Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Reoccuring Malware [Closed]

dclogs malware.trace stolen.data keylogger

  • This topic is locked This topic is locked

#1
Dr_Maniac

Dr_Maniac

    New Member

  • Member
  • Pip
  • 1 posts

A few days ago I got RAT.I ran Malware Bytes and Windows Defender. Windows Defender quarantined the back door of course and on malware bytes I  saw three other Malware:

Stolen.Data = C:\Users\jgunt_000\AppData\Roaming/dclogs

Malware.Trace = a Registry item.

and another Stolen.Data = C:\Users\jgunt_000\AppData\Roaming/dclogs/(A file here which contains all the things ive typed.)

I posted a malwarebytes log in the bottom after Addition so please view that. I also found I got ratted and maybe this is linked to that. Windows Defender quarantined it.

It seems the malware is a keylogger after I went into the folder and inspected the files. Im really scared at this point and it seems that everytime I delete it or quarantine the Stolen.Malware folder it comes back when I open my pc again the next day. Its very frustrating and annoying. And as I got through malwarebytes history it seems I've been with this malware since October. I really need to get rid of this malware now before anything horrible goes wrong. I am not infact sure what the registry key is for and its role in the dclogs thing but I also want to get rid of it. 

 

Frst:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by jgunt_000 (administrator) on LAWRENCE_PC on 19-03-2015 19:04:44
Running from C:\Users\jgunt_000\Desktop
Loaded Profiles: jgunt_000 (Available profiles: jgunt_000 & Charles & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3353600 2014-01-10] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\MountPoints2: {ef6d15e7-80a4-11e3-bea8-b8763f2ad080} - "F:\setup.exe" 
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\jgunt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe (myubername)
Startup: C:\Users\jgunt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.Defender.lnk
ShortcutTarget: Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-957570377-2838509885-2805766079-1001 -> {30C5415B-D1B0-45DC-8297-326160C40859} URL = 
SearchScopes: HKU\S-1-5-21-957570377-2838509885-2805766079-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-957570377-2838509885-2805766079-1001 -> {FA763412-3FCD-4589-B9FD-81C1BEA6373A} URL = http://search.yahoo....p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\jgunt_000\AppData\Roaming\Mozilla\Firefox\Profiles\j4lnpvb2.default
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-17] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-957570377-2838509885-2805766079-1001: @nsroblox.roblox.com/launcher -> C:\Users\jgunt_000\AppData\Local\Roblox\Versions\version-708f91f0ad924d5c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-957570377-2838509885-2805766079-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\jgunt_000\AppData\Local\Roblox\Versions\version-708f91f0ad924d5c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-957570377-2838509885-2805766079-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jgunt_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-957570377-2838509885-2805766079-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-16]
CHR Extension: (Google Drive) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-16]
CHR Extension: (YouTube) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-16]
CHR Extension: (Google Search) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-16]
CHR Extension: (Auto Clicker) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\daoghdmcjpjomfalbgjonallnfkhdccg [2014-12-02]
CHR Extension: (Lounge Assistant) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2014-11-25]
CHR Extension: (AdBlock) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-01]
CHR Extension: (Pixlr Editor) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-07-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Gmail) - C:\Users\jgunt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-25] (BitRaider, LLC)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-08-08] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-10] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-12-25] (BitRaider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-15] (Disc Soft Ltd)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-05-13] (LogMeIn Inc.)
