Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn virus.. tried malwarebytes/spybot.. please check hijackthis log for me


  • This topic is locked This topic is locked
9 replies to this topic

#1 Blindsided50

Blindsided50

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 20 February 2015 - 07:59 PM

I have had this virus for a week or so now and can't seem to get rid of it. Malwarebytes and spy bot search and destroy both found stuff but I am still getting constant pop ups when I go on fire fox or internet explorer.

 

Please check my log and see if you see anything that I can delete. I would appreciate it greatly.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:52:09 PM, on 2/20/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)

FIREFOX: 35.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\ProgramData\Battle.net\Agent\Agent.3733\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Robert Gantt\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: saoveron - {60d87fb8-3b14-44d4-9b57-7ccf17eab249} - C:\Program Files (x86)\saoveron\B7XY46m1qQbAzP.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - Startup: CurseClientStartup.ccip
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AlienFXWindowsService - Alienware - C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Alienware Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_ODD_Service - Micro-Star Int'l Co., Ltd. - c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Unknown owner - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (file missing)

--
End of file - 9534 bytes

 
 


BC AdBot (Login to Remove)

 


#2 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:13 PM

Posted 22 February 2015 - 06:18 PM

Hello and :welcome: on bleeping computer
My name is Sandra and I will help you with your problem.
  • Please follow my instructions in the order they are given
  • Read the instructions carefully before you start. If you get in trouble or do not understand what is to do then stop with the execution and describe the problem as good as you can
  • Do only run Scans which I advise to you
  • Do not do crossposting (Posting in different forums)
  • Do not de- or install software during removal, expect I advisted that to you
  • Please post all logfiles as a reply instead of attaching them unless I asked you for do so. If the files are too big then use more posts, thanks
  • Please keep in mind that we are all doing this here in our freetime, if I do not reply within 48 hours, feel free to send me a PM
Please notice: I am Malware Study Hall Senior, that means all of my answers will reviewed by an expert before I can post them here. Therefore it could be, that there is a little delay in my answering.

Step 1
Please post the log created by Malwarebytes here in your thread.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


Step 2
Scan with FRST
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was runing from.
  • Please copy and paste these logs in your next reply.

regards,

 

Sandra


#3 Blindsided50

Blindsided50
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 23 February 2015 - 07:23 PM

Hey,

 

Thank you so much for helping me.

 

Here is an updatred malware scan I just ran, came back with two things that I quarantined (I checked and had about 50 items in quarantine from the last few days and deleted those as well).

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 2/23/2015 5:02:47 PM, SYSTEM, ROBERTGANTT-PC, Manual, Rootkit Database, 2015.2.20.1, 2015.2.22.1,
Update, 2/23/2015 5:02:49 PM, SYSTEM, ROBERTGANTT-PC, Manual, Malware Database, 2015.2.20.6, 2015.2.23.9,
Scan, 2/23/2015 5:09:31 PM, SYSTEM, ROBERTGANTT-PC, Manual, Start:2/23/2015 5:02:50 PM, Duration:6 min 1 sec, Threat Scan, Completed, 0 Malware Detections, 4 Non-Malware Detections,

(end)

 

