Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access rootkit


  • This topic is locked This topic is locked
21 replies to this topic

#1 M1971

M1971

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 03 March 2015 - 07:57 PM

Thread started here http://www.bleepingcomputer.com/forums/t/568466/need-help-with-bsods/page-2

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Mario (administrator) on MARIO-PC on 03-03-2015 19:46:04
Running from C:\Users\Mario\Downloads
Loaded Profiles: Mario (Available profiles: Mario)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
() C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-04-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe [148480 2013-11-13] ()
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] ()
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\...\MountPoints2: {41de5cae-f9c9-11de-bfb9-806e6f6e6963} - "D:\Diablo III Setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {C137381A-180B-4A31-93C7-2AD839238E3D} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL =
Toolbar: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5997/mcfscan.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{267399AA-297B-4A9C-93E1-7363F5E51985}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 184.172.114.130,208.43.110.90

FireFox:
========
FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2092219217-2320858514-4229189638-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: ChatZilla - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-12-20]
FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30]

Chrome:
=======
CHR Profile: C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-23]
CHR Extension: (YouTube) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-23]
CHR Extension: (Google Search) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-23]
CHR Extension: (Gmail) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-01-05] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-01-05] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2010-05-19] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-02-25] ()
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
S0 sptd; System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 19:46 - 2015-03-03 19:46 - 00018729 _____ () C:\Users\Mario\Downloads\FRST.txt
2015-03-03 19:45 - 2015-03-03 19:46 - 00000000 ____D () C:\FRST
2015-03-03 19:44 - 2015-03-03 19:44 - 02092544 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2015-03-03 19:39 - 2015-03-03 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-03-03 19:33 - 2015-03-03 19:39 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-03-03 19:20 - 2015-03-03 19:21 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Mario\Downloads\cbSetup.exe
2015-03-03 19:09 - 2015-03-03 19:09 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267(2).msi
2015-03-03 19:06 - 2015-03-03 19:06 - 00000085 _____ () C:\Windows\wininit.ini
2015-03-03 18:55 - 2015-03-03 18:56 - 00002570 _____ () C:\Users\Mario\Desktop\Rkill.txt
2015-03-03 18:55 - 2015-03-03 18:55 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Mario\Downloads\rkill.com
2015-03-03 18:43 - 2015-03-03 18:43 - 00000833 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-03-03 18:36 - 2015-03-03 18:36 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267(1).msi
2015-03-03 17:54 - 2015-03-03 17:54 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267.msi
2015-03-03 17:44 - 2015-03-03 17:44 - 00000000 ____D () C:\Users\Mario\AppData\Local\Apps\2.0
2015-03-03 17:23 - 2015-03-03 17:23 - 00020322 _____ () C:\Users\Mario\Downloads\fixhosts.exe
2015-03-03 17:10 - 2015-03-03 17:10 - 00001075 _____ () C:\Users\Mario\Desktop\Malwarebytes Anti-Malware.txt
2015-03-03 14:01 - 2015-03-03 14:02 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\PCDr
2015-03-03 14:01 - 2015-03-03 14:01 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-03 07:22 - 2015-03-03 19:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 07:21 - 2015-03-03 07:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mario\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-03 07:21 - 2015-03-03 07:21 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 07:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 07:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-03 07:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-02 19:40 - 2015-03-02 19:40 - 02347384 _____ (ESET) C:\Users\Mario\Downloads\esetsmartinstaller_enu.exe
2015-03-02 19:40 - 2015-03-02 19:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-02 19:38 - 2015-03-02 19:38 - 00003547 _____ () C:\Users\Mario\Desktop\JRT.txt
2015-03-02 19:34 - 2015-03-02 19:34 - 01388333 _____ (Thisisu) C:\Users\Mario\Downloads\JRT.exe
2015-03-02 19:09 - 2015-03-02 19:10 - 02126848 _____ () C:\Users\Mario\Downloads\AdwCleaner.exe
2015-03-02 19:06 - 2015-03-02 19:07 - 00000000 ____D () C:\Users\Mario\Desktop\TDSSKiller
2015-03-02 19:06 - 2015-03-02 19:06 - 04176437 _____ () C:\Users\Mario\Downloads\tdsskiller.zip
2015-03-02 19:05 - 2015-03-02 19:05 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mario\Downloads\tdsskiller.exe
2015-02-27 01:59 - 2015-03-03 19:07 - 00024894 _____ () C:\Windows\PFRO.log
2015-02-26 22:51 - 2015-02-26 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-26 21:55 - 2015-02-26 21:55 - 00000798 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-02-26 21:55 - 2015-02-26 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-02-26 21:55 - 2015-02-26 21:55 - 00000000 ____D () C:\Program Files\Speccy
2015-02-26 21:45 - 2015-02-26 21:45 - 00000000 ____D () C:\Users\Mario\Desktop\Minitoolbox
2015-02-26 21:39 - 2015-03-02 19:02 - 00035095 _____ () C:\Users\Mario\Downloads\Result.txt
2015-02-26 21:38 - 2015-02-26 21:38 - 00401920 _____ (Farbar) C:\Users\Mario\Downloads\MiniToolBox.exe
2015-02-26 21:33 - 2015-02-26 21:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dumps
2015-02-26 20:42 - 2015-02-26 20:42 - 879296924 _____ () C:\Windows\MEMORY.DMP
2015-02-26 14:01 - 2015-03-03 19:36 - 00000728 _____ () C:\Windows\setupact.log
2015-02-26 14:01 - 2015-02-26 14:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 23:00 - 2015-02-25 23:00 - 00000000 ____D () C:\Users\Mario\AppData\Local\Microsoft Corporation
2015-02-25 21:09 - 2015-02-25 21:59 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
2015-02-25 21:09 - 2015-02-25 21:19 - 00000000 ____D () C:\ProgramData\TweakBit
2015-02-25 21:06 - 2015-03-02 21:06 - 00000366 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Mario).job
2015-02-25 21:06 - 2015-02-25 21:06 - 00003028 _____ () C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Mario)
2015-02-25 21:04 - 2015-02-25 21:58 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-02-25 21:04 - 2015-02-25 21:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-25 21:04 - 2015-02-25 21:21 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-02-25 21:04 - 2015-02-25 21:06 - 00000000 ____D () C:\Users\Mario\AppData\Local\SlimWare Utilities Inc
2015-02-25 21:04 - 2015-02-25 21:04 - 00000000 ____D () C:\Users\Mario\AppData\Local\Downloaded Installers
2015-02-25 21:04 - 2015-02-25 21:04 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-02-25 21:03 - 2015-02-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-02-25 03:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-15 01:15 - 2015-03-03 19:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-15 01:15 - 2015-03-03 19:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-15 01:15 - 2015-02-15 01:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-13 14:04 - 2015-02-26 14:29 - 00000426 _____ () C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-02-13 14:04 - 2015-02-26 14:29 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-02-13 14:04 - 2015-02-13 14:04 - 00003230 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-02-13 14:04 - 2015-02-13 14:04 - 00000000 __HDC () C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-02-12 21:53 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:53 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:53 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:53 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:03 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:03 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:03 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:03 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:03 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:03 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:03 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:03 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:03 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:03 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:03 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:03 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:03 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:03 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:03 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:03 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:03 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:03 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:03 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:03 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:03 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:03 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:03 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:03 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:03 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:03 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:03 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:03 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:03 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:03 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:03 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:03 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:03 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:03 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 09:03 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 09:02 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:02 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:02 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:02 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:02 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:02 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:02 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:02 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:02 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:02 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:02 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:02 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:02 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:02 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:02 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:02 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:02 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:02 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:02 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:02 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:02 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:02 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:02 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:02 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:02 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:02 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:02 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:02 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:02 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:02 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:02 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:02 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:02 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:02 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:02 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:02 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:02 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:02 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:02 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:01 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:01 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:01 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:01 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:01 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:01 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:01 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:01 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:01 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:01 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 13:09 - 2015-03-03 14:01 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-10 13:09 - 2015-02-22 22:07 - 00004030 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-10 13:09 - 2015-02-10 13:09 - 00003218 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-10 13:09 - 2015-02-10 13:09 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-10 13:09 - 2015-02-10 13:09 - 00000000 ____D () C:\Program Files\Dell Support Center