S3 hxsyol; C:\WINDOWS\system32\hxsy64.sys [86352 2014-11-02] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 X6va015; \??\C:\WINDOWS\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 19:04 - 2015-03-19 19:06 - 00027937 _____ () C:\Users\jgunt_000\Desktop\FRST.txt
2015-03-19 17:18 - 2015-03-19 17:18 - 00000000 ___RD () C:\Users\jgunt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-19 16:47 - 2014-06-26 16:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-19 16:47 - 2014-06-26 16:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-18 22:20 - 2015-03-18 22:20 - 00000313 _____ () C:\WINDOWS\setupact.log
2015-03-18 22:20 - 2015-03-18 22:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-18 15:28 - 2015-03-19 19:05 - 00000000 ____D () C:\FRST
2015-03-18 15:27 - 2015-03-18 15:27 - 02095616 _____ (Farbar) C:\Users\jgunt_000\Desktop\FRST64.exe
2015-03-17 21:35 - 2015-03-17 21:35 - 00000000 ____D () C:\Users\jgunt_000\AppData\Roaming\Wireshark
2015-03-17 21:28 - 2015-03-17 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-03-17 21:28 - 2015-03-17 21:28 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-03-17 21:27 - 2015-03-17 21:28 - 00000000 ____D () C:\Program Files\Wireshark
2015-03-17 21:27 - 2015-03-17 21:27 - 00001563 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-03-17 21:27 - 2015-03-17 21:27 - 00001551 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2015-03-17 21:25 - 2015-03-17 21:25 - 29836080 _____ (Wireshark development team) C:\Users\jgunt_000\Downloads\Wireshark-win64-1.12.4.exe
2015-03-17 21:12 - 2015-03-19 08:29 - 00017672 _____ () C:\WINDOWS\PFRO.log
2015-03-17 20:26 - 2015-03-17 21:10 - 00000000 ____D () C:\AdwCleaner
2015-03-17 20:23 - 2015-03-17 20:24 - 02171392 _____ () C:\Users\jgunt_000\Desktop\adwcleaner_4.112.exe
2015-03-17 20:15 - 2015-03-18 16:09 - 00001990 _____ () C:\Users\jgunt_000\Desktop\Rkill.txt
2015-03-17 20:15 - 2015-03-17 20:15 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\jgunt_000\Downloads\iExplore.exe
2015-03-17 20:15 - 2015-03-17 20:15 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\jgunt_000\Desktop\iExplore64.exe
2015-03-17 20:14 - 2015-03-17 20:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\jgunt_000\Desktop\tdsskiller.exe
2015-03-17 20:09 - 2015-03-17 20:10 - 05475064 _____ (Avast Software s.r.o.) C:\Users\jgunt_000\Downloads\avast_free_antivirus_setup_online.exe
2015-03-17 19:20 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-17 19:20 - 2014-10-30 18:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-17 18:14 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-17 18:14 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-17 09:12 - 2015-03-17 09:12 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-14 18:33 - 2015-03-14 18:33 - 00000000 ____D () C:\Users\jgunt_000\Documents\Anker Gaming Mouse
2015-03-14 18:32 - 2015-03-14 18:32 - 00001213 _____ () C:\Users\Public\Desktop\Anker Precision Laser Gaming Mouse.lnk
2015-03-14 18:32 - 2015-03-14 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anker Precision Laser Gaming Mouse
2015-03-14 18:32 - 2015-03-14 18:32 - 00000000 ____D () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse
2015-03-10 10:43 - 2015-03-10 10:43 - 00076894 _____ () C:\Users\Guest\Documents\20150105153343-your-intuition-make-friends-big-data-hard-drives.jpeg
2015-03-07 14:23 - 2015-03-07 14:23 - 00000000 ___RD () C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-05 22:00 - 2015-03-05 22:00 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-02-27 11:22 - 2015-02-27 11:22 - 00004050 _____ () C:\Users\Guest\Downloads\Work Activity Log Sheet.xlsx
2015-02-25 23:14 - 2015-03-19 19:03 - 00000000 ____D () C:\Users\jgunt_000\Desktop\Logos
2015-02-25 23:06 - 2015-02-25 23:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 20:14 - 2015-02-25 20:14 - 00000000 ____D () C:\Users\Charles\Documents\Anker Gaming Mouse
2015-02-25 20:14 - 2015-02-25 20:14 - 00000000 ____D () C:\Users\Charles\AppData\Local\Stardock
2015-02-19 16:48 - 2015-02-19 16:48 - 00000000 ____D () C:\Users\jgunt_000\AppData\Local\Steam
