Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Powershell has stopped working/searchnet.blinkxcore.com


Recommended Posts

Recently the Powershell has stopped working dialog box has been randomly popping up and MB has been showing the searchnet.blinkxcore.com popping up also. Thank you for the help in advance!

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by MattyIcE (administrator) on MATTYICE-PC on 04-12-2014 11:51:30
Running from C:\Users\MattyIcE\Desktop
Loaded Profile: MattyIcE (Available profiles: MattyIcE & Mcx1-MATTYICE-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\sarconsogulpe\sarconsogulpe.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2011-02-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [703088 2010-12-17] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1545584 2011-01-10] ()
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Tsgbbqkr] => C:\Windows\system32\regsvr32.exe /s "C:\Windows\TEMP\vnykjkw.dll"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\MountPoints2: {0ebbe119-f03c-11e0-bd17-5c260a64c3a2} - E:\setup.exe
HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\MountPoints2: {21897062-b241-11e0-b079-5c260a64c3a2} - Q:\Autorun.exe
HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-13] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\MattyIcE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-186085234-3646380278-2500217465-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-186085234-3646380278-2500217465-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\MattyIcE\AppData\Roaming\Mozilla\Firefox\Profiles\a4j32bcd.default-1417711747388
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\MattyIcE\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-11-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-11]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 sarconsogulpe; C:\Program Files\sarconsogulpe\sarconsogulpe.exe [266240 2014-10-06] () [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-13] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299152 2014-09-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 X6va005; \??\C:\Users\MattyIcE\AppData\Local\Temp\005B717.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 11:51 - 2014-12-04 11:52 - 00019626 _____ () C:\Users\MattyIcE\Desktop\FRST.txt
2014-12-04 11:51 - 2014-12-04 11:51 - 00000000 ____D () C:\FRST
2014-12-04 11:50 - 2014-12-04 11:50 - 02117632 _____ (Farbar) C:\Users\MattyIcE\Desktop\FRST64.exe
2014-12-04 11:49 - 2014-12-04 11:49 - 00000000 ____D () C:\Users\MattyIcE\Desktop\Old Firefox Data
2014-12-04 10:20 - 2014-12-04 10:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 10:20 - 2014-12-04 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 10:19 - 2014-12-04 10:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\MattyIcE\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-04 10:19 - 2014-12-04 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-04 10:19 - 2014-12-04 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-04 10:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-04 10:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-04 10:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-03 19:31 - 2014-12-03 19:31 - 05307235 _____ () C:\Users\MattyIcE\Desktop\FLLSB.zip
2014-12-03 02:03 - 2014-12-04 10:34 - 27444616 _____ () C:\Windows\SysWOW64\debug.log
