Jump to content
alwaysthinking

"Successfully blocked access to a potentially malicious website"?

Recommended Posts

I'm saying that the current scans are not finding anything more.  Please post the Protection Logs from the past couple of days and we'll see what it has blocked.

Share this post


Link to post
Share on other sites

You can install it if you really have to but If at all possible I'd recommend trying to run without it as its probably the #1 method used to infect a computer.

Share this post


Link to post
Share on other sites
2013/09/03 12:00:06 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2013/09/03 12:00:13 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.02.05 to version v2013.09.03.06
2013/09/03 12:00:13 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2013/09/03 12:00:13 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/03 12:00:13 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/03 12:00:15 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2013/09/03 12:00:15 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/03 12:00:17 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2013/09/03 12:12:01 -0500 TIM-PC Timothy IP-BLOCK 121.10.115.96 (Type: incoming, Port: 17358, Process: svchost.exe)
2013/09/03 12:12:01 -0500 TIM-PC Timothy IP-BLOCK 121.10.115.96 (Type: incoming, Port: 17358, Process: svchost.exe)
2013/09/03 17:42:07 -0500 TIM-PC Timothy IP-BLOCK 109.230.220.178 (Type: incoming, Port: 5060, Process: svchost.exe)
2013/09/03 17:42:07 -0500 TIM-PC Timothy IP-BLOCK 109.230.220.178 (Type: incoming, Port: 5060, Process: svchost.exe)
2013/09/03 18:07:39 -0500 TIM-PC Timothy MESSAGE Stopping protection
2013/09/03 18:07:39 -0500 TIM-PC Timothy MESSAGE Protection stopped successfully
2013/09/03 18:07:40 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/03 18:07:40 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/03 23:43:30 -0500 TIM-PC Timothy MESSAGE Starting protection
2013/09/03 23:43:33 -0500 TIM-PC Timothy MESSAGE Protection started successfully
2013/09/03 23:43:33 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/03 23:43:35 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2013/09/03 23:58:42 -0500 TIM-PC Timothy MESSAGE Stopping protection
2013/09/03 23:58:42 -0500 TIM-PC Timothy MESSAGE Protection stopped successfully
2013/09/03 23:58:43 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/03 23:58:43 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
 
 
2013/09/04 00:00:32 -0500 TIM-PC Timothy MESSAGE Starting protection
2013/09/04 00:00:32 -0500 TIM-PC Timothy MESSAGE Protection started successfully
2013/09/04 00:00:33 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/04 00:00:34 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2013/09/04 12:07:19 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2013/09/04 12:07:26 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.03.06 to version v2013.09.04.07
2013/09/04 12:07:26 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2013/09/04 12:07:26 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/04 12:07:27 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/04 12:07:48 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2013/09/04 12:07:48 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/04 12:07:49 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
 
 
2013/09/05 12:15:27 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2013/09/05 12:15:34 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.04.07 to version v2013.09.05.07
2013/09/05 12:15:34 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2013/09/05 12:15:34 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/05 12:15:34 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/05 12:15:59 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2013/09/05 12:15:59 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/05 12:16:01 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2013/09/05 15:26:59 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.150 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/05 21:38:37 -0500 TIM-PC Timothy MESSAGE Stopping protection
2013/09/05 21:38:37 -0500 TIM-PC Timothy MESSAGE Protection stopped successfully
2013/09/05 21:38:38 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/05 21:38:38 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/05 22:01:09 -0500 TIM-PC Timothy MESSAGE Starting protection
2013/09/05 22:01:09 -0500 TIM-PC Timothy MESSAGE Protection started successfully
2013/09/05 22:01:10 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/05 22:01:11 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
 
 
2013/09/06 11:57:02 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2013/09/06 11:57:10 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.05.07 to version v2013.09.06.08
2013/09/06 11:57:10 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2013/09/06 11:57:10 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/06 11:57:10 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/06 11:57:39 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2013/09/06 11:57:39 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/06 11:57:41 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2013/09/06 20:25:25 -0500 TIM-PC Timothy IP-BLOCK 80.82.64.229 (Type: incoming, Port: 19, Process: svchost.exe)
2013/09/06 20:39:29 -0500 TIM-PC Timothy IP-BLOCK 222.186.15.159 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/09/06 23:15:42 -0500 TIM-PC Timothy MESSAGE Stopping protection
2013/09/06 23:15:42 -0500 TIM-PC Timothy MESSAGE Protection stopped successfully
2013/09/06 23:15:43 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/06 23:15:43 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
 

 

2013/09/07 11:53:51 -0500 TIM-PC Timothy MESSAGE Starting protection
2013/09/07 11:53:51 -0500 TIM-PC Timothy MESSAGE Protection started successfully
2013/09/07 11:53:52 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/07 11:53:54 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
 
 
2013/09/08 07:56:07 -0500 TIM-PC Timothy IP-BLOCK 222.186.26.22 (Type: incoming, Port: 3306, Process: svchost.exe)
2013/09/08 08:38:20 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.96 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/08 14:09:51 -0500 TIM-PC Timothy IP-BLOCK 94.102.52.185 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/08 14:14:00 -0500 TIM-PC Timothy IP-BLOCK 94.102.52.185 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/08 15:56:43 -0500 TIM-PC Timothy IP-BLOCK 94.102.56.210 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/08 16:15:43 -0500 TIM-PC Timothy IP-BLOCK 94.102.52.241 (Type: incoming, Port: 19, Process: svchost.exe)
2013/09/08 20:52:20 -0500 TIM-PC Timothy IP-BLOCK 94.102.56.210 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/08 20:52:20 -0500 TIM-PC Timothy IP-BLOCK 94.102.56.210 (Type: incoming, Port: 53, Process: svchost.exe)
 
 
2013/09/09 12:08:05 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2013/09/09 12:08:28 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.06.08 to version v2013.09.09.06
2013/09/09 12:08:28 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2013/09/09 12:08:28 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/09 12:08:30 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/09 12:10:41 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2013/09/09 12:10:41 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/09 12:10:44 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
 

Share this post


Link to post
Share on other sites

Those are all incoming IP blocks and very randomly.   I would have to guess that you're probably running some type of software like Skype, or Dropbox that makes contact with these networks on occasion.

 

 

 

STEP 1

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Restore Firefox Default Settings Without Uninstalling It

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera


 

 

 

STEP 2

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

 

 

Share this post


Link to post
Share on other sites

Were you able to reset your browsers?

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then run MBAM and check for updates and run a Quick Scan and post back the new log.

 

 

 

Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Share this post


Link to post
Share on other sites

Yes, I was able to reset my browsers.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.11.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Timothy :: TIM-PC [administrator]
 
Protection: Disabled
 
9/11/2013 1:26:58 PM
mbam-log-2013-09-11 (13-26-58).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223557
Time elapsed: 1 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 

2013/09/11 11:36:55 -0500 TIM-PC Timothy MESSAGE Starting protection
2013/09/11 11:36:56 -0500 TIM-PC Timothy MESSAGE Protection started successfully
2013/09/11 11:36:56 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/11 11:36:57 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2013/09/11 12:12:30 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2013/09/11 12:12:37 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.10.08 to version v2013.09.11.06
2013/09/11 12:12:37 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2013/09/11 12:12:37 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/11 12:12:38 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/11 12:12:40 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2013/09/11 12:12:40 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/11 12:12:41 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2013/09/11 13:19:20 -0500 TIM-PC Timothy MESSAGE Stopping protection
2013/09/11 13:19:20 -0500 TIM-PC Timothy MESSAGE Protection stopped successfully
2013/09/11 13:19:20 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2013/09/11 13:19:21 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2013/09/11 13:26:51 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2013/09/11 13:26:53 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2013/09/11 13:31:01 -0500 TIM-PC Timothy MESSAGE Starting protection
2013/09/11 13:31:01 -0500 TIM-PC Timothy MESSAGE Protection started successfully
2013/09/11 13:31:02 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2013/09/11 13:31:03 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
 
 
 
 
 
 

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader XI  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log``````````````````````
 

Share this post


Link to post
Share on other sites

Please update your avast antivirus and do a Full System scan and let me know if it finds anything or not.

 

How is the computer running now otherwise?  Are there still any issues or signs of an infection?

Share this post


Link to post
Share on other sites

At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

It will also reset your System Restore by flushing out previous restore points and create a new restore point.

It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

Remove the rest of the tools used:

Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

AdwCleaner Removal:

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall
If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Share this post


Link to post
Share on other sites

Should I turn off my anti-virus programs that I'm using before running the scans? Like if I am using Malwarebytes and Avast, I should turn them both off?