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 19:04 - 2014-07-15 23:09 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 19:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-19 18:50 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-19 18:31 - 2013-08-12 14:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-19 18:22 - 2014-07-13 11:01 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 18:20 - 2013-07-19 22:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-19 18:12 - 2015-02-12 20:02 - 01689324 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-19 17:22 - 2014-07-13 11:01 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 17:17 - 2014-02-07 16:39 - 00000000 __RDO () C:\Users\jgunt_000\SkyDrive
2015-03-19 17:14 - 2013-09-30 00:04 - 00883448 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-19 17:12 - 2013-04-07 22:44 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-19 17:09 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-18 22:59 - 2013-08-22 10:44 - 05112640 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-18 22:57 - 2013-08-22 09:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-18 22:53 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-18 22:53 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-18 22:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-18 22:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-18 22:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-18 22:52 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-18 22:52 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-18 22:51 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-18 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-18 22:50 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-18 22:50 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-18 22:18 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-03-18 17:23 - 2013-07-18 22:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-957570377-2838509885-2805766079-1001
2015-03-18 15:47 - 2014-10-19 10:57 - 00000000 ____D () C:\Users\jgunt_000\AppData\Local\Adobe
2015-03-17 22:58 - 2013-12-14 17:11 - 00000000 ____D () C:\Users\jgunt_000\AppData\Roaming\uTorrent
2015-03-17 19:10 - 2013-08-15 12:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-17 18:42 - 2013-11-07 03:42 - 00000000 ____D () C:\Users\jgunt_000
2015-03-17 18:34 - 2013-04-07 22:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-17 09:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-15 17:19 - 2015-02-13 17:59 - 00000132 _____ () C:\Users\jgunt_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-13 18:52 - 2013-12-04 11:50 - 00000003 _____ () C:\WINDOWS\system32\HRUPPROG.TXT
2015-03-13 15:16 - 2013-08-12 14:42 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-12 20:00 - 2015-02-11 19:56 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-03-10 19:12 - 2014-07-13 11:02 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 18:00 - 2014-08-24 15:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-07 14:27 - 2013-07-19 17:28 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-957570377-2838509885-2805766079-1002
2015-03-07 14:23 - 2013-11-07 21:40 - 00000000 __RDO () C:\Users\Charles\SkyDrive
2015-03-05 22:00 - 2015-02-11 19:57 - 00003604 _____ () C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-03-03 09:17 - 2014-01-20 21:37 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-28 20:51 - 2014-08-11 17:57 - 00000000 ____D () C:\Users\jgunt_000\AppData\Local\ftblauncher
2015-02-28 20:51 - 2013-09-29 13:29 - 00000000 ____D () C:\Users\jgunt_000\AppData\Roaming\ftblauncher
2015-02-27 19:44 - 2013-12-28 18:58 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-02-27 19:03 - 2014-07-09 19:08 - 00000000 ____D () C:\Users\jgunt_000\AppData\Roaming\Skype
2015-02-26 23:24 - 2013-04-07 22:33 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-26 22:08 - 2014-02-02 15:02 - 00000000 ____D () C:\Users\jgunt_000\Documents\My Games
2015-02-26 21:38 - 2012-05-08 07:37 - 00000000 ____D () C:\DELL
2015-02-26 21:14 - 2013-07-19 11:19 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-25 20:14 - 2013-07-19 17:21 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\Adobe
2015-02-21 18:23 - 2013-07-19 09:15 - 00000000 ____D () C:\Users\jgunt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
 