2014-12-02 18:46 - 2014-12-02 18:46 - 05496982 _____ () C:\Users\MattyIcE\Desktop\Master Records.zip
2014-12-02 16:06 - 2014-12-04 10:34 - 00000000 ____D () C:\Program Files (x86)\mediainformationaccess
2014-12-01 19:30 - 2014-12-01 19:30 - 00000218 _____ () C:\Users\MattyIcE\AppData\Local\recently-used.xbel
2014-11-30 23:58 - 2014-12-02 01:41 - 00000293 _____ () C:\Users\MattyIcE\Desktop\notes dec1.txt
2014-11-30 23:48 - 2014-11-30 23:48 - 00940416 _____ () C:\Users\MattyIcE\Desktop\Msiege_Starbucks RVC Missing Items.xlsx
2014-11-30 23:25 - 2014-11-30 23:25 - 00941681 _____ () C:\Users\MattyIcE\Desktop\new starbucks.xlsx
2014-11-30 22:48 - 2014-11-30 22:48 - 00079335 _____ () C:\Users\MattyIcE\Desktop\Msiegel_Catalina BeerWine missing items.xlsx
2014-11-30 21:49 - 2014-11-30 21:49 - 00078267 _____ () C:\Users\MattyIcE\Desktop\Msiegel_Plunge BeerWine missing items.xlsx
2014-11-30 20:51 - 2014-11-30 20:51 - 00157697 _____ () C:\Users\MattyIcE\Desktop\TUSSP Beer and Wine- Catalina and Plunge RVCs.zip
2014-11-30 18:17 - 2014-11-30 18:42 - 00000000 ____D () C:\Users\MattyIcE\Desktop\TUSSP - MIC, SLU,
2014-11-28 12:33 - 2014-11-28 12:34 - 06748508 _____ () C:\Users\MattyIcE\Desktop\TUSSP - MIC, SLU,.zip
2014-11-26 03:20 - 2014-11-26 03:20 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-25 21:14 - 2014-11-25 21:14 - 02294693 _____ () C:\Users\MattyIcE\Desktop\HMSHost Simphony Conversion - Sacramento Intl Airport - 128.zip
2014-11-24 11:46 - 2014-11-27 00:35 - 00002590 _____ () C:\Users\MattyIcE\Desktop\rvc n zones.txt
2014-11-24 11:35 - 2014-11-24 11:35 - 00290389 _____ () C:\Users\MattyIcE\Desktop\IMPORTANT! Programming This Week.zip
2014-11-20 14:36 - 2014-11-24 12:11 - 00000145 _____ () C:\Users\MattyIcE\Desktop\FINALBILLS.txt
2014-11-20 10:20 - 2014-11-20 10:20 - 01358088 _____ () C:\Users\MattyIcE\Desktop\Outlook.com.zip
2014-11-20 10:20 - 2014-11-20 10:20 - 00000000 ____D () C:\Users\MattyIcE\Desktop\Outlook.com
2014-11-19 14:52 - 2014-11-19 14:52 - 00689833 _____ () C:\Users\MattyIcE\Desktop\STTRZ changes.zip
2014-11-18 18:36 - 2014-11-18 18:36 - 00102820 _____ () C:\Users\MattyIcE\Desktop\adfasdfsdafsf.xlsx
2014-11-17 21:24 - 2014-11-17 21:24 - 00674486 _____ () C:\Users\MattyIcE\Desktop\STTRZ - Bluewater Restaurant - Food Item Workbook - 1112014.xlsx
2014-11-14 15:38 - 2014-11-14 15:38 - 00675600 _____ () C:\Users\MattyIcE\Desktop\PDXNH - food, beer & wine, liquor.zip
2014-11-13 10:54 - 2014-11-13 16:21 - 00000000 ____D () C:\Users\MattyIcE\Desktop\bosbb11_13
2014-11-13 10:53 - 2014-11-13 10:53 - 00172529 _____ () C:\Users\MattyIcE\Desktop\Status Update.zip
2014-11-12 10:48 - 2014-11-12 10:48 - 01046156 _____ () C:\Users\MattyIcE\Desktop\PHXST- Greatroom- Food Menu Item Workbook-  FINAL SW10072014.xlsx
2014-11-12 10:36 - 2014-11-12 10:36 - 00441653 _____ () C:\Users\MattyIcE\Desktop\BOSCO Starbucks FINAL 10-17-14.xlsx
2014-11-11 01:00 - 2014-11-11 01:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 15:58 - 2014-11-10 15:58 - 03410179 _____ () C:\Users\MattyIcE\Desktop\OMAWE.zip
2014-11-10 15:58 - 2014-11-10 12:58 - 00110806 _____ () C:\Users\MattyIcE\Desktop\OMAWE - All Outlets -BeerWineWorkbook - 12-19-13 FINAL 1226 SW.xlsx
2014-11-10 15:58 - 2014-11-10 12:58 - 00104085 _____ () C:\Users\MattyIcE\Desktop\OMAWE - All Outlets LiquorCocktailSignatureDrinkWorkbook - 12-20-13 FINAL MM.xlsx