FRST:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by Robert Gantt at 2015-02-23 17:13:10
Running from C:\Users\Robert Gantt\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{330B7AAD-B2FE-4989-B02A-DDA5A174FCDF}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden
Alienware Customer Surveys (HKLM-x32\...\{9AAA35D1-B21D-4610-BBAE-18FE2D00C3E0}) (Version: 1.0.5 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3879160675-4012435332-690379533-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version:  - Trendy Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
QualxServ Service Agreement (HKLM-x32\...\{18401E1E-1E44-461A-A4B2-E48B1A727818}) (Version: 2.0.0 - Dell Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.0.2574.0 - Hi-Rez Studios)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3879160675-4012435332-690379533-1001_Classes\CLSID\{06d67f21-64df-48a2-b01a-0efa72aed6a1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-02-20 11:11 - 00449968 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {9815F097-9B88-4111-B1B4-74949EDBC0B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9EBE4D1B-D4F5-4188-A852-FC05F9DD488E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {A170664B-4D88-4709-A189-E8EFD52439C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {C901F3BE-9926-4EFF-9BC4-B962C8BD08A6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {F51F9A8A-1AA7-4E2E-BD6B-E2959AA86615} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {FCAE0F3B-CE25-4126-BB8B-5A08D35544CE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-07 01:33 - 2014-07-02 11:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-07 01:20 - 2012-03-19 16:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-07 00:01 - 2012-01-26 20:49 - 02751808 ____N () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-02-11 01:35 - 2015-01-29 23:58 - 00107256 _____ () C:\Program Files\Alienware\SupportAssist\libCSharpCommonCS.dll
2015-02-11 01:35 - 2015-01-29 23:58 - 00545528 _____ () C:\Program Files\Alienware\SupportAssist\libAsapiCSharp.dll
2013-03-07 01:21 - 2014-08-19 22:44 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-26 14:42 - 2015-01-26 14:42 - 02132992 _____ () c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll
2015-02-19 11:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-19 11:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-19 11:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-19 11:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-19 11:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\libcef.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\libGLESv2.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00908288 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\platforms\qwindows.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\libEGL.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\imageformats\qgif.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\imageformats\qico.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\imageformats\qjpeg.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\imageformats\qmng.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\imageformats\qsvg.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\imageformats\qtiff.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\qml\QtQuick.2\qtquick2plugin.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-02-10 21:06 - 2015-02-10 21:06 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5522\qml\QtQml\Models.2\modelsplugin.dll
2015-02-04 19:48 - 2015-02-04 19:48 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2015-01-28 11:26 - 2015-01-28 11:26 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3879160675-4012435332-690379533-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert Gantt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Alienware Survey => c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe /boot
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3879160675-4012435332-690379533-500 - Administrator - Disabled)
Guest (S-1-5-21-3879160675-4012435332-690379533-501 - Limited - Disabled)
Robert Gantt (S-1-5-21-3879160675-4012435332-690379533-1001 - Administrator - Enabled) => C:\Users\Robert Gantt
UpdatusUser (S-1-5-21-3879160675-4012435332-690379533-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2015 08:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 00:46:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDWelcome.exe version 2.4.40.130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1978

Start Time: 01d04d34ae8f82fe

Termination Time: 2

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

Report Id: 189492dd-b939-11e4-8529-d4bed9fd7d24

Error: (02/19/2015 00:15:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1248
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/19/2015 10:03:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:50:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x13cc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/18/2015 10:25:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2015 05:44:27 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5905309d-957a-4f1b-ba61-4b9b4110a49a}

Error: (02/15/2015 07:06:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xe0c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/12/2015 03:18:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/23/2015 10:48:08 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (02/23/2015 10:47:48 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.


Microsoft Office Sessions:
=========================
Error: (02/20/2015 08:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 00:46:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDWelcome.exe2.4.40.130197801d04d34ae8f82fe2C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe189492dd-b939-11e4-8529-d4bed9fd7d24

Error: (02/19/2015 00:15:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425124801d04c70af8de7f0C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9fbe1f66-b86b-11e4-8529-d4bed9fd7d24

Error: (02/19/2015 10:03:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:50:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142513cc01d04c04acf9ee7aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2fe2f00a-b7f8-11e4-a56e-d4bed9fd7d24

Error: (02/18/2015 10:25:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2015 05:44:27 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5905309d-957a-4f1b-ba61-4b9b4110a49a}

Error: (02/15/2015 07:06:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425e0c01d049851297f840C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5bce56b9-b580-11e4-8672-b8763f011e71

Error: (02/12/2015 03:18:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-01-26 16:57:14.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\combofix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-26 16:57:14.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\combofix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-26 16:38:41.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 47%
Total physical RAM: 6039.21 MB
Available physical RAM: 3175.6 MB
Total Pagefile: 12076.62 MB
Available Pagefile: 8756.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.24 GB) (Free:724.9 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:6.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E3002FBF)

Partition: GPT Partition Type.