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 19:43 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 19:43 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 19:39 - 2009-07-14 00:10 - 01778439 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 19:36 - 2010-01-05 00:41 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2015-03-03 19:36 - 2010-01-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-03 19:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 19:12 - 2013-12-03 19:25 - 00000000 ____D () C:\AdwCleaner
2015-03-03 19:02 - 2013-06-13 01:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 17:07 - 2013-11-29 20:52 - 00000000 ____D () C:\ProgramData\Updater
2015-03-03 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2015-03-03 17:05 - 2010-01-11 19:14 - 00000000 ____D () C:\Temp
2015-03-03 08:17 - 2011-10-02 19:57 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 17:13 - 2014-08-17 16:30 - 00000000 ____D () C:\Program Files (x86)\MyHeritage
2015-02-27 01:59 - 2012-10-25 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 23:25 - 2015-01-17 04:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2015-02-26 20:42 - 2014-05-09 19:56 - 00000000 ____D () C:\Windows\Minidump
2015-02-26 14:02 - 2010-01-05 01:52 - 00000000 ____D () C:\dell
2015-02-25 22:12 - 2012-11-11 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-02-25 22:12 - 2012-11-11 01:13 - 00000000 ____D () C:\Program Files (x86)\GameTop.com
2015-02-25 22:06 - 2011-11-01 20:19 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-25 22:06 - 2011-11-01 20:19 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-02-25 22:06 - 2010-01-05 00:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-18 18:49 - 2010-01-11 21:40 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-16 03:03 - 2012-01-01 02:35 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-16 03:02 - 2009-07-14 00:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 09:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-15 02:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 14:04 - 2010-01-05 00:36 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-02-13 14:04 - 2010-01-05 00:32 - 00000000 ____D () C:\Program Files\Dell
2015-02-12 03:29 - 2009-07-13 23:45 - 00368808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:26 - 2014-12-10 03:22 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:26 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 03:07 - 2012-05-01 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 03:07 - 2012-01-01 02:35 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:07 - 2012-01-01 02:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:07 - 2012-01-01 02:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 03:06 - 2013-07-25 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:02 - 2010-01-19 00:40 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 13:09 - 2010-01-05 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-05 03:02 - 2013-06-13 01:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 03:02 - 2012-06-24 19:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 03:02 - 2011-05-31 16:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-01-11 19:04 - 2010-04-30 16:27 - 8656832 _____ (Dell, Inc.                                                   ) C:\Users\Mario\AppData\Roaming\DataSafeDotNet.exe
2010-01-14 02:08 - 2011-09-21 18:45 - 0001734 _____ () C:\Users\Mario\AppData\Roaming\wklnhst.dat
2011-10-26 20:37 - 2013-12-04 18:27 - 0007607 _____ () C:\Users\Mario\AppData\Local\resmon.resmoncfg
2010-08-03 23:25 - 2010-08-03 23:25 - 0000000 _____ () C:\Users\Mario\AppData\Local\rx_image32.Cache

ZeroAccess:
C:\Windows\Installer\{77a5d38b-a370-e51a-8f61-2731789fef66}

Some content of TEMP:
====================
C:\Users\Mario\AppData\Local\Temp\BRSVC_1105267_hlp.exe
C:\Users\Mario\AppData\Local\Temp\Quarantine.exe
C:\Users\Mario\AppData\Local\Temp\sqlite3.dll
C:\Users\Mario\AppData\Local\Temp\Uninstaller-3532.exe
C:\Users\Mario\AppData\Local\Temp\Uninstaller-4672.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 04:09

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:04 AM

Posted 04 March 2015 - 07:11 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1


Please uninstall some programs:
  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall: Pirates of the Burning Sea, Social Privacy DNS, Video Download Converter
  • Reboot your computer.
Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

Edited by deeprybka, 04 March 2015 - 12:05 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 M1971

M1971
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 04 March 2015 - 05:47 PM

Dear Jürgen,

 

Thanks for the help on this issue.

 

Step 1: Search and select the following programs one by one and click on Uninstall: Pirates of the Burning Sea, Social Privacy DNS, Video Download Converter

  • Pirates of the burning sea, I tried to Uninstall and received the following error "There was a problem doing the uninstall (1001).
  • Social Privacy DNS, removed.
  • Video Download Converter, removed.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:04 AM

Posted 04 March 2015 - 05:49 PM

Ok, no problem. Please go ahead and run Combofix. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 M1971

M1971
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 04 March 2015 - 06:12 PM

Reboot PC and ran Combofix.

 