2014-11-10 12:00 - 2014-11-10 15:20 - 00000000 ____D () C:\Users\MattyIcE\Desktop\1110 Programming
2014-11-10 12:00 - 2014-11-10 12:00 - 00000000 __SHD () C:\Users\MattyIcE\AppData\Local\EmieUserList
2014-11-10 12:00 - 2014-11-10 12:00 - 00000000 __SHD () C:\Users\MattyIcE\AppData\Local\EmieSiteList
2014-11-10 11:58 - 2014-11-10 11:58 - 01248460 _____ () C:\Users\MattyIcE\Desktop\1110 Programming.zip
2014-11-07 10:02 - 2014-11-07 10:02 - 00712702 _____ () C:\Users\MattyIcE\Desktop\NYCLM.zip
2014-11-04 10:10 - 2014-11-04 10:10 - 00000534 _____ () C:\Users\MattyIcE\Desktop\nov2.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 11:47 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 11:47 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 11:20 - 2012-10-26 14:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 10:51 - 2009-07-14 00:13 - 00876042 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 10:50 - 2011-07-05 21:37 - 01553058 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 10:49 - 2011-07-05 20:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-04 10:49 - 2011-07-05 20:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-04 10:49 - 2011-07-05 20:06 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-12-04 10:47 - 2014-09-29 04:37 - 00007193 _____ () C:\Windows\setupact.log
2014-12-04 10:47 - 2011-07-05 21:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-04 10:47 - 2010-11-20 22:47 - 00345122 _____ () C:\Windows\PFRO.log
2014-12-04 10:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 10:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2014-12-04 10:34 - 2014-10-07 14:38 - 00000000 ____D () C:\Program Files\biforder
2014-12-04 10:34 - 2013-03-01 20:44 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-12-04 10:33 - 2011-07-05 20:07 - 00000000 ____D () C:\Temp
2014-12-04 10:20 - 2014-10-07 14:48 - 00000112 _____ () C:\ProgramData\VWq3nbxgu.dat
2014-12-04 09:14 - 2012-02-01 10:38 - 00000000 ____D () C:\Users\MattyIcE\AppData\Roaming\Skype
2014-12-04 00:07 - 2014-10-17 21:34 - 00000000 ____D () C:\Users\MattyIcE\AppData\Local\Battle.net
2014-12-03 16:37 - 2012-02-03 22:18 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-12-03 10:51 - 2014-10-10 07:26 - 00000000 ____D () C:\Users\MattyIcE\Desktop\Microse
2014-12-03 00:22 - 2014-10-17 21:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-02 01:43 - 2011-10-10 16:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-01 17:54 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-30 18:19 - 2014-10-04 01:03 - 00000000 ____D () C:\Users\MattyIcE\AppData\Local\CrashDumps
2014-11-26 03:20 - 2012-10-26 14:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 03:20 - 2012-06-04 22:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 03:20 - 2011-07-14 14:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 21:15 - 2014-11-03 09:59 - 00000000 ____D () C:\Users\MattyIcE\Desktop\Oracle Workbooks
2014-11-24 11:19 - 2014-10-14 10:26 - 00000000 __SHD () C:\Users\MattyIcE\Documents\cache
2014-11-24 10:08 - 2014-10-14 10:26 - 00000000 ____D () C:\Users\MattyIcE\AppData\Roaming\webex
2014-11-12 03:32 - 2012-12-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Files to move or delete:
====================
C:\ProgramData\VWq3nbxgu.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 13:03