==================== End Of Log ==========================

 

 

FRSt.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Robert Gantt (administrator) on ROBERTGANTT-PC on 23-02-2015 17:12:42
Running from C:\Users\Robert Gantt\Downloads
Loaded Profiles: Robert Gantt (Available profiles: UpdatusUser & Robert Gantt)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(PC-Doctor, Inc.) C:\Program Files\Alienware\SupportAssist\imstrayicon.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3783\Agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-08-19] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-08-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-08-19] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3879160675-4012435332-690379533-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49678;https=127.0.0.1:49678
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3879160675-4012435332-690379533-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3879160675-4012435332-690379533-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienwarearena.com/welcome-us
SearchScopes: HKLM -> DefaultScope {B7C20759-A899-4E0E-B5B3-1B7113F75DEF} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_02_ff&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0DyB0DtByEyDtAyCtBtN0D0Tzu0StCtDzyzytN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0E0EyCzyzyyBtAtG0CtBzzzytGzz0A0FtAtG0DyC0FtCtGyCtBtD0D0Fzy0BzyzztC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0A0ByE0BtByBtAtGtAzz0DtCtGyEyEtDyEtG0A0CtBtAtGyC0AyC0C0CyBtCtD0DyD0A0D2Q&cr=1238270057&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B7C20759-A899-4E0E-B5B3-1B7113F75DEF} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_02_ff&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0DyB0DtByEyDtAyCtBtN0D0Tzu0StCtDzyzytN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0E0EyCzyzyyBtAtG0CtBzzzytGzz0A0FtAtG0DyC0FtCtGyCtBtD0D0Fzy0BzyzztC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0A0ByE0BtByBtAtGtAzz0DtCtGyEyEtDyEtG0A0CtBtAtGyC0AyC0C0CyBtCtD0DyD0A0D2Q&cr=1238270057&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dwndlm_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0DyB0DtByEyDtAyCtBtN0D0Tzu0StCtCtBtCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyD0EyDzzyD0FtDtG0F0CtByCtG0EtD0EtCtGzytA0AzytGtDyEtD0E0F0D0A0EyCzytBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0A0ByE0BtByBtAtGtAzz0DtCtGyEyEtDyEtG0A0CtBtAtGyC0AyC0C0CyBtCtD0DyD0A0D2Q&cr=174623472&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879160675-4012435332-690379533-1001 -> DefaultScope {B7C20759-A899-4E0E-B5B3-1B7113F75DEF} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_02_ff&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0DyB0DtByEyDtAyCtBtN0D0Tzu0StCtDzyzytN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0E0EyCzyzyyBtAtG0CtBzzzytGzz0A0FtAtG0DyC0FtCtGyCtBtD0D0Fzy0BzyzztC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0A0ByE0BtByBtAtGtAzz0DtCtGyEyEtDyEtG0A0CtBtAtGyC0AyC0C0CyBtCtD0DyD0A0D2Q&cr=1238270057&ir=
SearchScopes: HKU\S-1-5-21-3879160675-4012435332-690379533-1001 -> {B7C20759-A899-4E0E-B5B3-1B7113F75DEF} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_15_02_ff&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0DyB0DtByEyDtAyCtBtN0D0Tzu0StCtDzyzytN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0E0EyCzyzyyBtAtG0CtBzzzytGzz0A0FtAtG0DyC0FtCtGyCtBtD0D0Fzy0BzyzztC0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0A0ByE0BtByBtAtGtAzz0DtCtGyEyEtDyEtG0A0CtBtAtGyC0AyC0C0CyBtCtD0DyD0A0D2Q&cr=1238270057&ir=
SearchScopes: HKU\S-1-5-21-3879160675-4012435332-690379533-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dwndlm_15_05_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0DyB0DtByEyDtAyCtBtN0D0Tzu0StCtCtBtCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyD0EyDzzyD0FtDtG0F0CtByCtG0EtD0EtCtGzytA0AzytGtDyEtD0E0F0D0A0EyCzytBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0A0ByE0BtByBtAtGtAzz0DtCtGyEyEtDyEtG0A0CtBtAtGyC0AyC0C0CyBtCtD0DyD0A0D2Q&cr=174623472&ir=
BHO: saoveron -> {60d87fb8-3b14-44d4-9b57-7ccf17eab249} -> C:\Program Files (x86)\saoveron\B7XY46m1qQbAzP.x64.dll ()
Toolbar: HKU\S-1-5-21-3879160675-4012435332-690379533-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Robert Gantt\AppData\Roaming\Mozilla\Firefox\Profiles\36qjocss.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DowwnloAditkEeupp - C:\Users\Robert Gantt\AppData\Roaming\Mozilla\Firefox\Profiles\36qjocss.default\Extensions\f@eoiQ.edu [2015-02-15]