ComboFix 15-03-01.01 - Mario 03/04/2015  17:52:36.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.5991 [GMT -5:00]
Running from: c:\users\Mario\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\6584\AddOnDownloaded\0124e21d-018c-4ce0-92a3-b9e205a76bc0.dll
c:\programdata\PCDr\6584\AddOnDownloaded\01729c78-925e-4e01-a2dd-3c0f0989e6d1.dll
c:\programdata\PCDr\6584\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6584\AddOnDownloaded\095557b2-2408-4eaf-b39b-d55c8606482c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6584\AddOnDownloaded\10494c60-ec8b-4856-b24a-b6d076c4499f.dll
c:\programdata\PCDr\6584\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6584\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6584\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6584\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2b7a7ebb-6083-4253-a1e6-149883b6eb45.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6584\AddOnDownloaded\481fbe3e-ec08-4d5a-94ea-95c753609e7c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\48476a77-44f9-40a8-a623-f3402f22b01b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6584\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6584\AddOnDownloaded\5dc7cfd3-e8ce-4478-9404-0ae32511b353.dll
c:\programdata\PCDr\6584\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\649574c7-1acb-458c-a846-1bc04bfcdb93.dll
c:\programdata\PCDr\6584\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6b56d7e1-5ac6-46da-8615-10fbe2919ac8.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6f9e83ca-5216-40db-863d-61ffff2a1563.dll
c:\programdata\PCDr\6584\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\7419b29f-5d5c-499d-8452-7a5038bd3fda.dll
c:\programdata\PCDr\6584\AddOnDownloaded\76fc066e-4bb6-4b62-ae6a-29b9d7925a3d.dll
c:\programdata\PCDr\6584\AddOnDownloaded\7bcbc662-5181-400d-af1d-2d1e64d3d11a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\7c5b1d75-4145-4f69-b184-a8fb559fd417.dll
c:\programdata\PCDr\6584\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\812fed95-c1fb-4695-be1a-fd6265302cf9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\846b4c9b-a7ba-4fb5-8d64-0e84281ea84e.dll
c:\programdata\PCDr\6584\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6584\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6584\AddOnDownloaded\95863b84-2a1c-4539-bd21-ffbef3ea7fd9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\9afbb1e4-1951-4d6e-bd32-2e0e5254786f.dll
c:\programdata\PCDr\6584\AddOnDownloaded\9e10a8b6-7648-420f-8bcb-2995fcb06133.dll
c:\programdata\PCDr\6584\AddOnDownloaded\9fdca848-c74c-4268-a5da-d22aa5d0d3cb.dll
c:\programdata\PCDr\6584\AddOnDownloaded\a05de01f-6d84-4008-82c8-44786a5ba980.dll
c:\programdata\PCDr\6584\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6584\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6584\AddOnDownloaded\ac83e4d3-2f37-4679-a3b4-b7f5aa568264.dll
c:\programdata\PCDr\6584\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6584\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6584\AddOnDownloaded\b282128e-9a7f-43e3-90a2-c1f1133ea714.dll
c:\programdata\PCDr\6584\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6584\AddOnDownloaded\b79eb8ca-c461-4cb3-b3f9-d11b2bbc6a94.dll
c:\programdata\PCDr\6584\AddOnDownloaded\b9f9154e-1581-4a2a-a195-eeb46e9e239b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6584\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6584\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\c6528f35-d623-4e84-a9b2-58ecb22dabd4.dll
c:\programdata\PCDr\6584\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6584\AddOnDownloaded\c74b2d1b-fd92-4f74-8532-20f83f9afd65.dll
c:\programdata\PCDr\6584\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dll
c:\programdata\PCDr\6584\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6584\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6584\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6584\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6584\AddOnDownloaded\de3a7d98-874b-4dcb-993c-f377c119ad11.dll
c:\programdata\PCDr\6584\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6584\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6584\AddOnDownloaded\e9989bf5-6e5a-458d-95b5-aeef6c90b51c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\edb10714-8498-4679-a667-4c4c359de017.dll
c:\programdata\PCDr\6584\AddOnDownloaded\ee407ae9-f049-49d4-8f82-50991610c8f5.dll
c:\programdata\PCDr\6584\AddOnDownloaded\ee4747a4-1d1b-42c1-8a8c-1de04bbb2379.dll
c:\programdata\PCDr\6584\AddOnDownloaded\ef32b2f9-e518-400c-8172-d1a06ae9d208.dll
c:\programdata\PCDr\6584\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6584\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6584\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6584\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\programdata\PCDr\6584\AddOnDownloaded\fbd50850-4122-4fe3-a72e-fcbe58a0f196.dll
c:\users\Mario\AppData\Roaming\mIRC\logs\status.log
c:\windows\hosts
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-04 to 2015-03-04  )))))))))))))))))))))))))))))))
.
.
2015-03-04 22:59 . 2015-03-04 22:59    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2015-03-04 22:59 . 2015-03-04 22:59    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-03-04 00:45 . 2015-03-04 00:46    --------    d-----w-    C:\FRST
2015-03-04 00:33 . 2015-03-04 00:39    --------    d-----w-    c:\program files (x86)\Cobian Backup 11
2015-03-03 23:49 . 2015-01-29 09:07    11910896    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CA74C7A-49D0-4177-A253-AF5B59D0CF78}\mpengine.dll
2015-03-03 22:44 . 2015-03-03 22:44    --------    d-----w-    c:\users\Mario\AppData\Local\Apps
2015-03-03 19:01 . 2015-03-03 19:02    --------    d-----w-    c:\users\Mario\AppData\Roaming\PCDr
2015-03-03 19:01 . 2015-03-03 19:01    --------    d-----w-    c:\programdata\PCDr
2015-03-03 12:22 . 2015-03-04 22:49    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 12:21 . 2015-03-03 12:21    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-03 12:21 . 2015-03-03 12:21    --------    d-----w-    c:\programdata\Malwarebytes
2015-03-03 12:21 . 2014-11-21 11:14    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-03-03 12:21 . 2014-11-21 11:14    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-03-03 12:21 . 2014-11-21 11:14    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-03-03 00:40 . 2015-03-03 00:40    --------    d-----w-    c:\program files (x86)\ESET
2015-03-02 23:32 . 2015-01-29 09:07    11910896    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-27 03:51 . 2015-02-27 04:25    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2015-02-27 02:55 . 2015-02-27 02:55    --------    d-----w-    c:\program files\Speccy
2015-02-26 04:00 . 2015-02-26 04:00    --------    d-----w-    c:\users\Mario\AppData\Local\Microsoft Corporation
2015-02-26 02:09 . 2015-02-26 02:19    --------    d-----w-    c:\programdata\TweakBit
2015-02-26 02:04 . 2015-02-26 02:04    --------    d-----w-    c:\programdata\SlimWare Utilities Inc
2015-02-26 02:04 . 2015-02-26 02:21    --------    d-----w-    c:\program files\SlimCleaner Plus
2015-02-26 02:04 . 2015-02-26 02:04    --------    d-----w-    c:\users\Mario\AppData\Local\Downloaded Installers
2015-02-26 02:04 . 2015-02-26 02:54    16152    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2015-02-26 02:04 . 2015-02-26 02:06    --------    d-----w-    c:\users\Mario\AppData\Local\SlimWare Utilities Inc
2015-02-26 02:04 . 2015-02-26 02:58    --------    d-----w-    c:\program files (x86)\DriverUpdate
2015-02-21 15:11 . 2014-09-16 23:16    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88D49F0C-2BA9-405B-9D12-74F1C58F7527}\gapaengine.dll
2015-02-15 06:15 . 2015-03-04 00:06    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2015-02-15 06:15 . 2015-03-04 00:07    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2015-02-13 19:04 . 2015-02-13 19:04    --------    dc-h--w-    c:\programdata\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-02-13 19:04 . 2015-02-26 19:29    --------    d-----w-    c:\programdata\SupportAssistAgent
2015-02-13 02:53 . 2015-01-23 03:43    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2015-02-13 02:53 . 2015-01-23 03:17    4300800    ----a-w-    c:\windows\SysWow64\jscript9.dll
2015-02-13 02:53 . 2015-01-23 04:42    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-02-13 02:53 . 2015-01-23 04:41    6041600    ----a-w-    c:\windows\system32\jscript9.dll
2015-02-11 14:02 . 2015-01-12 02:40    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2015-02-11 14:01 . 2014-12-08 03:09    406528    ----a-w-    c:\windows\system32\scesrv.dll
2015-02-11 14:01 . 2014-12-08 02:46    308224    ----a-w-    c:\windows\SysWow64\scesrv.dll
2015-02-11 14:01 . 2015-01-14 06:09    5554112    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-02-11 14:01 . 2015-01-14 05:44    3972544    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 14:01 . 2015-01-14 05:44    3917760    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 14:01 . 2015-01-14 06:05    503808    ----a-w-    c:\windows\system32\srcore.dll
2015-02-11 14:01 . 2015-01-14 06:05    50176    ----a-w-    c:\windows\system32\srclient.dll
2015-02-11 14:01 . 2015-01-14 06:04    296960    ----a-w-    c:\windows\system32\rstrui.exe
2015-02-11 14:01 . 2015-01-14 05:41    43008    ----a-w-    c:\windows\SysWow64\srclient.dll
2015-02-11 14:01 . 2015-01-09 02:03    3201536    ----a-w-    c:\windows\system32\win32k.sys
2015-02-10 18:09 . 2015-02-10 18:09    --------    d-----w-    c:\programdata\PC-Doctor for Windows
2015-02-10 18:09 . 2015-02-10 18:09    --------    d-----w-    c:\program files\Dell Support Center
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-03 13:17 . 2011-10-03 00:57    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-12 08:02 . 2010-01-19 05:40    116773704    ----a-w-    c:\windows\system32\MRT.exe
2015-02-05 08:02 . 2012-06-25 00:18    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 08:02 . 2011-05-31 21:03    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-30 22:36 . 2015-01-30 22:36    23760    ----a-w-    c:\windows\system32\drivers\DDDriver64Dcsa.sys
2015-01-30 22:36 . 2015-01-30 22:36    23312    ----a-w-    c:\windows\system32\drivers\DellProf.sys
2014-12-19 03:06 . 2015-01-14 08:16    210432    ----a-w-    c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 08:16    141312    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 08:16    52736    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 08:16    303616    ----a-w-    c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 08:16    52224    ----a-w-    c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 08:16    156672    ----a-w-    c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-29 6501656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2009-09-17 120048]
.
c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/04 23:24];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl;c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 08:02]
.
2015-02-26 c:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
- c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{267399AA-297B-4A9C-93E1-7363F5E51985}: NameServer = 184.172.114.130,208.43.110.90
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 184.172.114.130,208.43.110.90
FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-e - c:\programdata\bitraider\brwc.exe
AddRemove-sp@sp.com - c:\program files (x86)\Social Privacy\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2092219217-2320858514-4229189638-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2092219217-2320858514-4229189638-1001\Software\SecuROM\License information*]
"datasecu"=hex:03,b4,9e,3a,23,06,6d,6e,c2,6f,9a,65,f0,e1,84,3a,24,e6,51,f2,f2,
   c2,f0,c6,28,2f,71,2f,ae,84,86,37,70,f6,f9,af,04,4d,de,d7,6f,89,8e,62,c3,75,\
"rkeysecu"=hex:44,f6,42,e6,51,3d,5e,fe,03,74,13,11,77,51,0f,a4
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-04  18:02:09
ComboFix-quarantined-files.txt  2015-03-04 23:02
.
Pre-Run: 458,632,540,160 bytes free
Post-Run: 458,507,558,912 bytes free
.
- - End Of File - - 65E6B3FD38892C4CF2EAD0779329DD2A
35C6B2FCDE68FACBEFE0A4A7200BAE58
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:04 AM

Posted 04 March 2015 - 06:17 PM

Ok, next steps are:

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2
Scan with mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 04 March 2015 - 06:18 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 M1971

M1971
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 04 March 2015 - 06:25 PM

Ran AdwCleaner, like previous times it was unable to complete. It gets stuck in "scanning web browsers".

 

Running Malwarebytes next.


Edited by M1971, 04 March 2015 - 06:29 PM.


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:04 AM

Posted 04 March 2015 - 06:33 PM

OK.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 M1971

M1971
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 04 March 2015 - 06:44 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/4/2015
Scan Time: 6:27:19 PM
Logfile: Malwarebytes Anti-Malware 3.4.2015.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.04.07
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mario

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385653
Time Elapsed: 9 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:04 AM

Posted 04 March 2015 - 06:46 PM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
Step 2

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 M1971

M1971
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 04 March 2015 - 06:50 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Mario (administrator) on MARIO-PC on 04-03-2015 18:44:53
Running from C:\Users\Mario\Downloads
Loaded Profiles: Mario (Available profiles: Mario)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-04-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {C137381A-180B-4A31-93C7-2AD839238E3D} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL =
Toolbar: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5997/mcfscan.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{267399AA-297B-4A9C-93E1-7363F5E51985}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 184.172.114.130,208.43.110.90

FireFox:
========
FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2092219217-2320858514-4229189638-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: ChatZilla - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-12-20]
FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30]