==================== End Of Log ============================

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by MattyIcE at 2014-12-04 11:52:30
Running from C:\Users\MattyIcE\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware M14x Manual (HKLM-x32\...\InstallShield_{B90A9452-2233-4B2A-8277-5DC4FEC239CB}) (Version: 1.0.1.0 - Alienware Corp.)
Alienware M14x Manual (Version: 1.0.1.0 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.31.1.8C - )
Alienware On-Screen Display (x32 Version: 0.31.1.8C - ) Hidden
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Banctec Service Agreement (HKLM-x32\...\{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}) (Version: 2.0.0 - Dell Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCNA_Security_English (HKLM-x32\...\CCNA_Security_English) (Version: 4.0.0.2 - Cisco Networking Academy Curriculum)
Cisco Networking Academy curriculum 4.0 (HKLM-x32\...\Cisco Networking Academy curriculum_is1) (Version:  - Cisco Systems, Inc.)
Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version:  - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DiskAid 4.53 (HKLM-x32\...\DiskAid_is1) (Version: 4.53 - DigiDNA)
EA Download Manager (HKLM-x32\...\EADM) (Version: 7.2.0.32 - Electronic Arts, Inc.)
EMCClient (HKLM-x32\...\{B5AC4C21-8968-4912-8BDE-F89B92485EA2}) (Version: 1.00.0000 - MICROS)
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
GDR 1617 for SQL Server 2008 R2 (KB2494088) (HKLM-x32\...\KB2494088) (Version: 10.50.1617.0 - Microsoft Corporation)
GunboundIS (HKLM-x32\...\GunboundIS_is1) (Version:  - Softnyx co.,ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Integrated Webcam Live! Central (HKLM-x32\...\Integrated Webcam Live! Central) (Version: 2.00.44 - Creative Technology Ltd)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{362A3FDF-B12E-436A-9097-1B795A9FFCC5}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{76866BE3-B2C7-40BB-B267-927792AED0C3}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K12 (HKLM-x32\...\{04E9B02B-4F85-4B73-B865-27B9B8B35877}) (Version: 1.0.0 - 2K Sports)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PremiumSoft Navicat 10.0 for SQL Server (HKLM-x32\...\PremiumSoft Navicat for SQL Server_is1) (Version:  - PremiumSoft CyberTech Ltd.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6291 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Rusty Hearts (HKLM-x32\...\Steam App 36630) (Version:  - )
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Simple Port Tester (HKLM-x32\...\Simple Port Tester2.1.5) (Version: 2.1.5 - PcWinTech.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SQL Server 2008 R2 Common Files (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © v2013.build.58+Recorder (2013/11/13) version v2013.buil (HKLM-x32\...\{8E2A1F92-9B4F-4DF9-8459-5C06B0813C69}_is1) (Version: v2013.build.58+Recorder - eRightSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.19.0 - Synaptics Incorporated)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Trine 2 (HKLM-x32\...\Trine 2_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-186085234-3646380278-2500217465-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.17128 - Blizzard Entertainment)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-186085234-3646380278-2500217465-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

==================== Restore Points  =========================

09-11-2014 00:06:07 Scheduled Checkpoint
16-11-2014 18:12:36 Scheduled Checkpoint
24-11-2014 14:38:57 Scheduled Checkpoint
01-12-2014 20:33:43 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3E9DA57D-FE42-4164-87CF-C5997CFBFFF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43358864-8E13-41F5-A403-2B94CC3D1575} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MATTYICE-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {7241C2DD-A958-4F60-9D61-A491E39A48F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-07-05 21:15 - 2014-09-13 18:48 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-02-09 09:57 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-18 09:57 - 2014-10-06 10:58 - 00266240 _____ () C:\Program Files\sarconsogulpe\sarconsogulpe.exe
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-09-27 16:52 - 2010-12-17 09:27 - 00703088 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-07-05 21:18 - 2011-05-03 21:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-05 20:06 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-01-10 16:16 - 2011-01-10 16:16 - 01545584 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-05 21:15 - 2014-09-13 18:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2009-12-18 11:07 - 2009-12-18 11:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2012-11-14 03:34 - 2012-11-14 03:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\78ce3d0cfeeee2a8c5b5f748ad9250bf\IsdiInterop.ni.dll
2011-07-05 19:52 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-11-11 01:00 - 2014-11-11 01:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Integrated Webcam Live! Central => "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-186085234-3646380278-2500217465-500 - Administrator - Disabled)
Guest (S-1-5-21-186085234-3646380278-2500217465-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-186085234-3646380278-2500217465-1013 - Limited - Enabled)
MattyIcE (S-1-5-21-186085234-3646380278-2500217465-1002 - Administrator - Enabled) => C:\Users\MattyIcE
Mcx1-MATTYICE-PC (S-1-5-21-186085234-3646380278-2500217465-1005 - Limited - Enabled) => C:\Users\Mcx1-MATTYICE-PC

