12/4/2014 10:57:31 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61438, Outbound, C:\Windows\SysWOW64\regsvr32.exe, Detection, 12/4/2014 11:13:57 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59282, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 11:13:57 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59283, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 11:14:01 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59433, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 11:14:01 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59434, Outbound, C:\Windows\SysWOW64\svchost.exe, Scan, 12/4/2014 11:17:25 AM, SYSTEM, MATTYICE-PC, Manual, Start:12/4/2014 11:10:34 AM, Duration:6 min 51 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Detection, 12/4/2014 11:31:25 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56891, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 11:31:25 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56892, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 11:31:25 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56891, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 11:48:34 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 55083, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 11:48:34 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 55084, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 12/4/2014 12:02:15 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59146, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 12:02:15 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59147, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 12:06:52 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51341, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 12:06:53 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51341, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 12:06:53 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51342, Outbound, C:\Windows\SysWOW64\svchost.exe, Detection, 12/4/2014 12:10:13 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.77.96.140, www.favdownloads.com, 56769, Outbound, C:\Windows\SysWOW64\regsvr32.exe, Detection, 12/4/2014 12:10:13 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.77.96.140, www.favdownloads.com, 56769, Outbound, C:\Windows\SysWOW64\regsvr32.exe, Detection, 12/4/2014 12:10:14 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.77.96.140, www.favdownloads.com, 56768, Outbound, C:\Windows\SysWOW64\regsvr32.exe, (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.