Chrome:
=======
CHR Profile: C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-23]
CHR Extension: (YouTube) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-23]
CHR Extension: (Google Search) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-23]
CHR Extension: (Gmail) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-01-05] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-01-05] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2010-05-19] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-02-25] ()
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 18:43 - 2015-03-04 18:43 - 00001083 _____ () C:\Users\Mario\Desktop\Malwarebytes Anti-Malware 3.4.2015.txt
2015-03-04 18:13 - 2015-03-04 18:13 - 00030368 _____ () C:\Users\Mario\Desktop\Combofix 3.4.2015 6.12pm.txt
2015-03-04 18:02 - 2015-03-04 18:02 - 00030368 _____ () C:\ComboFix.txt
2015-03-04 17:51 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-04 17:51 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-04 17:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-04 17:50 - 2015-03-04 18:02 - 00000000 ____D () C:\Qoobox
2015-03-04 17:50 - 2015-03-04 18:00 - 00000000 ____D () C:\Windows\erdnt
2015-03-04 17:49 - 2015-03-04 17:49 - 05612482 ____R (Swearware) C:\Users\Mario\Downloads\ComboFix.exe
2015-03-03 19:46 - 2015-03-04 18:45 - 00018117 _____ () C:\Users\Mario\Downloads\FRST.txt
2015-03-03 19:46 - 2015-03-03 19:46 - 00034428 _____ () C:\Users\Mario\Downloads\Addition.txt
2015-03-03 19:45 - 2015-03-04 18:44 - 00000000 ____D () C:\FRST
2015-03-03 19:44 - 2015-03-03 19:44 - 02092544 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2015-03-03 19:39 - 2015-03-03 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-03-03 19:33 - 2015-03-03 19:39 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-03-03 19:20 - 2015-03-03 19:21 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Mario\Downloads\cbSetup.exe
2015-03-03 19:09 - 2015-03-03 19:09 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267(2).msi
2015-03-03 18:55 - 2015-03-03 18:56 - 00002570 _____ () C:\Users\Mario\Desktop\Rkill.txt
2015-03-03 18:55 - 2015-03-03 18:55 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Mario\Downloads\rkill.com
2015-03-03 18:43 - 2015-03-03 18:43 - 00000833 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-03-03 18:36 - 2015-03-03 18:36 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267(1).msi
2015-03-03 17:54 - 2015-03-03 17:54 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267.msi
2015-03-03 17:44 - 2015-03-03 17:44 - 00000000 ____D () C:\Users\Mario\AppData\Local\Apps\2.0
2015-03-03 17:23 - 2015-03-03 17:23 - 00020322 _____ () C:\Users\Mario\Downloads\fixhosts.exe
2015-03-03 17:10 - 2015-03-03 17:10 - 00001075 _____ () C:\Users\Mario\Desktop\Malwarebytes Anti-Malware.txt
2015-03-03 14:01 - 2015-03-03 14:02 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\PCDr
2015-03-03 14:01 - 2015-03-03 14:01 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-03 07:22 - 2015-03-04 18:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 07:21 - 2015-03-03 07:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mario\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-03 07:21 - 2015-03-03 07:21 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 07:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 07:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-03 07:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-02 19:40 - 2015-03-02 19:40 - 02347384 _____ (ESET) C:\Users\Mario\Downloads\esetsmartinstaller_enu.exe
2015-03-02 19:40 - 2015-03-02 19:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-02 19:38 - 2015-03-02 19:38 - 00003547 _____ () C:\Users\Mario\Desktop\JRT.txt
2015-03-02 19:34 - 2015-03-02 19:34 - 01388333 _____ (Thisisu) C:\Users\Mario\Downloads\JRT.exe
2015-03-02 19:09 - 2015-03-02 19:10 - 02126848 _____ () C:\Users\Mario\Downloads\AdwCleaner.exe
2015-03-02 19:06 - 2015-03-02 19:07 - 00000000 ____D () C:\Users\Mario\Desktop\TDSSKiller
2015-03-02 19:06 - 2015-03-02 19:06 - 04176437 _____ () C:\Users\Mario\Downloads\tdsskiller.zip
2015-03-02 19:05 - 2015-03-02 19:05 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mario\Downloads\tdsskiller.exe
2015-02-27 01:59 - 2015-03-03 19:07 - 00024894 _____ () C:\Windows\PFRO.log
2015-02-26 22:51 - 2015-02-26 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-26 21:55 - 2015-02-26 21:55 - 00000798 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-02-26 21:55 - 2015-02-26 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-02-26 21:55 - 2015-02-26 21:55 - 00000000 ____D () C:\Program Files\Speccy
2015-02-26 21:45 - 2015-02-26 21:45 - 00000000 ____D () C:\Users\Mario\Desktop\Minitoolbox
2015-02-26 21:39 - 2015-03-02 19:02 - 00035095 _____ () C:\Users\Mario\Downloads\Result.txt
2015-02-26 21:38 - 2015-02-26 21:38 - 00401920 _____ (Farbar) C:\Users\Mario\Downloads\MiniToolBox.exe
2015-02-26 21:33 - 2015-02-26 21:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dumps
2015-02-26 20:42 - 2015-02-26 20:42 - 879296924 _____ () C:\Windows\MEMORY.DMP
2015-02-26 14:01 - 2015-03-04 17:48 - 00000840 _____ () C:\Windows\setupact.log
2015-02-26 14:01 - 2015-02-26 14:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 23:00 - 2015-02-25 23:00 - 00000000 ____D () C:\Users\Mario\AppData\Local\Microsoft Corporation
2015-02-25 21:09 - 2015-02-25 21:59 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
2015-02-25 21:09 - 2015-02-25 21:19 - 00000000 ____D () C:\ProgramData\TweakBit
2015-02-25 21:04 - 2015-02-25 21:58 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-02-25 21:04 - 2015-02-25 21:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-25 21:04 - 2015-02-25 21:21 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-02-25 21:04 - 2015-02-25 21:06 - 00000000 ____D () C:\Users\Mario\AppData\Local\SlimWare Utilities Inc
2015-02-25 21:04 - 2015-02-25 21:04 - 00000000 ____D () C:\Users\Mario\AppData\Local\Downloaded Installers
2015-02-25 21:04 - 2015-02-25 21:04 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-02-25 21:03 - 2015-02-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-02-25 03:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-15 01:15 - 2015-03-03 19:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-15 01:15 - 2015-03-03 19:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-15 01:15 - 2015-02-15 01:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-13 14:04 - 2015-02-26 14:29 - 00000426 _____ () C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-02-13 14:04 - 2015-02-26 14:29 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-02-13 14:04 - 2015-02-13 14:04 - 00003230 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-02-13 14:04 - 2015-02-13 14:04 - 00000000 __HDC () C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-02-12 21:53 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:53 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:53 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:53 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:03 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:03 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:03 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:03 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:03 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:03 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:03 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:03 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:03 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:03 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:03 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:03 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:03 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:03 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:03 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:03 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:03 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:03 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:03 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:03 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:03 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:03 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:03 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:03 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:03 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:03 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:03 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:03 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:03 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:03 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:03 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:03 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:03 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:03 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 09:03 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 09:02 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:02 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:02 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:02 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:02 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:02 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:02 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:02 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:02 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:02 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:02 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:02 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:02 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:02 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:02 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:02 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:02 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:02 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:02 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:02 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:02 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:02 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:02 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:02 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:02 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:02 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:02 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:02 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:02 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:02 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:02 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:02 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:02 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:02 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:02 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:02 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:02 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:02 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:02 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:01 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:01 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:01 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:01 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:01 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:01 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:01 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:01 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:01 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:01 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 13:09 - 2015-03-03 14:01 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-10 13:09 - 2015-02-22 22:07 - 00004030 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-10 13:09 - 2015-02-10 13:09 - 00003218 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-10 13:09 - 2015-02-10 13:09 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-10 13:09 - 2015-02-10 13:09 - 00000000 ____D () C:\Program Files\Dell Support Center

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 18:24 - 2013-12-03 19:25 - 00000000 ____D () C:\AdwCleaner
2015-03-04 18:02 - 2013-06-13 01:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:02 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-03-04 17:59 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-04 17:56 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:56 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:54 - 2009-07-14 00:10 - 01821957 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 17:49 - 2010-01-05 00:41 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2015-03-04 17:49 - 2010-01-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-04 17:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 17:07 - 2013-11-29 20:52 - 00000000 ____D () C:\ProgramData\Updater
2015-03-03 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2015-03-03 17:05 - 2010-01-11 19:14 - 00000000 ____D () C:\Temp
2015-03-03 08:17 - 2011-10-02 19:57 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 17:13 - 2014-08-17 16:30 - 00000000 ____D () C:\Program Files (x86)\MyHeritage
2015-02-27 01:59 - 2012-10-25 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 23:25 - 2015-01-17 04:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2015-02-26 20:42 - 2014-05-09 19:56 - 00000000 ____D () C:\Windows\Minidump
2015-02-26 14:02 - 2010-01-05 01:52 - 00000000 ____D () C:\dell
2015-02-25 22:12 - 2012-11-11 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-02-25 22:12 - 2012-11-11 01:13 - 00000000 ____D () C:\Program Files (x86)\GameTop.com
2015-02-25 22:06 - 2011-11-01 20:19 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-25 22:06 - 2011-11-01 20:19 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-02-25 22:06 - 2010-01-05 00:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-18 18:49 - 2010-01-11 21:40 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-16 03:03 - 2012-01-01 02:35 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-16 03:02 - 2009-07-14 00:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 09:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-15 02:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 14:04 - 2010-01-05 00:36 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-02-13 14:04 - 2010-01-05 00:32 - 00000000 ____D () C:\Program Files\Dell
2015-02-12 03:29 - 2009-07-13 23:45 - 00368808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:26 - 2014-12-10 03:22 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:26 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 03:07 - 2012-05-01 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 03:07 - 2012-01-01 02:35 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:07 - 2012-01-01 02:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:07 - 2012-01-01 02:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 03:06 - 2013-07-25 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:02 - 2010-01-19 00:40 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 13:09 - 2010-01-05 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-05 03:02 - 2013-06-13 01:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 03:02 - 2012-06-24 19:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 03:02 - 2011-05-31 16:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-01-11 19:04 - 2010-04-30 16:27 - 8656832 _____ (Dell, Inc.                                                   ) C:\Users\Mario\AppData\Roaming\DataSafeDotNet.exe
2010-01-14 02:08 - 2011-09-21 18:45 - 0001734 _____ () C:\Users\Mario\AppData\Roaming\wklnhst.dat
2011-10-26 20:37 - 2013-12-04 18:27 - 0007607 _____ () C:\Users\Mario\AppData\Local\resmon.resmoncfg
2010-08-03 23:25 - 2010-08-03 23:25 - 0000000 _____ () C:\Users\Mario\AppData\Local\rx_image32.Cache