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2014 10:47:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2014 10:35:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2014 10:34:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Exception code: 0xc0000005
Fault offset: 0x0018be9c
Faulting process id: 0x2698
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3

Error: (12/04/2014 10:34:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Exception code: 0xc0000005
Fault offset: 0x0018be9c
Faulting process id: 0x1b70
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3

Error: (12/04/2014 10:34:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Exception code: 0xc0000005
Fault offset: 0x0018be9c
Faulting process id: 0x2570
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3

Error: (12/04/2014 10:34:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Exception code: 0xc0000005
Fault offset: 0x0018be9c
Faulting process id: 0x22c4
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3

Error: (12/04/2014 09:53:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Exception code: 0xc0000005
Fault offset: 0x0018be9c
Faulting process id: 0x25f8
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3

Error: (12/04/2014 09:53:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Faulting module name: updater.exe, version: 0.0.0.0, time stamp: 0x547bf43e
Exception code: 0xc0000005
Fault offset: 0x0018be9c
Faulting process id: 0x22f8
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3

Error: (12/04/2014 09:51:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2014 09:18:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/04/2014 10:50:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/04/2014 10:49:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/04/2014 10:37:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/04/2014 10:36:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/04/2014 09:52:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/04/2014 09:51:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/04/2014 09:20:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/04/2014 09:20:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/04/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/03/2014 09:42:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 50%
Total physical RAM: 10187.86 MB
Available physical RAM: 5069.7 MB
Total Pagefile: 20373.9 MB
Available Pagefile: 14147.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.99 GB) (Free:170.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BEF02D01)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