Chrome:
=======
CHR Profile: C:\Users\Robert Gantt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Robert Gantt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-14]
CHR Extension: (YouTube) - C:\Users\Robert Gantt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google Search) - C:\Users\Robert Gantt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Robert Gantt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
CHR Extension: (Gmail) - C:\Users\Robert Gantt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [13168 2012-06-18] (Alienware)
R2 d164f2af; c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll [2132992 2015-01-26] () [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-09] (Dell Products, LP.) [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-16] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
S4 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [X]
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [X]
S2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [X]
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 CORK70; C:\Windows\System32\drivers\CORK70.sys [25600 2012-10-31] ( )
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
U0 falgmt; C:\Windows\System32\drivers\dltx.sys [79064 2015-02-23] (Malwarebytes Corporation)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-23] (Malwarebytes Corporation)
S3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-18] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39080 2014-05-18] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31400 2014-05-18] (Razer Inc)
S3 catchme; \??\C:\combofix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 17:12 - 2015-02-23 17:12 - 00016309 _____ () C:\Users\Robert Gantt\Downloads\FRST.txt
2015-02-23 17:09 - 2015-02-23 17:09 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\dltx.sys
2015-02-23 17:07 - 2015-02-23 17:12 - 00000000 ____D () C:\FRST
2015-02-23 17:06 - 2015-02-23 17:06 - 02087424 _____ (Farbar) C:\Users\Robert Gantt\Downloads\FRST64.exe
2015-02-23 17:03 - 2015-02-23 17:03 - 01127424 _____ (Farbar) C:\Users\Robert Gantt\Downloads\FRST.exe
2015-02-20 20:08 - 2015-02-20 20:11 - 00000000 ____D () C:\Users\Robert Gantt\Downloads\backups
2015-02-20 17:50 - 2015-02-20 20:10 - 00009644 _____ () C:\Users\Robert Gantt\Downloads\hijackthis.log
2015-02-20 17:47 - 2015-02-20 17:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Robert Gantt\Downloads\HijackThis.exe
2015-02-20 11:11 - 2015-01-26 16:57 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20150220-111133.backup
2015-02-19 11:24 - 2015-02-19 11:24 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-19 11:24 - 2015-02-19 11:24 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-19 11:24 - 2015-02-19 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-19 11:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-19 11:22 - 2015-02-19 11:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Robert Gantt\Downloads\spybot-2.4.exe
2015-02-18 22:29 - 2015-02-18 22:29 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Local\Plarium
2015-02-18 22:28 - 2015-02-18 22:28 - 01055936 _____ (Adobe) C:\Users\Robert Gantt\Downloads\flash_setup.exe
2015-02-18 22:28 - 2015-02-18 22:28 - 00783896 _____ (Web Internet ) C:\Users\Robert Gantt\Downloads\adobe_flash_setup(1).exe
2015-02-18 22:27 - 2015-02-18 22:27 - 00783896 _____ (Web Internet ) C:\Users\Robert Gantt\Downloads\adobe_flash_setup.exe
2015-02-15 19:05 - 2015-02-20 20:08 - 00000000 ____D () C:\Program Files (x86)\saoveron
2015-02-15 19:05 - 2015-02-16 05:44 - 00000000 ____D () C:\Program Files (x86)\DowwnloAditkEeupp
2015-02-15 19:05 - 2015-02-15 19:05 - 00000000 ____D () C:\ProgramData\18206463669944574754
2015-02-12 16:50 - 2015-02-12 16:50 - 00194956 _____ () C:\Users\Robert Gantt\Downloads\tMorph(3).zip
2015-02-12 16:50 - 2015-02-12 16:50 - 00000000 ____D () C:\Users\Robert Gantt\Downloads\tMorph(3)
2015-02-11 07:15 - 2015-01-22 21:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 07:15 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 07:15 - 2015-01-22 20:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 07:15 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:02 - 2015-02-19 08:37 - 00000426 _____ () C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-02-11 02:02 - 2015-02-11 02:02 - 00003256 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-02-11 02:02 - 2015-02-11 02:02 - 00000000 __HDC () C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-02-11 02:02 - 2015-02-11 02:02 - 00000000 ____D () C:\Program Files\Dell
2015-02-11 02:01 - 2015-02-20 15:17 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-02-11 02:01 - 2015-02-11 02:01 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-02-11 01:36 - 2015-02-23 14:45 - 00003504 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-11 01:36 - 2015-02-11 01:36 - 00004074 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-11 01:36 - 2015-02-11 01:36 - 00003254 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-11 01:36 - 2015-02-11 01:36 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-10 13:39 - 2015-02-03 20:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 13:39 - 2015-02-03 20:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 13:39 - 2015-02-03 20:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 13:39 - 2015-02-03 20:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 13:39 - 2015-02-03 20:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 13:39 - 2015-02-03 20:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 13:39 - 2015-02-03 20:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 13:39 - 2015-01-27 16:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 13:39 - 2015-01-09 23:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 13:39 - 2015-01-09 23:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 13:39 - 2015-01-09 23:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 13:39 - 2015-01-09 23:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 13:39 - 2015-01-09 23:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 13:39 - 2015-01-09 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 13:39 - 2015-01-09 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 13:39 - 2015-01-09 23:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 13:39 - 2015-01-09 23:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 13:39 - 2015-01-09 23:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 13:39 - 2015-01-09 23:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 13:39 - 2015-01-09 23:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 13:39 - 2015-01-09 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 13:39 - 2015-01-09 23:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 13:38 - 2015-01-15 01:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 13:38 - 2015-01-15 01:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 13:38 - 2015-01-15 01:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 13:38 - 2015-01-15 01:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 13:38 - 2015-01-15 01:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 13:38 - 2015-01-15 01:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 13:38 - 2015-01-15 01:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 13:38 - 2015-01-15 01:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 13:38 - 2015-01-15 01:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 13:38 - 2015-01-15 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 13:38 - 2015-01-15 01:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 13:38 - 2015-01-15 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 13:38 - 2015-01-15 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 13:38 - 2015-01-15 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 13:38 - 2015-01-15 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 13:38 - 2015-01-15 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 13:38 - 2015-01-15 00:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 13:38 - 2015-01-14 21:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 13:38 - 2015-01-13 22:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 13:38 - 2015-01-13 22:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 13:38 - 2015-01-12 20:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 13:38 - 2015-01-12 19:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 13:38 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 13:38 - 2015-01-11 20:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 13:38 - 2015-01-11 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 13:38 - 2015-01-11 19:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 13:38 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 13:38 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 13:38 - 2015-01-11 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 13:38 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 13:38 - 2015-01-11 19:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 13:38 - 2015-01-11 19:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 13:38 - 2015-01-11 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 13:38 - 2015-01-11 19:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 13:38 - 2015-01-11 19:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 13:38 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 13:38 - 2015-01-11 19:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 13:38 - 2015-01-11 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 13:38 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 13:38 - 2015-01-11 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 13:38 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 13:38 - 2015-01-11 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 13:38 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 13:38 - 2015-01-11 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 13:38 - 2015-01-11 19:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 13:38 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 13:38 - 2015-01-11 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 13:38 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 13:38 - 2015-01-11 19:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 13:38 - 2015-01-11 18:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 13:38 - 2015-01-11 18:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 13:38 - 2015-01-11 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 13:38 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 13:38 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 13:38 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 13:38 - 2015-01-11 18:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 13:38 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 13:38 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 13:38 - 2015-01-11 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 13:38 - 2015-01-11 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 13:38 - 2015-01-11 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 13:38 - 2015-01-11 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 13:38 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 13:38 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 13:38 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 13:38 - 2015-01-11 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 13:38 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 13:38 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 13:38 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 13:38 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 13:38 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 13:38 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 13:38 - 2014-12-11 22:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 13:38 - 2014-12-11 22:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 13:37 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 13:37 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 13:37 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 13:37 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 13:37 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 13:37 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 13:37 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 13:37 - 2015-01-08 19:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 13:37 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 13:37 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 13:37 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 13:37 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 13:37 - 2014-10-03 19:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 13:37 - 2014-10-03 18:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 13:37 - 2014-10-03 18:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-07 15:57 - 2015-02-07 15:57 - 00194956 _____ () C:\Users\Robert Gantt\Downloads\tMorph(2).zip
2015-02-07 15:57 - 2015-02-07 15:57 - 00000000 ____D () C:\Users\Robert Gantt\Downloads\tMorph(2)
2015-01-30 15:36 - 2015-01-30 15:36 - 00023760 _____ (Dell Computer Corporation) C:\Windows\system32\Drivers\DDDriver64Dcsa.sys
2015-01-30 15:36 - 2015-01-30 15:36 - 00023312 _____ (Dell Computer Corporation) C:\Windows\system32\Drivers\DellProf.sys
2015-01-28 11:26 - 2015-01-28 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 17:18 - 2015-01-26 17:19 - 00000085 _____ () C:\Windows\wininit.ini
2015-01-26 17:13 - 2015-01-26 17:13 - 00001266 _____ () C:\Users\Robert Gantt\Desktop\Revo Uninstaller.lnk
2015-01-26 17:13 - 2015-01-26 17:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-26 17:12 - 2015-01-26 17:12 - 00804568 _____ (Download Publisher) C:\Users\Robert Gantt\Downloads\Revo Uninstaller Setup.exe
2015-01-26 17:04 - 2015-01-26 17:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-26 17:03 - 2015-02-19 12:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-26 17:03 - 2015-02-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-26 17:02 - 2015-01-26 17:20 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Roaming\0D1T1C2W1P1G0D0L0M
2015-01-26 17:02 - 2015-01-26 17:02 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Robert Gantt\Downloads\Spybot Search & Destroy Setup [1].exe
2015-01-26 17:02 - 2015-01-26 17:02 - 00683840 _____ (DarwenDLM) C:\Users\Robert Gantt\Downloads\Spybot Search & Destroy Setup.exe
2015-01-26 17:01 - 2015-01-26 17:01 - 00025044 _____ () C:\ComboFix.txt
2015-01-26 16:57 - 2015-01-26 16:57 - 00000000 ____D () C:\Windows\erdnt
2015-01-26 16:50 - 2015-01-26 16:50 - 00804256 _____ (Download Publisher) C:\Users\Robert Gantt\Downloads\ComboFix Setup(1).exe
2015-01-26 16:44 - 2015-01-26 17:01 - 00000000 ____D () C:\Qoobox
2015-01-26 16:44 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-26 16:44 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-26 16:44 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-26 16:44 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-26 16:44 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-26 16:44 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-26 16:44 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-26 16:44 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-26 16:43 - 2015-01-26 16:43 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-26 16:38 - 2015-01-26 16:38 - 00804256 _____ (Download Publisher) C:\Users\Robert Gantt\Downloads\ComboFix Setup.exe
2015-01-26 15:56 - 2015-01-26 15:57 - 00303408 _____ () C:\Windows\Minidump\012615-14508-01.dmp
2015-01-26 15:51 - 2015-01-26 17:18 - 00000000 ____D () C:\ProgramData\fcaa5a3eef19e322
2015-01-26 15:02 - 2015-01-26 15:53 - 00000000 ____D () C:\Program Files (x86)\safErweeb
2015-01-26 15:02 - 2015-01-26 15:51 - 00000000 ____D () C:\Program Files (x86)\saaviNshop
2015-01-26 14:42 - 2015-01-26 16:25 - 00000000 ____D () C:\Program Files (x86)\IndepthEngine