==================== Files in the root of some directories =======
 
2013-07-18 21:55 - 2014-01-27 16:24 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-02-13 17:59 - 2015-03-15 17:19 - 0000132 _____ () C:\Users\jgunt_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-06 10:36 - 2013-12-06 14:23 - 0476596 _____ () C:\Users\jgunt_000\AppData\Roaming\Heyo.exe
2014-05-17 09:44 - 2014-05-18 19:03 - 0093600 _____ () C:\Users\jgunt_000\AppData\Roaming\output.exe
2013-12-07 13:20 - 2013-12-07 13:20 - 0000154 _____ () C:\Users\jgunt_000\AppData\Roaming\uninstall.bat
2015-02-12 22:25 - 2015-02-12 22:30 - 0001456 _____ () C:\Users\jgunt_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-06-02 16:44 - 2014-06-02 16:44 - 0004652 _____ () C:\Users\jgunt_000\AppData\Local\recently-used.xbel
2013-07-20 12:35 - 2014-10-01 16:06 - 0007597 _____ () C:\Users\jgunt_000\AppData\Local\Resmon.ResmonCfg
2013-04-07 22:39 - 2013-04-07 22:39 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-04-07 22:34 - 2013-04-07 22:35 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-04-07 22:35 - 2013-04-07 22:37 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-04-07 22:34 - 2013-04-07 22:34 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-04-07 22:37 - 2013-04-07 22:39 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some content of TEMP:
====================
C:\Users\jgunt_000\AppData\Local\Temp\Quarantine.exe
C:\Users\jgunt_000\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-18 17:24
 
==================== End Of Log ============================
 
Addition:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by jgunt_000 at 2015-03-19 19:07:36
Running from C:\Users\jgunt_000\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
[email protected] DVD Eraser v 1.1 (HKLM-x32\...\[email protected] DVD Eraser v 1.1) (Version:  - )
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Anker Precision Laser Gaming Mouse version 1.3 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.3 - ANKER Technology)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\BitTorrent) (Version: 7.8.1.29964 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Drumaxx (HKLM-x32\...\Drumaxx) (Version:  - Image-Line)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line bvba)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Harmless (HKLM-x32\...\IL Harmless) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lennar Digital Sylenth VSTi v1.2.1 (HKLM-x32\...\Lennar Digital Sylenth VSTi v1.2.1) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARDR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
Morphine (HKLM-x32\...\Morphine) (Version:  - Image-Line bvba)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.0.6464 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{9cfbd531-319f-441f-b807-cc1413b83ca8}) (Version: latest - ppy Pty Ltd)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
ROBLOX Player for jgunt_000 (HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for jgunt_000 (HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SimSynth (HKLM-x32\...\SimSynth) (Version:  - Image-Line)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.2.2636.0 - Hi-Rez Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line bvba)
Unity Web Player (HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, http://www.wireshark.org)
YGOPro DevPro (HKLM-x32\...\{43589988-FB5A-4C3A-B7EE-1D831EF9E89F}) (Version: 1.9.9 - DevPro)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-957570377-2838509885-2805766079-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\jgunt_000\AppData\Local\Roblox\Versions\version-708f91f0ad924d5c\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Restore Points  =========================
 