MB daily protection Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 12/4/2014 10:20:45 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Starting,
Protection, 12/4/2014 10:20:45 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Started,
Protection, 12/4/2014 10:20:46 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Starting,
Update, 12/4/2014 10:20:50 AM, SYSTEM, MATTYICE-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.3.1,
Protection, 12/4/2014 10:21:20 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Started,
Detection, 12/4/2014 10:21:27 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 55814, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:21:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 55814, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:21:30 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 55874, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Update, 12/4/2014 10:21:38 AM, SYSTEM, MATTYICE-PC, Manual, Malware Database, 2014.11.20.6, 2014.12.4.7,
Detection, 12/4/2014 10:21:39 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 55936, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Protection, 12/4/2014 10:21:41 AM, SYSTEM, MATTYICE-PC, Protection, Refresh, Starting,
Protection, 12/4/2014 10:21:41 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/4/2014 10:21:41 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/4/2014 10:21:47 AM, SYSTEM, MATTYICE-PC, Protection, Refresh, Success,
Protection, 12/4/2014 10:21:47 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/4/2014 10:21:48 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Started,
Detection, 12/4/2014 10:21:50 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 56184, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:21:50 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 56184, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:22:15 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 56820, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:22:19 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 57086, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:22:30 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 57645, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:22:45 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 58177, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:22:48 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 58252, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:22:56 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 58446, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:23:11 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 58694, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:23:38 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 59222, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:23:56 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 60006, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:24:13 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 95.215.1.57, 60473, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 12/4/2014 10:24:55 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 60873, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 10:24:55 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 60874, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 10:24:55 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 60873, Outbound, C:\Windows\SysWOW64\svchost.exe,
Scan, 12/4/2014 10:33:43 AM, SYSTEM, MATTYICE-PC, Manual, Start:12/4/2014 10:23:09 AM, Duration:10 min 18 sec, Threat Scan, Cancelled, 3 Malware Detections, 32 Non-Malware Detections,
Detection, 12/4/2014 10:34:11 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, File, PUP.Optional.Adpeak, C:\Program Files (x86)\mediainformationaccess\updater.exe, Quarantine Failed, 5, Access is denied.  , [429576e86d0f7abc196120d15ea36d93]
Detection, 12/4/2014 10:34:18 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, File, PUP.Optional.Adpeak, C:\Program Files (x86)\mediainformationaccess\updater.exe, Quarantine Failed, 5, Access is denied.  , [429576e86d0f7abc196120d15ea36d93]
Detection, 12/4/2014 10:34:24 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, File, PUP.Optional.Adpeak, C:\Program Files (x86)\mediainformationaccess\updater.exe, Quarantine Failed, 5, Access is denied.  , [429576e86d0f7abc196120d15ea36d93]
Protection, 12/4/2014 10:35:17 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Starting,
Protection, 12/4/2014 10:35:17 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Started,
Protection, 12/4/2014 10:35:18 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/4/2014 10:36:06 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Started,
Detection, 12/4/2014 10:40:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53153, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:40:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53153, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:40:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53154, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:40:34 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53299, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:40:34 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53300, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:43:48 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58746, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:43:48 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58745, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:43:53 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58871, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 10:43:53 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58872, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 10:44:39 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59884, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 10:44:39 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59885, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 10:45:51 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62259, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:45:51 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62260, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Scan, 12/4/2014 10:45:55 AM, SYSTEM, MATTYICE-PC, Manual, Start:12/4/2014 10:38:15 AM, Duration:6 min 56 sec, Hyper Scan, Completed, 0 Malware Detections, 19 Non-Malware Detections,
Detection, 12/4/2014 10:46:06 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62680, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:46:06 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62681, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 10:46:06 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62680, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Protection, 12/4/2014 10:47:53 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Starting,
Protection, 12/4/2014 10:47:54 AM, SYSTEM, MATTYICE-PC, Protection, Malware Protection, Started,
Protection, 12/4/2014 10:47:54 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/4/2014 10:48:28 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, Started,
Detection, 12/4/2014 10:57:31 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61438, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 12/4/2014 10:57:31 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61439, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 12/4/2014 10:57:31 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61438, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 12/4/2014 11:13:57 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59282, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 11:13:57 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59283, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 11:14:01 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59433, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 11:14:01 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59434, Outbound, C:\Windows\SysWOW64\svchost.exe,
Scan, 12/4/2014 11:17:25 AM, SYSTEM, MATTYICE-PC, Manual, Start:12/4/2014 11:10:34 AM, Duration:6 min 51 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 12/4/2014 11:31:25 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56891, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 11:31:25 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56892, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 11:31:25 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56891, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 11:48:34 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 55083, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 11:48:34 AM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 55084, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 12/4/2014 12:02:15 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59146, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 12:02:15 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59147, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 12:06:52 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51341, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 12:06:53 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51341, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 12:06:53 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51342, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 12/4/2014 12:10:13 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.77.96.140, www.favdownloads.com, 56769, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 12/4/2014 12:10:13 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.77.96.140, www.favdownloads.com, 56769, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 12/4/2014 12:10:14 PM, SYSTEM, MATTYICE-PC, Protection, Malicious Website Protection, IP, 66.77.96.140, www.favdownloads.com, 56768, Outbound, C:\Windows\SysWOW64\regsvr32.exe,

(end)

 

 

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

No secret, it is not a Rootkit, just a Trojan that downloads brother and sisters, known as Downloader.
 
 
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: xbtn_donate_SM.gif.pagespeed.ic.MMi5tqVp

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.