ZeroAccess:
C:\Windows\Installer\{77a5d38b-a370-e51a-8f61-2731789fef66}

Some content of TEMP:
====================
C:\Users\Mario\AppData\Local\Temp\Quarantine.exe
C:\Users\Mario\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 04:09

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Mario at 2015-03-04 18:45:26
Running from C:\Users\Mario\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0918.2131 - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech GamePanel Software 3.03.133 (HKLM\...\{6CC95B76-D380-46B2-9022-9353938E48BA}) (Version: 3.03.133 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.2 - Pando Networks Inc.)
Pirates of the Burning Sea (English) (HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\...\SOE-Pirates of the Burning Sea (English)) (Version:  - Sony Online Entertainment) <==== ATTENTION!
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
s (HKLM-x32\...\e) (Version: 1.0.0.1 - )
Safari (HKLM-x32\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Skins (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
Social Privacy (HKLM-x32\...\sp@sp.com) (Version:  - )
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TomTom HOME 2.8.1.2218 (HKLM-x32\...\TomTom HOME) (Version: 2.8.1.2218 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-02-2015 22:06:25 Removed Hi-Command
25-02-2015 22:55:08 Installed Windows 7 Upgrade Advisor
25-02-2015 23:55:09 Installed Microsoft Fix it 50848
28-02-2015 12:05:02 Windows Update
01-03-2015 17:12:01 Removed Windows 7 Upgrade Advisor
03-03-2015 17:12:30 Removed Java 7 Update 55
03-03-2015 17:54:44 Installed Microsoft Fix it 50267
03-03-2015 18:36:24 Installed Microsoft Fix it 50267
03-03-2015 18:49:34 Windows Update
03-03-2015 19:09:22 Installed Microsoft Fix it 50267

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-03 19:09 - 2015-03-04 17:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06041417-5803-48C2-82B0-21D181579250} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {06941AF5-CE3F-49CD-A7A8-C66EABEC0CB0} - System32\Tasks\{16090E58-D37A-4459-B022-37BF32062AC2} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {0D68CC8E-D0A9-4E02-ABBA-C8195BABE935} - System32\Tasks\{AAFBFEC0-C78A-4C03-9B77-B1C84B748134} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {28E6A324-6B51-4B12-9736-734D61A18671} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {3A31311E-E01A-462B-BC3D-01873564F9C5} - System32\Tasks\{54BE263B-0B3C-412B-B6A4-AE6B656C9982} => pcalua.exe -a C:\Users\Mario\Downloads\jre-6u26-windows-i586-iftw.exe -d C:\Windows\SysWOW64
Task: {3DC978DC-1E45-485B-9A31-15B5E848BEB4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {43703E9D-BB82-4F43-AE67-FF7173870784} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {4CF996B5-4D43-475F-9182-2711ED009448} - System32\Tasks\{2FE31F82-048E-4ACA-9DE5-A88B92AD5D69} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {4F0A0C0C-A9AF-4E6F-8396-15BBEE6D0A94} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4FC46ADC-C023-45D1-B63F-46974D79989B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {5FAF331A-5788-4041-AB7B-2283F20C64CC} - System32\Tasks\{1EA35230-0B66-48A5-A9BB-F22D4BF24404} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {632E3A82-36E9-4C98-834D-4E3A694606B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {6707FC56-C38E-49E5-A5BC-54D870198FB7} - System32\Tasks\{FF428653-DC99-4353-9033-889453E640C6} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {672E2C34-F404-4068-9A72-57255DE61E57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {761C825F-8851-49FF-AA12-5713C8AC0DCE} - System32\Tasks\{B3ED1F78-E87F-4116-9224-77A4794E6F13} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {8E205A0D-B72B-4771-8E6B-18A0E3506B0F} - \AmiUpdXp No Task File <==== ATTENTION
Task: {A6BF5B63-596B-436A-9D4F-2491A01D6E06} - System32\Tasks\{CD57C1C6-E189-452C-ACE6-BC8BCA600E20} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" -d "C:\Program Files (x86)\Mozilla Thunderbird" -c /UpdateShortcutAppUserModelIds
Task: {BC1BE5B4-8869-492F-A896-04CFAC6D14F3} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {D15C9D30-1794-406E-A0DB-BA778143BDFE} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
Task: {D287D7C3-670A-4078-8DB3-BBD97BFBFBAE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2092219217-2320858514-4229189638-1001
Task: {D5E5DFBD-5F14-4900-ADD2-C2CF135A9351} - System32\Tasks\{7DE0E2DD-229A-4585-897B-D651AD67D182} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {E290E838-8669-48C8-B76E-0F443DE46BF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe

==================== Loaded Modules (whitelisted) ==============

2010-01-05 00:23 - 2009-09-17 14:06 - 00410864 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2014-10-16 02:38 - 2014-10-16 02:38 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\27062a1bd5e07ac476c1ef919d9abff5\VistaBridgeLibrary.ni.dll
2010-02-09 12:34 - 2010-02-09 12:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2008-11-18 13:00 - 2008-11-18 13:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-01-05 00:19 - 2010-01-05 00:19 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-05 00:23 - 2009-09-17 14:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-01-05 00:23 - 2009-09-17 14:04 - 01123568 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00079088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00234736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00074992 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00111856 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00121072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00025840 ____N () C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2010-01-05 00:17 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2010-01-05 00:17 - 2009-07-10 08:07 - 00166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2010-02-09 12:34 - 2010-02-09 12:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 13:05 - 2009-09-11 13:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 12:34 - 2010-02-09 12:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 12:34 - 2010-02-09 12:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 12:34 - 2010-02-09 12:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-09-15 18:10 - 2014-09-15 18:10 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 184.172.114.130 - 208.43.110.90

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2092219217-2320858514-4229189638-500 - Administrator - Disabled)
Guest (S-1-5-21-2092219217-2320858514-4229189638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2092219217-2320858514-4229189638-1002 - Limited - Enabled)
Mario (S-1-5-21-2092219217-2320858514-4229189638-1001 - Administrator - Enabled) => C:\Users\Mario

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 06:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18c

Start Time: 01d056d20b763d72

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: e132ccb4-c2c5-11e4-bd87-a4badb025599

Error: (03/04/2015 06:22:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 178c

Start Time: 01d056d1c4283d9c

Termination Time: 16

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 42ab23d4-c2c5-11e4-bd87-a4badb025599

Error: (03/03/2015 07:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1444

Start Time: 01d0560fd357028c

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 68b27dc5-c203-11e4-bd8d-a4badb025599

Error: (03/03/2015 07:11:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/03/2015 07:05:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1520

Start Time: 01d0560dc5ba6b6a

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 3adf5e8c-c202-11e4-9449-a4badb025599

Error: (03/03/2015 06:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1108

Start Time: 01d0560c0fa0d714

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: b63eca42-c200-11e4-9449-a4badb025599

Error: (03/03/2015 06:42:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1524

Start Time: 01d0560b4683eab1

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: de8db58d-c1fe-11e4-9449-a4badb025599

Error: (03/03/2015 06:32:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1520

Start Time: 01d05606334ca241

Termination Time: 16

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 92be4984-c1fd-11e4-9459-a4badb025599

Error: (03/03/2015 06:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: de4

Start Time: 01d05605d27c97f9

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 6bc497e5-c1f9-11e4-9459-a4badb025599

Error: (03/03/2015 06:00:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 50c

Start Time: 01d056057e6f502e

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 0c1280d9-c1f9-11e4-9459-a4badb025599


System errors:
=============
Error: (03/04/2015 05:59:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/04/2015 05:59:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/04/2015 05:56:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/04/2015 05:49:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/04/2015 05:47:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/04/2015 05:38:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/04/2015 07:32:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/03/2015 07:36:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/03/2015 07:35:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/03/2015 07:11:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd


Microsoft Office Sessions:
=========================
Error: (03/04/2015 06:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.118c01d056d20b763d720C:\Users\Mario\Downloads\AdwCleaner.exee132ccb4-c2c5-11e4-bd87-a4badb025599

Error: (03/04/2015 06:22:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1178c01d056d1c4283d9c16C:\Users\Mario\Downloads\AdwCleaner.exe42ab23d4-c2c5-11e4-bd87-a4badb025599

Error: (03/03/2015 07:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1144401d0560fd357028c0C:\Users\Mario\Downloads\AdwCleaner.exe68b27dc5-c203-11e4-bd8d-a4badb025599

Error: (03/03/2015 07:11:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mario\Downloads\esetsmartinstaller_enu.exe

Error: (03/03/2015 07:05:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1152001d0560dc5ba6b6a0C:\Users\Mario\Downloads\AdwCleaner.exe3adf5e8c-c202-11e4-9449-a4badb025599

Error: (03/03/2015 06:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1110801d0560c0fa0d7140C:\Users\Mario\Downloads\AdwCleaner.exeb63eca42-c200-11e4-9449-a4badb025599

Error: (03/03/2015 06:42:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1152401d0560b4683eab10C:\Users\Mario\Downloads\AdwCleaner.exede8db58d-c1fe-11e4-9449-a4badb025599

Error: (03/03/2015 06:32:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1152001d05606334ca24116C:\Users\Mario\Downloads\AdwCleaner.exe92be4984-c1fd-11e4-9459-a4badb025599

Error: (03/03/2015 06:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1de401d05605d27c97f90C:\Users\Mario\Downloads\AdwCleaner.exe6bc497e5-c1f9-11e4-9459-a4badb025599

Error: (03/03/2015 06:00:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.150c01d056057e6f502e0C:\Users\Mario\Downloads\AdwCleaner.exe0c1280d9-c1f9-11e4-9459-a4badb025599


CodeIntegrity Errors:
===================================
  Date: 2015-03-04 17:59:08.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-04 17:59:08.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 29%
Total physical RAM: 8182.99 MB
Available physical RAM: 5781.26 MB
Total Pagefile: 16364.16 MB
Available Pagefile: 13699.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.52 GB) (Free:427.11 GB) NTFS
Drive e: () (Fixed) (Total:698.64 GB) (Free:221.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 32B54C80)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: C73027D1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=586.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#12 M1971

M1971
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 04 March 2015 - 06:55 PM

The previous scan was step 3.