Share this post


Link to post
Share on other sites
RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Timothy [Admin rights]

Mode : Scan -- Date : 03/07/2014 15:29:49

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 5 ¤¤¤

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA ST1000LM024 HN-M SCSI Disk Device +++++

--- User ---

[MBR] 132a99b5b35fbfab967f01450032c763

[bSP] 9983ead4c828e168505ea03884148058 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15542 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31911936 | Size: 938286 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_03072014_152949.txt >>

 

 

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014 01

Ran by Timothy (administrator) on TIM-PC on 07-03-2014 15:33:47

Running from C:\Users\Timothy\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)

HKLM\...\Run: [intelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)

HKLM\...\Run: [bLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406640 2012-06-01] (Intel Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)

HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-06] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4159407641-3317756744-300395318-1000\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)

Startup: C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk

ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {46D58E34-CC88-4CA1-8A68-8EB88EEA98EB} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {46D58E34-CC88-4CA1-8A68-8EB88EEA98EB} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

SearchScopes: HKLM-x32 - DefaultScope {46D58E34-CC88-4CA1-8A68-8EB88EEA98EB} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {46D58E34-CC88-4CA1-8A68-8EB88EEA98EB} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Tcpip\Parameters: [DhcpNameServer] 66.253.214.16 50.30.184.16

 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Extension: (Google Docs) - C:\Users\Timothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-01]

CHR Extension: (Google Drive) - C:\Users\Timothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-01]

CHR Extension: (YouTube) - C:\Users\Timothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-01]

CHR Extension: (Adblock Plus) - C:\Users\Timothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-11]

CHR Extension: (Google Search) - C:\Users\Timothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-01]

CHR Extension: (avast! Online Security) - C:\Users\Timothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-02]

CHR Extension: (Google Wallet) - C:\Users\Timothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR Extension: (Gmail) - C:\Users\Timothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-01]

 

==================== Services (Whitelisted) =================

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-06] (AVAST Software)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-06] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-12] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-12] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-06] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-06] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-06] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-12] ()

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)

R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-07 15:33 - 2014-03-07 15:34 - 00013721 _____ () C:\Users\Timothy\Desktop\FRST.txt

2014-03-07 15:33 - 2014-03-07 15:33 - 00000000 ____D () C:\FRST

2014-03-07 15:29 - 2014-03-07 15:29 - 00001908 _____ () C:\Users\Timothy\Desktop\RKreport[0]_S_03072014_152949.txt

2014-03-07 15:27 - 2014-03-07 15:32 - 00000000 ____D () C:\Users\Timothy\Desktop\RK_Quarantine

2014-03-07 15:25 - 2014-03-07 15:25 - 02156544 _____ (Farbar) C:\Users\Timothy\Downloads\FRST64.exe

2014-03-07 15:25 - 2014-03-07 15:25 - 02156544 _____ (Farbar) C:\Users\Timothy\Desktop\FRST64.exe

2014-03-07 15:25 - 2014-03-07 15:24 - 04413952 _____ () C:\Users\Timothy\Desktop\RogueKillerX64.exe

2014-03-07 15:24 - 2014-03-07 15:24 - 04413952 _____ () C:\Users\Timothy\Downloads\RogueKillerX64.exe

2014-03-03 00:05 - 2014-03-03 00:46 - 00000595 _____ () C:\Users\Timothy\Documents\important.txt

2014-02-27 06:08 - 2014-03-01 21:08 - 00000000 ____D () C:\Users\Timothy\Documents\Ciphers

2014-02-23 19:58 - 2014-02-27 06:08 - 00000000 ____D () C:\Users\Timothy\Documents\RockPaperScissors

2014-02-19 03:02 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-19 03:02 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-19 03:01 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-19 03:01 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-19 03:01 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-19 03:01 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-19 03:01 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-19 03:01 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-19 03:01 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-19 03:01 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-19 03:01 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-19 03:01 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-19 03:01 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-19 03:01 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-19 03:01 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-19 03:01 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-19 03:01 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-19 03:01 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-19 03:01 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-19 03:01 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-19 03:01 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-19 03:01 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-19 03:01 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-19 03:01 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-19 03:01 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-19 03:01 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-19 03:01 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-19 03:01 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-19 03:00 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-19 03:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-19 03:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-19 03:00 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-19 03:00 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-19 03:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-19 03:00 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-19 03:00 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-19 03:00 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-19 03:00 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-19 03:00 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-19 03:00 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-19 03:00 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-15 00:19 - 2014-02-15 00:19 - 00000000 ____D () C:\Users\Timothy\AppData\Roaming\steamvr

2014-02-13 05:01 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-13 05:01 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-13 05:01 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-13 05:01 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-13 05:01 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-13 05:01 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-13 05:01 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-13 05:01 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-13 05:01 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-13 05:01 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-13 05:01 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-13 05:01 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-13 05:01 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-13 05:01 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-13 05:01 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-13 05:01 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-13 05:01 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-13 05:01 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-13 05:01 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-13 05:01 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-13 05:01 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-13 05:01 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-13 05:01 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-13 05:01 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-13 05:01 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-13 05:01 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-13 05:01 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-13 05:01 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

 

==================== One Month Modified Files and Folders =======

 

2014-03-07 15:34 - 2014-03-07 15:33 - 00013721 _____ () C:\Users\Timothy\Desktop\FRST.txt

2014-03-07 15:33 - 2014-03-07 15:33 - 00000000 ____D () C:\FRST

2014-03-07 15:32 - 2014-03-07 15:27 - 00000000 ____D () C:\Users\Timothy\Desktop\RK_Quarantine

2014-03-07 15:29 - 2014-03-07 15:29 - 00001908 _____ () C:\Users\Timothy\Desktop\RKreport[0]_S_03072014_152949.txt

2014-03-07 15:25 - 2014-03-07 15:25 - 02156544 _____ (Farbar) C:\Users\Timothy\Downloads\FRST64.exe

2014-03-07 15:25 - 2014-03-07 15:25 - 02156544 _____ (Farbar) C:\Users\Timothy\Desktop\FRST64.exe

2014-03-07 15:24 - 2014-03-07 15:25 - 04413952 _____ () C:\Users\Timothy\Desktop\RogueKillerX64.exe

2014-03-07 15:24 - 2014-03-07 15:24 - 04413952 _____ () C:\Users\Timothy\Downloads\RogueKillerX64.exe

2014-03-07 15:20 - 2013-04-16 19:52 - 01943248 _____ () C:\Windows\WindowsUpdate.log

2014-03-07 15:18 - 2013-05-01 18:12 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-07 14:45 - 2013-04-16 18:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-07 01:51 - 2009-07-13 22:51 - 00071888 _____ () C:\Windows\setupact.log

2014-03-07 00:46 - 2009-07-13 22:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-07 00:46 - 2009-07-13 22:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-06 22:18 - 2013-05-01 18:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-06 16:29 - 2013-09-13 00:42 - 00000423 _____ () C:\Users\Timothy\Documents\games to play.txt

2014-03-06 15:02 - 2013-09-13 00:42 - 00001392 _____ () C:\Users\Timothy\Documents\words.txt

2014-03-06 04:42 - 2013-10-16 00:28 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-03-06 04:38 - 2013-04-16 18:48 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-03-06 04:38 - 2013-04-16 18:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-03-06 04:38 - 2013-04-16 18:35 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-03-06 04:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-06 04:36 - 2013-05-01 19:03 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-03-06 04:36 - 2013-05-01 19:03 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-03-06 04:35 - 2014-01-12 15:12 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-03-06 04:35 - 2013-05-01 19:03 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-03-06 04:35 - 2013-05-01 19:03 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-03-06 04:35 - 2013-05-01 19:03 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-03-06 04:35 - 2013-05-01 19:03 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-03-06 04:35 - 2013-05-01 19:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-03-04 09:22 - 2013-05-01 18:18 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-03 00:46 - 2014-03-03 00:05 - 00000595 _____ () C:\Users\Timothy\Documents\important.txt

2014-03-01 21:08 - 2014-02-27 06:08 - 00000000 ____D () C:\Users\Timothy\Documents\Ciphers

2014-03-01 12:49 - 2014-01-15 19:56 - 00000000 ____D () C:\Users\Timothy\Documents\UT

2014-02-27 17:30 - 2014-01-14 00:55 - 00000000 ____D () C:\Users\Timothy\Documents\TestRunner

2014-02-27 15:48 - 2013-06-03 17:23 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-02-27 06:08 - 2014-02-23 19:58 - 00000000 ____D () C:\Users\Timothy\Documents\RockPaperScissors

2014-02-22 20:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-02-21 15:08 - 2013-06-03 17:23 - 00000000 ____D () C:\Program Files\My Dell

2014-02-21 15:07 - 2013-04-16 18:44 - 00000000 ____D () C:\ProgramData\PCDr

2014-02-20 13:45 - 2013-04-16 18:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-20 13:45 - 2013-04-16 18:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-20 13:45 - 2013-04-16 18:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-19 03:12 - 2013-08-15 02:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-19 03:10 - 2013-05-01 18:38 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-19 03:04 - 2011-02-10 10:10 - 00776940 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-19 03:04 - 2009-07-13 23:13 - 00776940 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-16 20:16 - 2014-01-29 14:58 - 00000148 _____ () C:\Users\Timothy\Documents\pics and gifs.txt

2014-02-15 00:19 - 2014-02-15 00:19 - 00000000 ____D () C:\Users\Timothy\AppData\Roaming\steamvr

2014-02-13 22:13 - 2013-05-01 18:12 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-13 22:13 - 2013-05-01 18:12 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-06 06:16 - 2014-02-19 03:01 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-06 05:30 - 2014-02-19 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-06 05:30 - 2014-02-19 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-06 05:12 - 2014-02-19 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-06 05:07 - 2014-02-19 03:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-06 05:06 - 2014-02-19 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-06 04:57 - 2014-02-19 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-06 04:56 - 2014-02-19 03:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-06 04:52 - 2014-02-19 03:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-06 04:49 - 2014-02-19 03:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-06 04:48 - 2014-02-19 03:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-06 04:48 - 2014-02-19 03:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-06 04:38 - 2014-02-19 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-06 04:32 - 2014-02-19 03:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-06 04:20 - 2014-02-19 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-06 04:17 - 2014-02-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-06 04:11 - 2014-02-19 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-06 04:01 - 2014-02-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-06 04:00 - 2014-02-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-06 03:57 - 2014-02-19 03:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-06 03:57 - 2014-02-19 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-06 03:52 - 2014-02-19 03:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-06 03:52 - 2014-02-19 03:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-06 03:50 - 2014-02-19 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-06 03:49 - 2014-02-19 03:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-06 03:47 - 2014-02-19 03:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-06 03:46 - 2014-02-19 03:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-06 03:25 - 2014-02-19 03:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-06 03:25 - 2014-02-19 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-06 03:24 - 2014-02-19 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-06 03:22 - 2014-02-19 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-06 03:13 - 2014-02-19 03:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-06 03:09 - 2014-02-19 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-06 03:03 - 2014-02-19 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-06 02:55 - 2014-02-19 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-06 02:41 - 2014-02-19 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-06 02:40 - 2014-02-19 03:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-06 02:36 - 2014-02-19 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-06 02:34 - 2014-02-19 03:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-05 13:35 - 2014-01-30 17:48 - 00000000 ____D () C:\Users\Timothy\Documents\Song

 

Some content of TEMP:

====================

C:\Users\Timothy\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Timothy\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-18 03:28

 

==================== End Of Log ============================

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2014 01

Ran by Timothy at 2014-03-07 15:34:15

Running from C:\Users\Timothy\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1996635390.48.56.35662194 - Audible, Inc.)

avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)

Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)

Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)

Beyond Good & Evil (HKLM-x32\...\Steam App 15130) (Version:  - Ubisoft)

BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)

BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)

eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )

Free YouTube Download version 3.2.5.628 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.5.628 - DVDVideoSoft Ltd.)

Gateways (HKLM-x32\...\Steam App 216290) (Version:  - Smudged Cat Games Ltd)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)

Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

Intel PROSet Wireless (Version:  - ) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{B9EE2364-A67C-40DD-8413-495E2C7FBCD0}) (Version: 2.1.2.0206 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)

Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)

Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )

Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)

Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)

Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Max Payne (HKLM-x32\...\Steam App 12140) (Version:  - Remedy Entertainment)

Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version:  - Remedy Entertainment)

Media Browser (HKLM-x32\...\{249A8819-3335-4650-9B59-3724997ECA86}) (Version: 2.6.2.0 - Media Browser)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MPC-HC 1.6.7.7114 (9eb64ec) (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)

Papo & Yo (HKLM-x32\...\Steam App 227080) (Version:  - Minority Media Inc.)

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Pid  (HKLM-x32\...\Steam App 218740) (Version:  - Might and Delight)

Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)

Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)

Tom Clancy's Splinter Cell (HKLM-x32\...\Steam App 13560) (Version:  - Ubisoft)

Tom Clancy's Splinter Cell: Chaos Theory (HKLM-x32\...\Steam App 13570) (Version:  - Ubisoft Montreal)

Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)

Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Zombie Driver (HKLM-x32\...\Steam App 31410) (Version:  - EXOR Studios)

 

==================== Restore Points  =========================

 

18-02-2014 10:02:11 Windows Update

19-02-2014 09:00:17 Windows Update

25-02-2014 22:05:03 Windows Update

04-03-2014 16:08:28 Windows Update

06-03-2014 10:34:44 avast! antivirus system restore point

07-03-2014 17:21:30 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 20:34 - 2013-09-05 20:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0E61D55D-57AE-4548-BF95-C611ADD615F0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {24271185-C22B-45C3-B766-F5C7717FC24C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {4C9027B1-72AB-427A-86F7-F20B19043F1A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-06] (AVAST Software)

Task: {5B340405-00CF-49FC-8F29-F70F8DD5EC74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)

Task: {7829547F-FBB2-4BF6-AFBB-DCDBDD33FDF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)

Task: {AE68108F-3CE0-4008-8A9B-6CE213400055} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)

Task: {CA33D2E3-1DF7-41F1-85CE-4D38B8A35475} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {E3B49149-BC17-4CE2-B1E4-0533AAA682D2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-04-16 18:35 - 2012-01-26 20:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2013-04-16 19:28 - 2012-10-16 04:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-03-06 14:16 - 2014-03-06 11:04 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14030601\algo.dll

2014-03-07 15:12 - 2014-03-07 12:45 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14030701\algo.dll

2014-01-12 15:11 - 2014-01-12 15:11 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-02-19 03:33 - 2014-02-19 03:33 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e0cca00b42165c0b882a7ef23368c6ac\PSIClient.ni.dll

2014-01-10 21:49 - 2013-12-12 16:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll

2014-01-10 21:49 - 2013-11-04 19:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll

2013-08-21 13:18 - 2014-02-10 20:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2013-10-08 17:19 - 2014-02-25 15:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2013-09-10 13:20 - 2014-01-10 17:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2013-06-14 14:49 - 2013-06-14 17:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2013-06-14 14:49 - 2013-06-14 17:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2013-06-14 14:49 - 2013-06-14 17:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2013-04-16 18:18 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

Name: Integrated Webcam

Description: USB Video Device

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/06/2014 04:42:20 AM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall

 

Error: (03/06/2014 04:40:10 AM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall

 

Error: (03/06/2014 04:38:42 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/28/2014 08:33:31 PM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall

 

Error: (02/28/2014 08:31:57 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/28/2014 01:13:05 AM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall

 

Error: (02/28/2014 01:08:34 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/25/2014 11:15:44 AM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall

 

Error: (02/25/2014 11:14:20 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/21/2014 03:23:17 PM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall

 

 

System errors:

=============

Error: (03/06/2014 04:41:06 AM) (Source: Service Control Manager) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (03/06/2014 04:40:06 AM) (Source: DCOM) (User: )

Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (03/06/2014 04:39:46 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service failed to start due to the following error: 

%%1053

 

Error: (03/06/2014 04:39:46 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

 

Error: (02/28/2014 08:34:15 PM) (Source: Service Control Manager) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/28/2014 08:33:28 PM) (Source: DCOM) (User: )

Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (02/28/2014 08:33:21 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service failed to start due to the following error: 

%%1053

 

Error: (02/28/2014 08:33:21 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

 

Error: (02/28/2014 01:12:50 AM) (Source: Service Control Manager) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/28/2014 01:12:50 AM) (Source: Service Control Manager) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2013-09-05 21:54:58.583

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-09-05 21:54:58.552

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 20%

Total physical RAM: 8067.36 MB

Available physical RAM: 6449.2 MB

Total Pagefile: 16132.89 MB

Available Pagefile: 13945.25 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:916.29 GB) (Free:778.71 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: BEAD1F5F)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================


Share this post


Link to post
Share on other sites

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 

Then run this tool one more time

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Share this post


Link to post
Share on other sites

Okay, please open MBAM and go to the Logs tab and locate 2 of the most recent Protection Logs and post back those logs.

 

Are the IP blocks still happening?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.