02-03-2015 21:25:47 Scheduled Checkpoint
10-03-2015 11:44:40 Scheduled Checkpoint
17-03-2015 18:34:07 Removed Ubisoft Game Launcher
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {183B5A5B-B88E-49CD-BE0E-3DA0CA023712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {3E9F0376-1654-4199-AC9F-74C90CDFF62D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {4D07A950-103D-4913-88C2-E43DA10BC44E} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {5933F30E-1246-498E-8BC3-CF9D048A124E} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {6816E657-2885-4C61-9564-42BF43885DE2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {74B34FBF-3C98-4CF1-B542-94392A8F0763} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-13] (Google Inc.)
Task: {7BE65D07-4A21-4296-8249-F5C2C1670B9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-13] (Google Inc.)
Task: {8C30B762-199B-4F63-A97A-0E9AE149B036} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe
Task: {9A49FC3F-88A6-4959-9E10-D13AB48FA9E8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {B23F92EC-BE2C-4CB8-9517-D6465F8FD851} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
Task: {B40D1523-9513-474D-890A-9648C4AAB0C0} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {C40BD5BD-03E5-42C8-A818-490C868397DB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D1F40020-B03B-446A-9CDB-C50DC3B5A815} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {D56777C9-8596-4B4D-94B6-892BB1C54122} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-07-28 18:37 - 2014-08-08 17:35 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-04-07 22:37 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-12-28 16:39 - 2012-12-28 16:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 16:36 - 2012-12-28 16:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 16:41 - 2012-12-28 16:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-14 18:32 - 2014-01-10 12:08 - 03353600 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
2012-12-28 16:42 - 2012-12-28 16:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2015-03-18 20:17 - 2015-03-18 20:17 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\ba24f9916c8dc4bcddd9d8fda57e1f4e\PSIClient.ni.dll
2013-04-07 22:27 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-04-07 22:35 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-14 18:32 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\uiHook.dll
2013-07-01 08:20 - 2014-11-11 14:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 17:56 - 2014-12-01 20:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-15 16:15 - 2015-02-18 19:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-19 17:56 - 2014-12-01 20:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 17:56 - 2014-12-01 20:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-28 17:45 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 17:45 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 17:45 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 17:45 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 17:45 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 17:56 - 2015-02-18 19:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-09 13:45 - 2015-01-27 21:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 20:44 - 2015-01-27 21:30 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-03-10 19:11 - 2015-03-07 02:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-10 19:11 - 2015-03-07 02:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-10 19:11 - 2015-03-07 02:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-10 19:11 - 2015-03-07 02:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Charles\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\jgunt_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\jgunt_000\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-957570377-2838509885-2805766079-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-957570377-2838509885-2805766079-500 - Administrator - Disabled)
Charles (S-1-5-21-957570377-2838509885-2805766079-1002 - Administrator - Enabled) => C:\Users\Charles
Guest (S-1-5-21-957570377-2838509885-2805766079-501 - Limited - Enabled) => C:\Users\Guest
jgunt_000 (S-1-5-21-957570377-2838509885-2805766079-1001 - Administrator - Enabled) => C:\Users\jgunt_000
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Officejet J4680 series
Description: HP Officejet J4680 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2015 05:17:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Updater.exe, version: 1.0.0.1, time stamp: 0x51d745f2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0xe0434352
Fault offset: 0x00011d4d
Faulting process id: 0x1010
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3
Faulting package full name: Updater.exe4
Faulting package-relative application ID: Updater.exe5
 
Error: (03/19/2015 05:17:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.File.InternalWriteAllBytes(System.String, Byte[], Boolean)
   at System.IO.File.WriteAllBytes(System.String, Byte[])
   at build.Main()
 
Error: (03/18/2015 10:26:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (03/18/2015 10:21:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (03/18/2015 10:21:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (03/18/2015 03:38:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 162c
 
Start Time: 01d061b261bc5267
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 5666d30f-cda6-11e4-bf1e-b8763f2ad080
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/18/2015 03:23:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Updater.exe, version: 1.0.0.1, time stamp: 0x51d745f2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0xe0434352
Fault offset: 0x00011d4d
Faulting process id: 0xc68
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3
Faulting package full name: Updater.exe4
Faulting package-relative application ID: Updater.exe5
 
Error: (03/18/2015 03:23:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.File.InternalWriteAllBytes(System.String, Byte[], Boolean)
   at System.IO.File.WriteAllBytes(System.String, Byte[])
   at build.Main()
 
Error: (03/17/2015 09:14:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Updater.exe, version: 1.0.0.1, time stamp: 0x51d745f2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0xe0434352
Fault offset: 0x00011d4d
Faulting process id: 0xcf8
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3
Faulting package full name: Updater.exe4
Faulting package-relative application ID: Updater.exe5
 
Error: (03/17/2015 09:14:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.File.InternalWriteAllBytes(System.String, Byte[], Boolean)
   at System.IO.File.WriteAllBytes(System.String, Byte[])
   at build.Main()
 
 
System errors:
=============
Error: (03/19/2015 05:09:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: 
%%2
 
Error: (03/19/2015 05:08:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%2336
 