 

Running step 1 from your last post.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Mario (administrator) on MARIO-PC on 04-03-2015 18:52:31
Running from C:\Users\Mario\Downloads
Loaded Profiles: Mario (Available profiles: Mario)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-04-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {C137381A-180B-4A31-93C7-2AD839238E3D} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> {E7627D3F-7D31-40D2-86B2-93A2C5AEF7CF} URL =
Toolbar: HKU\S-1-5-21-2092219217-2320858514-4229189638-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5997/mcfscan.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{267399AA-297B-4A9C-93E1-7363F5E51985}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 184.172.114.130,208.43.110.90

FireFox:
========
FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2092219217-2320858514-4229189638-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: ChatZilla - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-12-20]
FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30]

Chrome:
=======
CHR Profile: C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-23]
CHR Extension: (YouTube) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-23]
CHR Extension: (Google Search) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-23]
CHR Extension: (Gmail) - C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-01-05] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-01-05] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2010-05-19] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-02-25] ()
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 18:43 - 2015-03-04 18:43 - 00001083 _____ () C:\Users\Mario\Desktop\Malwarebytes Anti-Malware 3.4.2015.txt
2015-03-04 18:13 - 2015-03-04 18:13 - 00030368 _____ () C:\Users\Mario\Desktop\Combofix 3.4.2015 6.12pm.txt
2015-03-04 18:02 - 2015-03-04 18:02 - 00030368 _____ () C:\ComboFix.txt
2015-03-04 17:51 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-04 17:51 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-04 17:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-04 17:51 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-04 17:50 - 2015-03-04 18:02 - 00000000 ____D () C:\Qoobox
2015-03-04 17:50 - 2015-03-04 18:00 - 00000000 ____D () C:\Windows\erdnt
2015-03-04 17:49 - 2015-03-04 17:49 - 05612482 ____R (Swearware) C:\Users\Mario\Downloads\ComboFix.exe
2015-03-03 19:46 - 2015-03-04 18:52 - 00018117 _____ () C:\Users\Mario\Downloads\FRST.txt
2015-03-03 19:46 - 2015-03-04 18:45 - 00033381 _____ () C:\Users\Mario\Downloads\Addition.txt
2015-03-03 19:45 - 2015-03-04 18:52 - 00000000 ____D () C:\FRST
2015-03-03 19:44 - 2015-03-03 19:44 - 02092544 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2015-03-03 19:39 - 2015-03-03 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-03-03 19:33 - 2015-03-03 19:39 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-03-03 19:20 - 2015-03-03 19:21 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Mario\Downloads\cbSetup.exe
2015-03-03 19:09 - 2015-03-03 19:09 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267(2).msi
2015-03-03 18:55 - 2015-03-03 18:56 - 00002570 _____ () C:\Users\Mario\Desktop\Rkill.txt
2015-03-03 18:55 - 2015-03-03 18:55 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Mario\Downloads\rkill.com
2015-03-03 18:43 - 2015-03-03 18:43 - 00000833 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-03-03 18:36 - 2015-03-03 18:36 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267(1).msi
2015-03-03 17:54 - 2015-03-03 17:54 - 00991232 _____ () C:\Users\Mario\Downloads\MicrosoftFixit50267.msi
2015-03-03 17:44 - 2015-03-03 17:44 - 00000000 ____D () C:\Users\Mario\AppData\Local\Apps\2.0
2015-03-03 17:23 - 2015-03-03 17:23 - 00020322 _____ () C:\Users\Mario\Downloads\fixhosts.exe
2015-03-03 17:10 - 2015-03-03 17:10 - 00001075 _____ () C:\Users\Mario\Desktop\Malwarebytes Anti-Malware.txt
2015-03-03 14:01 - 2015-03-03 14:02 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\PCDr
2015-03-03 14:01 - 2015-03-03 14:01 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-03 07:22 - 2015-03-04 18:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 07:21 - 2015-03-03 07:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mario\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-03 07:21 - 2015-03-03 07:21 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-03 07:21 - 2015-03-03 07:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 07:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 07:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-03 07:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-02 19:40 - 2015-03-02 19:40 - 02347384 _____ (ESET) C:\Users\Mario\Downloads\esetsmartinstaller_enu.exe
2015-03-02 19:40 - 2015-03-02 19:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-02 19:38 - 2015-03-02 19:38 - 00003547 _____ () C:\Users\Mario\Desktop\JRT.txt
2015-03-02 19:34 - 2015-03-02 19:34 - 01388333 _____ (Thisisu) C:\Users\Mario\Downloads\JRT.exe
2015-03-02 19:09 - 2015-03-02 19:10 - 02126848 _____ () C:\Users\Mario\Downloads\AdwCleaner.exe
2015-03-02 19:06 - 2015-03-02 19:07 - 00000000 ____D () C:\Users\Mario\Desktop\TDSSKiller
2015-03-02 19:06 - 2015-03-02 19:06 - 04176437 _____ () C:\Users\Mario\Downloads\tdsskiller.zip
2015-03-02 19:05 - 2015-03-02 19:05 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mario\Downloads\tdsskiller.exe
2015-02-27 01:59 - 2015-03-03 19:07 - 00024894 _____ () C:\Windows\PFRO.log
2015-02-26 22:51 - 2015-02-26 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-26 21:55 - 2015-02-26 21:55 - 00000798 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-02-26 21:55 - 2015-02-26 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-02-26 21:55 - 2015-02-26 21:55 - 00000000 ____D () C:\Program Files\Speccy
2015-02-26 21:45 - 2015-02-26 21:45 - 00000000 ____D () C:\Users\Mario\Desktop\Minitoolbox
2015-02-26 21:39 - 2015-03-02 19:02 - 00035095 _____ () C:\Users\Mario\Downloads\Result.txt
2015-02-26 21:38 - 2015-02-26 21:38 - 00401920 _____ (Farbar) C:\Users\Mario\Downloads\MiniToolBox.exe
2015-02-26 21:33 - 2015-02-26 21:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dumps
2015-02-26 20:42 - 2015-02-26 20:42 - 879296924 _____ () C:\Windows\MEMORY.DMP
2015-02-26 14:01 - 2015-03-04 17:48 - 00000840 _____ () C:\Windows\setupact.log
2015-02-26 14:01 - 2015-02-26 14:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 23:00 - 2015-02-25 23:00 - 00000000 ____D () C:\Users\Mario\AppData\Local\Microsoft Corporation
2015-02-25 21:09 - 2015-02-25 21:59 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
2015-02-25 21:09 - 2015-02-25 21:19 - 00000000 ____D () C:\ProgramData\TweakBit
2015-02-25 21:04 - 2015-02-25 21:58 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-02-25 21:04 - 2015-02-25 21:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-25 21:04 - 2015-02-25 21:21 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-02-25 21:04 - 2015-02-25 21:06 - 00000000 ____D () C:\Users\Mario\AppData\Local\SlimWare Utilities Inc
2015-02-25 21:04 - 2015-02-25 21:04 - 00000000 ____D () C:\Users\Mario\AppData\Local\Downloaded Installers
2015-02-25 21:04 - 2015-02-25 21:04 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-02-25 21:03 - 2015-02-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-02-25 03:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-15 01:15 - 2015-03-03 19:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-15 01:15 - 2015-03-03 19:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-15 01:15 - 2015-02-15 01:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-13 14:04 - 2015-02-26 14:29 - 00000426 _____ () C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-02-13 14:04 - 2015-02-26 14:29 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-02-13 14:04 - 2015-02-13 14:04 - 00003230 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-02-13 14:04 - 2015-02-13 14:04 - 00000000 __HDC () C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-02-12 21:53 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:53 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:53 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:53 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:03 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:03 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:03 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:03 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:03 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:03 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:03 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:03 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:03 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:03 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:03 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:03 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:03 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:03 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:03 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:03 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:03 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:03 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:03 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:03 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:03 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:03 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:03 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:03 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:03 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:03 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:03 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:03 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:03 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:03 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:03 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:03 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:03 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:03 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:03 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:03 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:03 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 09:03 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 09:03 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 09:02 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:02 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:02 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:02 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:02 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:02 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:02 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:02 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:02 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:02 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:02 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:02 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:02 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:02 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:02 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:02 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:02 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:02 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:02 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:02 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:02 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:02 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:02 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:02 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:02 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:02 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:02 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:02 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:02 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:02 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:02 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:02 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:02 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:02 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:02 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:02 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:02 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:02 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:02 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:02 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:01 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:01 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:01 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:01 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:01 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:01 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:01 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:01 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:01 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:01 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 13:09 - 2015-03-03 14:01 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-10 13:09 - 2015-02-22 22:07 - 00004030 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-10 13:09 - 2015-02-10 13:09 - 00003218 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-10 13:09 - 2015-02-10 13:09 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-10 13:09 - 2015-02-10 13:09 - 00000000 ____D () C:\Program Files\Dell Support Center

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 18:24 - 2013-12-03 19:25 - 00000000 ____D () C:\AdwCleaner
2015-03-04 18:02 - 2013-06-13 01:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:02 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-03-04 17:59 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-04 17:56 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:56 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:54 - 2009-07-14 00:10 - 01821957 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 17:49 - 2010-01-05 00:41 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2015-03-04 17:49 - 2010-01-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-04 17:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 17:07 - 2013-11-29 20:52 - 00000000 ____D () C:\ProgramData\Updater
2015-03-03 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2015-03-03 17:05 - 2010-01-11 19:14 - 00000000 ____D () C:\Temp
2015-03-03 08:17 - 2011-10-02 19:57 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 17:13 - 2014-08-17 16:30 - 00000000 ____D () C:\Program Files (x86)\MyHeritage
2015-02-27 01:59 - 2012-10-25 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 23:25 - 2015-01-17 04:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2015-02-26 20:42 - 2014-05-09 19:56 - 00000000 ____D () C:\Windows\Minidump
2015-02-26 14:02 - 2010-01-05 01:52 - 00000000 ____D () C:\dell
2015-02-25 22:12 - 2012-11-11 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-02-25 22:12 - 2012-11-11 01:13 - 00000000 ____D () C:\Program Files (x86)\GameTop.com
2015-02-25 22:06 - 2011-11-01 20:19 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-25 22:06 - 2011-11-01 20:19 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-02-25 22:06 - 2010-01-05 00:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-18 18:49 - 2010-01-11 21:40 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-16 03:03 - 2012-01-01 02:35 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-16 03:02 - 2009-07-14 00:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 09:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-15 02:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 14:04 - 2010-01-05 00:36 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-02-13 14:04 - 2010-01-05 00:32 - 00000000 ____D () C:\Program Files\Dell
2015-02-12 03:29 - 2009-07-13 23:45 - 00368808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:26 - 2014-12-10 03:22 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:26 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 03:07 - 2012-05-01 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 03:07 - 2012-01-01 02:35 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:07 - 2012-01-01 02:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:07 - 2012-01-01 02:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 03:06 - 2013-07-25 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:02 - 2010-01-19 00:40 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 13:09 - 2010-01-05 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-05 03:02 - 2013-06-13 01:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 03:02 - 2012-06-24 19:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 03:02 - 2011-05-31 16:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-01-11 19:04 - 2010-04-30 16:27 - 8656832 _____ (Dell, Inc.                                                   ) C:\Users\Mario\AppData\Roaming\DataSafeDotNet.exe
2010-01-14 02:08 - 2011-09-21 18:45 - 0001734 _____ () C:\Users\Mario\AppData\Roaming\wklnhst.dat
2011-10-26 20:37 - 2013-12-04 18:27 - 0007607 _____ () C:\Users\Mario\AppData\Local\resmon.resmoncfg
2010-08-03 23:25 - 2010-08-03 23:25 - 0000000 _____ () C:\Users\Mario\AppData\Local\rx_image32.Cache

ZeroAccess:
C:\Windows\Installer\{77a5d38b-a370-e51a-8f61-2731789fef66}

Some content of TEMP:
====================
C:\Users\Mario\AppData\Local\Temp\Quarantine.exe
C:\Users\Mario\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 04:09

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Mario at 2015-03-04 18:52:49
Running from C:\Users\Mario\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0918.2131 - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech GamePanel Software 3.03.133 (HKLM\...\{6CC95B76-D380-46B2-9022-9353938E48BA}) (Version: 3.03.133 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.2 - Pando Networks Inc.)
Pirates of the Burning Sea (English) (HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\...\SOE-Pirates of the Burning Sea (English)) (Version:  - Sony Online Entertainment) <==== ATTENTION!
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
s (HKLM-x32\...\e) (Version: 1.0.0.1 - )
Safari (HKLM-x32\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Skins (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
Social Privacy (HKLM-x32\...\sp@sp.com) (Version:  - )
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TomTom HOME 2.8.1.2218 (HKLM-x32\...\TomTom HOME) (Version: 2.8.1.2218 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-02-2015 22:06:25 Removed Hi-Command
25-02-2015 22:55:08 Installed Windows 7 Upgrade Advisor
25-02-2015 23:55:09 Installed Microsoft Fix it 50848
28-02-2015 12:05:02 Windows Update
01-03-2015 17:12:01 Removed Windows 7 Upgrade Advisor
03-03-2015 17:12:30 Removed Java 7 Update 55
03-03-2015 17:54:44 Installed Microsoft Fix it 50267
03-03-2015 18:36:24 Installed Microsoft Fix it 50267
03-03-2015 18:49:34 Windows Update
03-03-2015 19:09:22 Installed Microsoft Fix it 50267

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-03 19:09 - 2015-03-04 17:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06041417-5803-48C2-82B0-21D181579250} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {06941AF5-CE3F-49CD-A7A8-C66EABEC0CB0} - System32\Tasks\{16090E58-D37A-4459-B022-37BF32062AC2} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {0D68CC8E-D0A9-4E02-ABBA-C8195BABE935} - System32\Tasks\{AAFBFEC0-C78A-4C03-9B77-B1C84B748134} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {28E6A324-6B51-4B12-9736-734D61A18671} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {3A31311E-E01A-462B-BC3D-01873564F9C5} - System32\Tasks\{54BE263B-0B3C-412B-B6A4-AE6B656C9982} => pcalua.exe -a C:\Users\Mario\Downloads\jre-6u26-windows-i586-iftw.exe -d C:\Windows\SysWOW64
Task: {3DC978DC-1E45-485B-9A31-15B5E848BEB4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {43703E9D-BB82-4F43-AE67-FF7173870784} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {4CF996B5-4D43-475F-9182-2711ED009448} - System32\Tasks\{2FE31F82-048E-4ACA-9DE5-A88B92AD5D69} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {4F0A0C0C-A9AF-4E6F-8396-15BBEE6D0A94} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4FC46ADC-C023-45D1-B63F-46974D79989B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {5FAF331A-5788-4041-AB7B-2283F20C64CC} - System32\Tasks\{1EA35230-0B66-48A5-A9BB-F22D4BF24404} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {632E3A82-36E9-4C98-834D-4E3A694606B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {6707FC56-C38E-49E5-A5BC-54D870198FB7} - System32\Tasks\{FF428653-DC99-4353-9033-889453E640C6} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {672E2C34-F404-4068-9A72-57255DE61E57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {761C825F-8851-49FF-AA12-5713C8AC0DCE} - System32\Tasks\{B3ED1F78-E87F-4116-9224-77A4794E6F13} => C:\Program Files (x86)\Total War\Medieval - Total War\Medieval_TW.exe
Task: {8E205A0D-B72B-4771-8E6B-18A0E3506B0F} - \AmiUpdXp No Task File <==== ATTENTION
Task: {A6BF5B63-596B-436A-9D4F-2491A01D6E06} - System32\Tasks\{CD57C1C6-E189-452C-ACE6-BC8BCA600E20} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" -d "C:\Program Files (x86)\Mozilla Thunderbird" -c /UpdateShortcutAppUserModelIds
Task: {BC1BE5B4-8869-492F-A896-04CFAC6D14F3} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {D15C9D30-1794-406E-A0DB-BA778143BDFE} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
Task: {D287D7C3-670A-4078-8DB3-BBD97BFBFBAE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2092219217-2320858514-4229189638-1001
Task: {D5E5DFBD-5F14-4900-ADD2-C2CF135A9351} - System32\Tasks\{7DE0E2DD-229A-4585-897B-D651AD67D182} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {E290E838-8669-48C8-B76E-0F443DE46BF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe

==================== Loaded Modules (whitelisted) ==============

2010-01-05 00:23 - 2009-09-17 14:06 - 00410864 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2014-10-16 02:38 - 2014-10-16 02:38 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\27062a1bd5e07ac476c1ef919d9abff5\VistaBridgeLibrary.ni.dll
2010-02-09 12:34 - 2010-02-09 12:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2008-11-18 13:00 - 2008-11-18 13:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-01-05 00:19 - 2010-01-05 00:19 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-05 00:23 - 2009-09-17 14:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-01-05 00:23 - 2009-09-17 14:04 - 01123568 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00079088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00234736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00074992 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00111856 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00121072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00025840 ____N () C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2010-01-05 00:23 - 2009-09-17 14:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2010-01-05 00:17 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2010-01-05 00:17 - 2009-07-10 08:07 - 00166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2010-02-09 12:34 - 2010-02-09 12:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 13:05 - 2009-09-11 13:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 12:34 - 2010-02-09 12:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 12:34 - 2010-02-09 12:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 12:34 - 2010-02-09 12:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 184.172.114.130 - 208.43.110.90

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2092219217-2320858514-4229189638-500 - Administrator - Disabled)
Guest (S-1-5-21-2092219217-2320858514-4229189638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2092219217-2320858514-4229189638-1002 - Limited - Enabled)
Mario (S-1-5-21-2092219217-2320858514-4229189638-1001 - Administrator - Enabled) => C:\Users\Mario

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 06:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18c

Start Time: 01d056d20b763d72

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: e132ccb4-c2c5-11e4-bd87-a4badb025599

Error: (03/04/2015 06:22:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 178c

Start Time: 01d056d1c4283d9c

Termination Time: 16

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 42ab23d4-c2c5-11e4-bd87-a4badb025599

Error: (03/03/2015 07:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1444

Start Time: 01d0560fd357028c

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 68b27dc5-c203-11e4-bd8d-a4badb025599

Error: (03/03/2015 07:11:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/03/2015 07:05:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1520

Start Time: 01d0560dc5ba6b6a

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 3adf5e8c-c202-11e4-9449-a4badb025599

Error: (03/03/2015 06:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1108

Start Time: 01d0560c0fa0d714

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: b63eca42-c200-11e4-9449-a4badb025599

Error: (03/03/2015 06:42:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1524

Start Time: 01d0560b4683eab1

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: de8db58d-c1fe-11e4-9449-a4badb025599

Error: (03/03/2015 06:32:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1520

Start Time: 01d05606334ca241

Termination Time: 16

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 92be4984-c1fd-11e4-9459-a4badb025599

Error: (03/03/2015 06:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: de4

Start Time: 01d05605d27c97f9

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 6bc497e5-c1f9-11e4-9459-a4badb025599

Error: (03/03/2015 06:00:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 50c

Start Time: 01d056057e6f502e

Termination Time: 0

Application Path: C:\Users\Mario\Downloads\AdwCleaner.exe

Report Id: 0c1280d9-c1f9-11e4-9459-a4badb025599


System errors:
=============
Error: (03/04/2015 05:59:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/04/2015 05:59:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/04/2015 05:56:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/04/2015 05:49:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/04/2015 05:47:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/04/2015 05:38:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/04/2015 07:32:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/03/2015 07:36:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/03/2015 07:35:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/03/2015 07:11:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd


Microsoft Office Sessions:
=========================
Error: (03/04/2015 06:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.118c01d056d20b763d720C:\Users\Mario\Downloads\AdwCleaner.exee132ccb4-c2c5-11e4-bd87-a4badb025599

Error: (03/04/2015 06:22:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1178c01d056d1c4283d9c16C:\Users\Mario\Downloads\AdwCleaner.exe42ab23d4-c2c5-11e4-bd87-a4badb025599

Error: (03/03/2015 07:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1144401d0560fd357028c0C:\Users\Mario\Downloads\AdwCleaner.exe68b27dc5-c203-11e4-bd8d-a4badb025599

Error: (03/03/2015 07:11:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mario\Downloads\esetsmartinstaller_enu.exe

Error: (03/03/2015 07:05:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1152001d0560dc5ba6b6a0C:\Users\Mario\Downloads\AdwCleaner.exe3adf5e8c-c202-11e4-9449-a4badb025599

Error: (03/03/2015 06:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1110801d0560c0fa0d7140C:\Users\Mario\Downloads\AdwCleaner.exeb63eca42-c200-11e4-9449-a4badb025599

Error: (03/03/2015 06:42:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1152401d0560b4683eab10C:\Users\Mario\Downloads\AdwCleaner.exede8db58d-c1fe-11e4-9449-a4badb025599

Error: (03/03/2015 06:32:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1152001d05606334ca24116C:\Users\Mario\Downloads\AdwCleaner.exe92be4984-c1fd-11e4-9459-a4badb025599

Error: (03/03/2015 06:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.1de401d05605d27c97f90C:\Users\Mario\Downloads\AdwCleaner.exe6bc497e5-c1f9-11e4-9459-a4badb025599

Error: (03/03/2015 06:00:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.150c01d056057e6f502e0C:\Users\Mario\Downloads\AdwCleaner.exe0c1280d9-c1f9-11e4-9459-a4badb025599


CodeIntegrity Errors:
===================================
  Date: 2015-03-04 17:59:08.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-04 17:59:08.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 25%
Total physical RAM: 8182.99 MB
Available physical RAM: 6085.95 MB
Total Pagefile: 16364.16 MB
Available Pagefile: 14080.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.52 GB) (Free:427.11 GB) NTFS
Drive e: () (Fixed) (Total:698.64 GB) (Free:221.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 32B54C80)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: C73027D1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=586.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#13 M1971

M1971
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 04 March 2015 - 06:56 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Mario (administrator) on 04-03-2015 at 18:55:53
Running from "C:\Users\Mario\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:04 AM

Posted 04 March 2015 - 06:59 PM



Step 1


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 M1971

M1971
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 04 March 2015 - 07:08 PM

HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : MARIO-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Mario-PC\Mario
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-03-04 19:03:03
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 50s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 25

   Objects scanned . . . : 1,748,257
   Files scanned . . . . : 29,367
   Remnants scanned  . . : 509,735 files / 1,209,155 keys

Suspicious files ____________________________________________________________

   C:\Users\Mario\Downloads\FRST64.exe
      Size . . . . . . . : 2,092,544 bytes
      Age  . . . . . . . : 1.0 days (2015-03-03 19:44:55)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C7A2F2C543D8E4E1CFD84A85BBA8EE0FC707A89AA6A21EFBBE57A565FB5BDD73
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -3.2s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\BED4D087A45FE7917F2E3CB126DFB7174EAF2F63
          0.0s C:\Users\Mario\Downloads\FRST64.exe

   C:\Users\Mario\Downloads\FSS.exe
      Size . . . . . . . : 415,232 bytes
      Age  . . . . . . . : 0.0 days (2015-03-04 18:55:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : CF5F35213C6434469F1B4F614A2366A2A88F3CBC7C9965A458F64545A76C5AC1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -3.3s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\99943FE056FDAA7CDCABE3E68F12F5D677652EB1
          0.0s C:\Users\Mario\Downloads\FSS.exe

   C:\Users\Mario\Downloads\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 5.9 days (2015-02-26 21:38:47)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 520E765E9043243127BE3D7B7210D32E2D1994866DC7A0F57EC05FA480D6D062
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -15.0s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\47833EA7ED75282447EAA80AB387A93ED455D438
         -6.7s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\CAFB94D90AD02502566CFE9E073458F89BE9FCF9
         -6.6s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\211DACEBCE79BCEA6F149A43AE79CC7C476CB859
         -6.6s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\15A0EDC0D589FEA363948F2F5D52267F1B5BE369
         -6.5s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\DA5C7A16B154BD6841981708A734D28C1199D0E2
         -6.5s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\F8791B4234216F5574B779F2FFF9055D1A359718
         -6.5s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\171F01E3B2041EAFCF947023CF9852645DBC9AAD
         -6.5s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\A29ECDC5DE9B0E5F7F807E80F4B91B8E2F32FADB
         -6.3s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\F25369F99D66290579DA63BA3BB5A81D9B6A1B0B
         -6.3s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\FB4D1C5F36CCD48FF901A47289298D73E648DC38
         -6.3s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\ABB898AB73F6059FAF229B0B12D276E8898CC2D7
         -6.3s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\C318D64FD41468CBDC8278994490901F44D02CCE
         -3.2s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\DD9A48F781FE432135B799543FE0FA36B5C53177
         -3.1s C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\ud5ptnl1.default\cache2\entries\EE5749AA65B97C7399480A2604A0EF530FBBED14
          0.0s C:\Users\Mario\Downloads\MiniToolBox.exe


Malware remnants ____________________________________________________________

   C:\Windows\Installer\{77a5d38b-a370-e51a-8f61-2731789fef66}\ (ZeroAccess)
   C:\Windows\Installer\{77a5d38b-a370-e51a-8f61-2731789fef66}\L\ (ZeroAccess)
   C:\Windows\Installer\{77a5d38b-a370-e51a-8f61-2731789fef66}\U\ (ZeroAccess)

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D}\ (MindSpark)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32\ (BrowserSafeguard)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS\ (BrowserSafeguard)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122a36-83b2-46b8-b39a-ec72a4614a07}\ (MindSpark)
   HKU\S-1-5-21-2092219217-2320858514-4229189638-1001\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)

Cookies _____________________________________________________________________

   C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ud5ptnl1.default\cookies.sqlite:doubleclick.net
 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users