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 17:13 - 2014-02-13 16:57 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Local\Battle.net
2015-02-23 17:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-23 17:02 - 2014-08-28 14:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 16:50 - 2013-03-07 01:33 - 01658138 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 16:48 - 2013-03-06 23:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 12:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Resources
2015-02-23 12:03 - 2009-07-13 21:51 - 00111333 _____ () C:\Windows\setupact.log
2015-02-23 09:42 - 2014-02-13 17:03 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-02-23 09:39 - 2014-05-19 15:07 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-02-23 04:54 - 2009-07-13 21:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 04:54 - 2009-07-13 21:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 20:14 - 2013-03-07 00:01 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2015-02-20 20:13 - 2013-03-07 00:08 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-02-20 20:13 - 2013-03-07 00:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-02-20 20:12 - 2013-05-15 23:40 - 00000000 ____D () C:\Program Files\Google
2015-02-20 20:12 - 2013-05-15 23:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-20 20:12 - 2013-03-07 01:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-20 20:12 - 2010-11-20 20:47 - 01092822 _____ () C:\Windows\PFRO.log
2015-02-20 20:12 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-20 20:11 - 2013-04-10 15:10 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Roaming\Skype
2015-02-20 17:47 - 2013-03-12 14:47 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Local\VirtualStore
2015-02-20 10:39 - 2013-03-06 23:59 - 00000000 ____D () C:\Program Files (x86)\Dell Wireless
2015-02-20 10:30 - 2013-05-15 23:40 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Local\Google
2015-02-20 10:30 - 2013-05-15 23:40 - 00000000 ____D () C:\ProgramData\Google
2015-02-19 10:04 - 2013-03-12 14:57 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Local\Deployment
2015-02-18 22:28 - 2013-04-02 12:24 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Local\Adobe
2015-02-16 20:16 - 2014-08-22 14:32 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-02-12 03:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 03:21 - 2009-07-13 21:45 - 00275776 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:20 - 2014-12-10 03:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:20 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:03 - 2014-06-16 14:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:01 - 2014-06-16 14:56 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 01:36 - 2013-03-13 16:00 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-11 01:36 - 2013-03-06 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2015-02-11 01:35 - 2013-03-06 23:55 - 00000000 ____D () C:\Program Files\Alienware
2015-02-10 21:26 - 2014-02-13 16:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-08 21:53 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 21:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 19:48 - 2013-03-06 23:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 19:48 - 2013-03-06 23:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 19:48 - 2013-03-06 23:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 15:25 - 2013-03-19 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 17:26 - 2014-03-20 14:51 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-26 17:01 - 2013-03-12 14:57 - 00000000 ____D () C:\Users\Robert Gantt\AppData\Local\Apps\2.0
2015-01-26 17:01 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-01-26 16:57 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-26 15:56 - 2014-05-14 10:33 - 691388395 _____ () C:\Windows\MEMORY.DMP
2015-01-26 15:56 - 2014-05-14 10:33 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 15:53 - 2014-08-28 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 15:53 - 2014-08-28 14:31 - 00000000 ____D () C:\Malwarebytes Anti-Malware
2015-01-26 15:53 - 2013-03-17 18:08 - 00000703 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 00:07

==================== End Of Log ============================

 



#4 Blindsided50

Blindsided50
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 23 February 2015 - 07:27 PM

p.s. i tried to post that log and Fix using frst but couldnt figure out how to get it to work.

Thanks for looking.



#5 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:13 PM

Posted 25 February 2015 - 04:49 AM

Hello Blindsided50,
 

p.s. i tried to post that log and Fix using frst but couldnt figure out how to get it to work.

Please do not try again to fix lines with FRST, thank you. :)

I do not see any installed Antivirus. For what reason do you not have an Antivirus?

Step 1
You have posted me the wrong log of Malwarebytes, I need the Scanlog

Please restart Malwarebytes
  • click on History
  • then on the left side on Application logs
  • please search here for the Scan Logs
  • doubleclick on the Scan Log you need (a new windows should open now}
  • click on export (perhaps you have to minimalize the window]
  • save the log as mbam.txt
  • open the log with your notepad
  • post the log in your thread
Step 2
Please post also the log created by Combofix, it is located under:
C:\ComboFix.txt

Step 3
  • Please download MBRScan and save it to your desktop.
  • Doubleclick on MBRScan.exe and click the Report button. (Vista and Windows 7 Users, right click on MBRScan and then click on run as administrator).
  • Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
  • When the scan is finished, a log file will appear.
  • Save that log file to your desktop and post its content in your next reply.

regards,

 

Sandra


#6 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:13 PM

Posted 27 February 2015 - 07:03 PM

Hello Blindsided50,

Are you still with me?

Please notice:
If you do not reply within the next 48 hours, I assume that you do not need my help anymore and this topic will be closed.

regards,

 

Sandra


#7 Blindsided50

Blindsided50
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 27 February 2015 - 09:02 PM

Hey.. I figured it out.

 

I had to reset my internet explorer and firefox because some addons got attached called "saoveron" and they were super pesky to delete. (uninstalling them from programs kept them on the addons of the browsers)

 

As of now everything looks good.

 

Appreciate the help, hopefully I don't have to ask for it again anytime soon.

 

Thanks a bunch!



#8 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:13 PM

Posted 28 February 2015 - 08:28 PM

Hello Blindsided50,

then you do not need my help anymore and this topic could be closed?

Please note: Your logs are looking for me a little bit inconclusive.

 

But of course it is your own decision if you want to get this topic closed. :)


regards,

 

Sandra


#9 Blindsided50

Blindsided50
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 28 February 2015 - 10:34 PM

Yeah you can close it.

 

I haven't had any issues since disabling addons/resetting firefox and internet explorer/ uninstalling  saoveron.

 

Thanks!



#10 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:12:13 PM

Posted 03 March 2015 - 05:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards,

 

Sandra





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users