Error: (03/19/2015 05:08:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
 
Error: (03/19/2015 05:08:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (03/19/2015 05:08:10 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (03/19/2015 05:06:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (03/19/2015 05:04:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (03/19/2015 05:02:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (03/19/2015 05:00:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (03/19/2015 04:58:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
 
Microsoft Office Sessions:
=========================
Error: (03/19/2015 05:17:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Updater.exe1.0.0.151d745f2KERNELBASE.dll6.3.9600.17055532943a3e043435200011d4d101001d0628a25f3e9fdC:\Users\jgunt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll69a482ae-ce7d-11e4-bf24-b8763f2ad080
 
Error: (03/19/2015 05:17:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.File.InternalWriteAllBytes(System.String, Byte[], Boolean)
   at System.IO.File.WriteAllBytes(System.String, Byte[])
   at build.Main()
 
Error: (03/18/2015 10:26:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (03/18/2015 10:21:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
Error: (03/18/2015 10:21:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
Error: (03/18/2015 03:38:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689162c01d061b261bc52674294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe5666d30f-cda6-11e4-bf1e-b8763f2ad080microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/18/2015 03:23:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Updater.exe1.0.0.151d745f2KERNELBASE.dll6.3.9600.17055532943a3e043435200011d4dc6801d061b0f2d78ba2C:\Users\jgunt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll3cf78a5c-cda4-11e4-bf1e-b8763f2ad080
 
Error: (03/18/2015 03:23:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.File.InternalWriteAllBytes(System.String, Byte[], Boolean)
   at System.IO.File.WriteAllBytes(System.String, Byte[])
   at build.Main()
 
Error: (03/17/2015 09:14:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Updater.exe1.0.0.151d745f2KERNELBASE.dll6.3.9600.17055532943a3e043435200011d4dcf801d06118bfbefb38C:\Users\jgunt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll15d7a242-cd0c-11e4-bf1e-b8763f2ad080
 
Error: (03/17/2015 09:14:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.File.InternalWriteAllBytes(System.String, Byte[], Boolean)
   at System.IO.File.WriteAllBytes(System.String, Byte[])
   at build.Main()
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-15 11:03:00.135
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-12 20:39:56.553
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-18 20:13:03.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-14 12:22:45.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-08 13:03:55.456
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-05 16:36:17.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 11:19:28.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 11:36:19.692
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-19 11:14:58.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-17 14:05:04.932
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 1007U @ 1.50GHz
Percentage of memory in use: 54%
Total physical RAM: 3965.27 MB
Available physical RAM: 1822.27 MB
Total Pagefile: 7933.27 MB
Available Pagefile: 5488.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.86 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:287.3 GB) (Free:139.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B9C75944)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Most Recent Malware Bytes Scan Of these Items.
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/03/17 21:14:34 -0400</date>
<logfile>mbam-log-2015-03-17 (21-14-33).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.03.17.08</malware-database>
<rootkit-database>v2015.02.25.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>jgunt_000</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>494601</objects>
<time>3942</time>
<processes>0</processes>
<modules>0</modules>
<keys>1</keys>
<values>0</values>
<datas>0</datas>
<folders>1</folders>
<files>1</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-21-957570377-2838509885-2805766079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC</path><vendor>Malware.Trace</vendor><action>success</action><hash>7831130ff19987af1cda326ec242c937</hash></key>
<folder><path>C:\Users\jgunt_000\AppData\Roaming\dclogs</path><vendor>Stolen.Data</vendor><action>success</action><hash>5653ce544a406fc7dfb4329d42c224dc</hash></folder>
<file><path>C:\Users\jgunt_000\AppData\Roaming\dclogs\2015-03-17-3.dc</path><vendor>Stolen.Data</vendor><action>success</action><hash>5653ce544a406fc7dfb4329d42c224dc</hash></file>
</items>
</mbam-log>
 
 

  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey, I need the correct MBAM Log. :)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: dclogs, malware.trace, stolen.data, keylogger

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP