Jump to content

lampathy

Members
  • Posts

    33
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much for all your help Gringo. I have WinPatrol running as we speak, my computer is running faster and there have been no more alerts from avast! You are awesome! I now uninstall everything with Revo and kept CCleaner installed. I will also take your other advice. Thank you again Gringo.
  2. <p> </p> <div>C:\Users\Sami\Downloads\DTLite4461-0327.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>C:\Users\Sami\Downloads\Setup_FreeConverter.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.SearchSuite application</div> <div>C:\Users\Sami\Downloads\WinZip170.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/OpenInstall application</div> <div>C:\Users\Sami\Downloads\backups\backup-20130309-213835-124-PowerReg Scheduler.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/PowerReg application</div> <div> </div>
  3. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.03.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sami :: SAMI-PC [administrator] 09/03/2013 21:10:27 mbam-log-2013-03-09 (21-10-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213605 Time elapsed: 1 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:15:14, on 09/03/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe D:\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Sami\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {4DB74D06-491C-440D-305E-012400990F3E} - C:\Windows\SysWOW64\csscdll.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Monitor] "D:\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\Sami\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Acer VCM.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - D:\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12012 bytes No problems, everything is going fine
  4. ComboFix 13-03-09.01 - Sami 09/03/2013 19:48:04.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8124.6243 [GMT 0:00] Running from: c:\users\Sami\Downloads\ComboFix.exe Command switches used :: c:\users\Sami\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-09 to 2013-03-09 ))))))))))))))))))))))))))))))) . . 2013-03-09 19:53 . 2013-03-09 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-08 20:36 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C0D49F0-9AF1-4B65-98C9-2B0FA976D34C}\mpengine.dll 2013-03-08 15:24 . 2013-03-08 15:24 -------- d-----w- c:\program files (x86)\Avira 2013-03-07 19:20 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-07 00:14 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-07 00:14 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-06 12:43 . 2013-03-06 12:43 -------- d-----w- c:\programdata\NCH Software 2013-03-06 12:43 . 2013-03-06 12:43 -------- d-----w- c:\program files (x86)\NCH Software 2013-03-06 12:43 . 2013-03-06 12:43 -------- d-----w- c:\users\Sami\AppData\Roaming\NCH Software 2013-03-06 12:35 . 2013-03-06 12:35 -------- d-----w- c:\users\Sami\AppData\Roaming\NCH Swift Sound 2013-03-05 22:40 . 2013-03-08 12:59 -------- d-----w- c:\users\Sami\AppData\Roaming\Realore_Whiterra Adelantado2 2013-03-05 22:39 . 2013-03-05 22:39 -------- d-----w- c:\windows\Adelantado Trilogy Book Two 2013-03-05 22:37 . 2013-03-05 22:37 -------- d-----w- c:\windows\SysWow64\3045 2013-03-04 23:17 . 2013-03-05 00:54 -------- d-----w- c:\users\Sami\AppData\Roaming\realore_whiterra_adelantado_beta 2013-03-04 23:17 . 2013-03-04 23:17 -------- d-----w- c:\windows\Adelantado 2013-03-03 14:44 . 2013-03-03 14:44 -------- d-----w- c:\users\Sami\AppData\Roaming\Leadertech 2013-03-03 14:37 . 2013-03-03 14:37 -------- d-----w- c:\program files (x86)\Infogrames Interactive 2013-03-02 22:27 . 2013-03-02 22:27 -------- d-----w- c:\users\Sami\AppData\Roaming\BlamGames 2013-03-02 22:09 . 2013-03-02 22:09 -------- d-----w- c:\windows\The Keepers 2 - The Order's Last Secret CE 2013-03-01 19:15 . 2013-03-01 19:17 -------- d-----w- C:\Island Echo 2013-02-28 00:27 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-02-28 00:27 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-02-28 00:27 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-02-28 00:27 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-02-25 18:15 . 2013-02-25 18:15 -------- d-----w- c:\program files (x86)\GOGcom 2013-02-24 19:22 . 2013-02-24 19:22 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2013-02-24 19:21 . 2013-02-24 19:21 -------- d-----w- c:\windows\PCHEALTH 2013-02-24 19:21 . 2013-02-24 19:21 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework 2013-02-24 19:21 . 2013-02-24 19:21 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2013-02-24 19:15 . 2013-02-24 19:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2013-02-24 19:15 . 2013-02-24 19:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-02-24 19:09 . 2013-02-24 19:10 -------- d-----w- C:\MS OFFICE 2013-02-23 22:52 . 2013-02-23 22:52 -------- d-----w- c:\users\Sami\AppData\Roaming\Liam games 2013-02-21 22:57 . 2013-02-21 22:57 -------- d-----w- c:\users\Sami\AppData\Roaming\DailyMagic 2013-02-21 22:57 . 2013-02-21 22:57 -------- d-----w- c:\programdata\DailyMagic 2013-02-21 22:30 . 2013-02-21 22:31 -------- d-----w- c:\program files\CCleaner 2013-02-21 22:30 . 2013-02-21 22:30 -------- d-----w- c:\windows\Sable Maze - Sullivan River Collector's Edition 2013-02-19 14:41 . 2013-02-19 14:43 256000 ----a-w- c:\users\Sami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe 2013-02-19 14:39 . 2013-02-18 01:15 45568 ----a-w- c:\windows\UniFish3.exe 2013-02-19 12:29 . 2013-02-19 12:29 -------- d-----w- c:\users\Sami\AppData\Roaming\Color Brush 2013-02-19 12:29 . 2013-02-19 12:29 -------- d-----w- c:\programdata\Color Brush 2013-02-18 14:14 . 2013-02-18 14:14 -------- d-----w- c:\users\Sami\AppData\Local\GameHouse 2013-02-18 14:13 . 2013-02-18 14:14 -------- d-----w- c:\program files (x86)\Bejeweled 3 2013-02-18 14:13 . 2013-02-18 14:13 -------- d-----w- c:\windows\Bejeweled 3 2013-02-18 13:12 . 2013-02-18 14:12 -------- d-----w- C:\Bejeweled 3 (PC) 2013-02-17 16:52 . 2013-02-17 16:52 -------- d-----w- c:\users\Sami\AppData\Roaming\Playrix Entertainment 2013-02-17 09:40 . 2013-02-20 19:27 -------- d-----w- c:\programdata\Playrix Entertainment 2013-02-17 07:33 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-02-17 07:33 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-02-17 07:33 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2013-02-17 07:33 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2013-02-17 07:30 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-02-16 19:17 . 2013-02-16 19:17 -------- d-----w- c:\windows\system32\SPReview 2013-02-16 19:16 . 2013-02-16 19:16 -------- d-----w- c:\windows\system32\EventProviders 2013-02-15 09:13 . 2013-03-09 18:22 -------- d-s---w- c:\users\Sami\Google Drive 2013-02-14 22:28 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 22:28 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 09:40 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-14 09:40 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-14 09:40 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-14 09:40 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-14 09:40 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-14 09:40 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-14 09:40 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-14 09:40 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-14 09:40 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-14 09:40 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-14 09:39 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-14 09:39 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-14 09:39 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2013-02-13 21:05 . 2013-02-13 21:05 -------- d-----w- c:\users\Sami\AppData\Roaming\PlayFavoriteGames 2013-02-13 20:45 . 2013-02-13 20:45 -------- d-----w- c:\windows\9 - The Dark Side Of Notre Dame Collector's Edition 2013-02-12 22:06 . 2013-02-12 22:06 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-11 22:25 . 2013-03-04 08:47 -------- d-----w- c:\programdata\AlawarEntertainment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-28 08:36 . 2012-12-18 16:05 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-02-28 08:36 . 2012-12-18 16:06 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-02-28 08:36 . 2012-12-18 16:05 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-02-28 08:36 . 2012-12-18 16:05 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-02-28 08:36 . 2012-12-18 16:05 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-02-28 08:36 . 2012-12-18 16:06 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-02-28 08:36 . 2012-12-18 16:05 41664 ----a-w- c:\windows\avastSS.scr 2013-02-28 08:35 . 2012-12-14 20:00 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-26 21:13 . 2012-12-28 11:08 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 21:13 . 2012-12-28 11:08 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-16 19:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-02-16 19:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2013-02-14 22:31 . 2012-12-15 10:58 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-12 22:06 . 2012-12-15 22:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 22:06 . 2012-12-15 22:01 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-30 10:53 . 2010-03-12 07:21 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 15:59 . 2013-01-20 15:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 15:59 . 2012-08-30 22:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-11 16:49 . 2013-01-10 20:22 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys 2013-01-11 16:49 . 2013-01-10 20:22 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2013-01-04 04:43 . 2013-02-14 09:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-01 21:33 . 2012-12-20 23:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2012-12-26 20:56 . 2012-12-21 21:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-12-20 23:07 . 2012-12-20 23:08 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll 2012-12-20 23:07 . 2012-12-20 23:08 3572024 ----a-w- c:\windows\system32\bcmihvui64.dll 2012-12-20 23:07 . 2012-12-20 23:08 4572224 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS 2012-12-20 23:07 . 2012-12-20 23:08 3906360 ----a-w- c:\windows\system32\bcmihvsrv64.dll 2012-12-16 17:11 . 2012-12-22 03:01 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 03:01 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 16:11 . 2010-06-24 11:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-12-15 10:51 . 2012-12-15 10:51 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-12-15 10:51 . 2012-12-15 10:51 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-12-15 10:51 . 2012-12-15 10:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-12-15 10:51 . 2012-12-15 10:51 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-12-15 10:51 . 2012-12-15 10:51 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-12-15 10:51 . 2012-12-15 10:51 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-12-15 10:51 . 2012-12-15 10:51 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-12-15 10:51 . 2012-12-15 10:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-12-15 10:51 . 2012-12-15 10:51 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-12-15 10:51 . 2012-12-15 10:51 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-12-15 10:51 . 2012-12-15 10:51 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-12-15 10:51 . 2012-12-15 10:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-12-15 10:51 . 2012-12-15 10:51 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-12-15 10:51 . 2012-12-15 10:51 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-12-15 10:51 . 2012-12-15 10:51 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-12-15 10:51 . 2012-12-15 10:51 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-12-15 10:51 . 2012-12-15 10:51 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-12-15 10:51 . 2012-12-15 10:51 222208 ----a-w- c:\windows\system32\msls31.dll 2012-12-15 10:51 . 2012-12-15 10:51 197120 ----a-w- c:\windows\system32\msrating.dll 2012-12-15 10:51 . 2012-12-15 10:51 149504 ----a-w- c:\windows\system32\occache.dll 2012-12-15 10:51 . 2012-12-15 10:51 12288 ----a-w- c:\windows\system32\mshta.exe 2012-12-15 10:51 . 2012-12-15 10:51 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-12-15 10:51 . 2012-12-15 10:51 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-12-15 10:51 . 2012-12-15 10:51 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-12-15 10:51 . 2012-12-15 10:51 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-12-15 10:51 . 2012-12-15 10:51 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-12-15 10:51 . 2012-12-15 10:51 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-12-15 10:51 . 2012-12-15 10:51 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-12-15 10:51 . 2012-12-15 10:51 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-12-15 10:51 . 2012-12-15 10:51 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-12-15 10:51 . 2012-12-15 10:51 114176 ----a-w- c:\windows\system32\admparse.dll 2012-12-15 10:51 . 2012-12-15 10:51 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-12-15 10:51 . 2012-12-15 10:51 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-12-15 10:51 . 2012-12-15 10:51 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-12-15 10:51 . 2012-12-15 10:51 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-12-15 10:51 . 2012-12-15 10:51 82432 ----a-w- c:\windows\system32\icardie.dll 2012-12-15 10:51 . 2012-12-15 10:51 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-12-15 10:51 . 2012-12-15 10:51 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-12-15 10:51 . 2012-12-15 10:51 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-12-15 10:51 . 2012-12-15 10:51 448512 ----a-w- c:\windows\system32\html.iec 2012-12-15 10:51 . 2012-12-15 10:51 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-12-15 10:51 . 2012-12-15 10:51 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-12-15 10:51 . 2012-12-15 10:51 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-12-15 10:51 . 2012-12-15 10:51 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-12-15 10:51 . 2012-12-15 10:51 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-12-15 10:51 . 2012-12-15 10:51 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-12-15 10:51 . 2012-12-15 10:51 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-12-15 10:51 . 2012-12-15 10:51 160256 ----a-w- c:\windows\system32\wextract.exe 2012-12-15 10:51 . 2012-12-15 10:51 103936 ----a-w- c:\windows\system32\inseng.dll 2012-12-14 16:49 . 2012-12-15 09:50 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E}] 2010-11-20 12:18 73728 ----a-w- c:\windows\SysWOW64\csscdll.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-12 39408] "RockMelt Update"="c:\users\Sami\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-12-16 136336] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-25 1289296] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-08 201512] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-09 260608] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304] "VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2010-03-08 3577712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304] "Monitor"="d:\leapfrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] . c:\users\Sami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2013-2-19 256000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-3-12 704032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2012-09-28 40320] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-08-31 48128] R3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [2009-08-31 68096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-15 1255736] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-26 283200] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-25 325200] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336] S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2010-03-08 3456880] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2011-09-15 36656] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304] S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2010-03-05 75624] S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2010-01-11 50976] S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - avipbb . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-05 12:30 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-09 c:\windows\Tasks\Acer Registration Data Sending.job - c:\program files (x86)\Acer\Registration\GREG.exe [2009-08-28 09:40] . 2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-28 21:13] . 2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 20:01] . 2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 20:01] . 2013-03-08 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2874474305-1463076172-807906432-1001Core.job - c:\users\Sami\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-12-16 22:13] . 2013-03-09 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2874474305-1463076172-807906432-1001UA.job - c:\users\Sami\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-12-16 22:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-19 10134560] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2874474305-1463076172-807906432-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-2874474305-1463076172-807906432-1001) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.eml.14" . [HKEY_USERS\S-1-5-21-2874474305-1463076172-807906432-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-2874474305-1463076172-807906432-1001) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.vcf.14" . [HKEY_USERS\S-1-5-21-2874474305-1463076172-807906432-1001\Software\SecuROM\License information*] "datasecu"=hex:c8,59,65,be,3d,d2,80,9b,2d,4c,32,ca,66,77,c5,68,76,6c,06,e3,ec, 8b,a3,25,da,36,05,2c,39,a2,eb,47,1d,5c,92,25,98,05,32,26,5f,a5,08,1d,35,75,\ "rkeysecu"=hex:e9,3e,d5,b7,ce,45,d6,b3,1a,dc,e5,50,2a,36,76,fd . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-09 19:55:11 ComboFix-quarantined-files.txt 2013-03-09 19:55 ComboFix2.txt 2013-03-09 18:05 ComboFix3.txt 2013-03-09 16:29 . Pre-Run: 186,196,508,672 bytes free Post-Run: 186,150,379,520 bytes free . - - End Of File - - 79B6792BA34376D360091F460DB0BABE No problems, no restart, everything seems to be running smoothly.
  5. ComboFix 13-03-09.01 - Sami 09/03/2013 17:58:11.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8124.6274 [GMT 0:00] Running from: c:\users\Sami\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-09 to 2013-03-09 ))))))))))))))))))))))))))))))) . . 2013-03-09 18:03 . 2013-03-09 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-08 20:36 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C0D49F0-9AF1-4B65-98C9-2B0FA976D34C}\mpengine.dll 2013-03-08 15:29 . 2013-03-08 15:29 -------- d-----w- c:\users\Sami\AppData\Roaming\Avira 2013-03-08 15:24 . 2013-03-08 15:20 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-08 15:24 . 2013-03-08 15:20 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-08 15:24 . 2013-03-08 15:20 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-08 15:24 . 2013-03-08 15:24 -------- d-----w- c:\programdata\Avira 2013-03-08 15:24 . 2013-03-08 15:24 -------- d-----w- c:\program files (x86)\Avira 2013-03-07 19:20 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-07 00:14 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-07 00:14 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-06 12:43 . 2013-03-06 12:43 -------- d-----w- c:\programdata\NCH Software 2013-03-06 12:43 . 2013-03-06 12:43 -------- d-----w- c:\program files (x86)\NCH Software 2013-03-06 12:43 . 2013-03-06 12:43 -------- d-----w- c:\users\Sami\AppData\Roaming\NCH Software 2013-03-06 12:35 . 2013-03-06 12:35 -------- d-----w- c:\users\Sami\AppData\Roaming\NCH Swift Sound 2013-03-05 22:40 . 2013-03-08 12:59 -------- d-----w- c:\users\Sami\AppData\Roaming\Realore_Whiterra Adelantado2 2013-03-05 22:39 . 2013-03-05 22:39 -------- d-----w- c:\windows\Adelantado Trilogy Book Two 2013-03-05 22:37 . 2013-03-05 22:37 -------- d-----w- c:\windows\SysWow64\3045 2013-03-04 23:17 . 2013-03-05 00:54 -------- d-----w- c:\users\Sami\AppData\Roaming\realore_whiterra_adelantado_beta 2013-03-04 23:17 . 2013-03-04 23:17 -------- d-----w- c:\windows\Adelantado 2013-03-03 14:44 . 2013-03-03 14:44 -------- d-----w- c:\users\Sami\AppData\Roaming\Leadertech 2013-03-03 14:37 . 2013-03-03 14:37 -------- d-----w- c:\program files (x86)\Infogrames Interactive 2013-03-02 22:27 . 2013-03-02 22:27 -------- d-----w- c:\users\Sami\AppData\Roaming\BlamGames 2013-03-02 22:09 . 2013-03-02 22:09 -------- d-----w- c:\windows\The Keepers 2 - The Order's Last Secret CE 2013-03-01 19:15 . 2013-03-01 19:17 -------- d-----w- C:\Island Echo 2013-02-28 00:27 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-02-28 00:27 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-02-28 00:27 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-02-28 00:27 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-02-25 18:15 . 2013-02-25 18:15 -------- d-----w- c:\program files (x86)\GOGcom 2013-02-24 19:22 . 2013-02-24 19:22 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2013-02-24 19:21 . 2013-02-24 19:21 -------- d-----w- c:\windows\PCHEALTH 2013-02-24 19:21 . 2013-02-24 19:21 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework 2013-02-24 19:21 . 2013-02-24 19:21 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2013-02-24 19:15 . 2013-02-24 19:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2013-02-24 19:15 . 2013-02-24 19:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-02-24 19:09 . 2013-02-24 19:10 -------- d-----w- C:\MS OFFICE 2013-02-23 22:52 . 2013-02-23 22:52 -------- d-----w- c:\users\Sami\AppData\Roaming\Liam games 2013-02-21 22:57 . 2013-02-21 22:57 -------- d-----w- c:\users\Sami\AppData\Roaming\DailyMagic 2013-02-21 22:57 . 2013-02-21 22:57 -------- d-----w- c:\programdata\DailyMagic 2013-02-21 22:30 . 2013-02-21 22:31 -------- d-----w- c:\program files\CCleaner 2013-02-21 22:30 . 2013-02-21 22:30 -------- d-----w- c:\windows\Sable Maze - Sullivan River Collector's Edition 2013-02-19 14:41 . 2013-02-19 14:43 256000 ----a-w- c:\users\Sami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe 2013-02-19 14:39 . 2013-02-18 01:15 45568 ----a-w- c:\windows\UniFish3.exe 2013-02-19 12:29 . 2013-02-19 12:29 -------- d-----w- c:\users\Sami\AppData\Roaming\Color Brush 2013-02-19 12:29 . 2013-02-19 12:29 -------- d-----w- c:\programdata\Color Brush 2013-02-18 14:14 . 2013-02-18 14:14 -------- d-----w- c:\users\Sami\AppData\Local\GameHouse 2013-02-18 14:13 . 2013-02-18 14:14 -------- d-----w- c:\program files (x86)\Bejeweled 3 2013-02-18 14:13 . 2013-02-18 14:13 -------- d-----w- c:\windows\Bejeweled 3 2013-02-18 13:12 . 2013-02-18 14:12 -------- d-----w- C:\Bejeweled 3 (PC) 2013-02-17 16:52 . 2013-02-17 16:52 -------- d-----w- c:\users\Sami\AppData\Roaming\Playrix Entertainment 2013-02-17 09:40 . 2013-02-20 19:27 -------- d-----w- c:\programdata\Playrix Entertainment 2013-02-17 07:33 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-02-17 07:33 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-02-17 07:33 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2013-02-17 07:33 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2013-02-17 07:30 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-02-16 19:17 . 2013-02-16 19:17 -------- d-----w- c:\windows\system32\SPReview 2013-02-16 19:16 . 2013-02-16 19:16 -------- d-----w- c:\windows\system32\EventProviders 2013-02-15 09:13 . 2013-03-09 17:37 -------- d-s---w- c:\users\Sami\Google Drive 2013-02-14 22:28 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 22:28 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 09:40 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-14 09:40 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-14 09:40 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-14 09:40 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-14 09:40 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-14 09:40 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-14 09:40 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-14 09:40 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-14 09:40 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-14 09:40 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-14 09:39 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-14 09:39 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-14 09:39 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2013-02-13 21:05 . 2013-02-13 21:05 -------- d-----w- c:\users\Sami\AppData\Roaming\PlayFavoriteGames 2013-02-13 20:45 . 2013-02-13 20:45 -------- d-----w- c:\windows\9 - The Dark Side Of Notre Dame Collector's Edition 2013-02-12 22:06 . 2013-02-12 22:06 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-11 22:25 . 2013-03-04 08:47 -------- d-----w- c:\programdata\AlawarEntertainment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-28 08:36 . 2012-12-18 16:05 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-02-28 08:36 . 2012-12-18 16:06 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-02-28 08:36 . 2012-12-18 16:05 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-02-28 08:36 . 2012-12-18 16:05 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-02-28 08:36 . 2012-12-18 16:05 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-02-28 08:36 . 2012-12-18 16:06 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-02-28 08:36 . 2012-12-18 16:05 41664 ----a-w- c:\windows\avastSS.scr 2013-02-28 08:35 . 2012-12-14 20:00 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-26 21:13 . 2012-12-28 11:08 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 21:13 . 2012-12-28 11:08 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-16 19:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-02-16 19:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2013-02-14 22:31 . 2012-12-15 10:58 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-12 22:06 . 2012-12-15 22:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 22:06 . 2012-12-15 22:01 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-30 10:53 . 2010-03-12 07:21 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 15:59 . 2013-01-20 15:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 15:59 . 2012-08-30 22:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-11 16:49 . 2013-01-10 20:22 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys 2013-01-11 16:49 . 2013-01-10 20:22 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2013-01-04 04:43 . 2013-02-14 09:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-01 21:33 . 2012-12-20 23:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2012-12-26 20:56 . 2012-12-21 21:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-12-20 23:07 . 2012-12-20 23:08 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll 2012-12-20 23:07 . 2012-12-20 23:08 3572024 ----a-w- c:\windows\system32\bcmihvui64.dll 2012-12-20 23:07 . 2012-12-20 23:08 4572224 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS 2012-12-20 23:07 . 2012-12-20 23:08 3906360 ----a-w- c:\windows\system32\bcmihvsrv64.dll 2012-12-16 17:11 . 2012-12-22 03:01 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 03:01 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 16:11 . 2010-06-24 11:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-12-15 10:51 . 2012-12-15 10:51 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-12-15 10:51 . 2012-12-15 10:51 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-12-15 10:51 . 2012-12-15 10:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-12-15 10:51 . 2012-12-15 10:51 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-12-15 10:51 . 2012-12-15 10:51 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-12-15 10:51 . 2012-12-15 10:51 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-12-15 10:51 . 2012-12-15 10:51 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-12-15 10:51 . 2012-12-15 10:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-12-15 10:51 . 2012-12-15 10:51 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-12-15 10:51 . 2012-12-15 10:51 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-12-15 10:51 . 2012-12-15 10:51 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-12-15 10:51 . 2012-12-15 10:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-12-15 10:51 . 2012-12-15 10:51 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-12-15 10:51 . 2012-12-15 10:51 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-12-15 10:51 . 2012-12-15 10:51 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-12-15 10:51 . 2012-12-15 10:51 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-12-15 10:51 . 2012-12-15 10:51 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-12-15 10:51 . 2012-12-15 10:51 222208 ----a-w- c:\windows\system32\msls31.dll 2012-12-15 10:51 . 2012-12-15 10:51 197120 ----a-w- c:\windows\system32\msrating.dll 2012-12-15 10:51 . 2012-12-15 10:51 149504 ----a-w- c:\windows\system32\occache.dll 2012-12-15 10:51 . 2012-12-15 10:51 12288 ----a-w- c:\windows\system32\mshta.exe 2012-12-15 10:51 . 2012-12-15 10:51 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-12-15 10:51 . 2012-12-15 10:51 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-12-15 10:51 . 2012-12-15 10:51 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-12-15 10:51 . 2012-12-15 10:51 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-12-15 10:51 . 2012-12-15 10:51 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-12-15 10:51 . 2012-12-15 10:51 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-12-15 10:51 . 2012-12-15 10:51 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-12-15 10:51 . 2012-12-15 10:51 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-12-15 10:51 . 2012-12-15 10:51 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-12-15 10:51 . 2012-12-15 10:51 114176 ----a-w- c:\windows\system32\admparse.dll 2012-12-15 10:51 . 2012-12-15 10:51 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-12-15 10:51 . 2012-12-15 10:51 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-12-15 10:51 . 2012-12-15 10:51 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-12-15 10:51 . 2012-12-15 10:51 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-12-15 10:51 . 2012-12-15 10:51 82432 ----a-w- c:\windows\system32\icardie.dll 2012-12-15 10:51 . 2012-12-15 10:51 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-12-15 10:51 . 2012-12-15 10:51 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-12-15 10:51 . 2012-12-15 10:51 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-12-15 10:51 . 2012-12-15 10:51 448512 ----a-w- c:\windows\system32\html.iec 2012-12-15 10:51 . 2012-12-15 10:51 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-12-15 10:51 . 2012-12-15 10:51 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-12-15 10:51 . 2012-12-15 10:51 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-12-15 10:51 . 2012-12-15 10:51 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-12-15 10:51 . 2012-12-15 10:51 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-12-15 10:51 . 2012-12-15 10:51 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-12-15 10:51 . 2012-12-15 10:51 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-12-15 10:51 . 2012-12-15 10:51 160256 ----a-w- c:\windows\system32\wextract.exe 2012-12-15 10:51 . 2012-12-15 10:51 103936 ----a-w- c:\windows\system32\inseng.dll 2012-12-14 16:49 . 2012-12-15 09:50 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E}] 2010-11-20 12:18 73728 ----a-w- c:\windows\SysWOW64\csscdll.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-12 39408] "RockMelt Update"="c:\users\Sami\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-12-16 136336] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-25 1289296] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-08 201512] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-09 260608] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304] "VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2010-03-08 3577712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304] "Monitor"="d:\leapfrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-08 385248] . c:\users\Sami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2013-2-19 256000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-3-12 704032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2012-09-28 40320] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-08-31 48128] R3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [2009-08-31 68096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-15 1255736] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-08 27800] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-26 283200] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-08 86752] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-25 325200] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336] S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2010-03-08 3456880] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2011-09-15 36656] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304] S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2010-03-05 75624] S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2010-01-11 50976] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-05 12:30 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-09 c:\windows\Tasks\Acer Registration Data Sending.job - c:\program files (x86)\Acer\Registration\GREG.exe [2009-08-28 09:40] . 2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-28 21:13] . 2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 20:01] . 2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 20:01] . 2013-03-08 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2874474305-1463076172-807906432-1001Core.job - c:\users\Sami\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-12-16 22:13] . 2013-03-09 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2874474305-1463076172-807906432-1001UA.job - c:\users\Sami\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-12-16 22:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-19 10134560] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2874474305-1463076172-807906432-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-2874474305-1463076172-807906432-1001) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.eml.14" . [HKEY_USERS\S-1-5-21-2874474305-1463076172-807906432-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-2874474305-1463076172-807906432-1001) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.vcf.14" . [HKEY_USERS\S-1-5-21-2874474305-1463076172-807906432-1001\Software\SecuROM\License information*] "datasecu"=hex:c8,59,65,be,3d,d2,80,9b,2d,4c,32,ca,66,77,c5,68,76,6c,06,e3,ec, 8b,a3,25,da,36,05,2c,39,a2,eb,47,1d,5c,92,25,98,05,32,26,5f,a5,08,1d,35,75,\ "rkeysecu"=hex:e9,3e,d5,b7,ce,45,d6,b3,1a,dc,e5,50,2a,36,76,fd . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-09 18:05:54 ComboFix-quarantined-files.txt 2013-03-09 18:05 ComboFix2.txt 2013-03-09 16:29 . Pre-Run: 186,156,507,136 bytes free Post-Run: 185,725,394,944 bytes free . - - End Of File - - DBFB460461DE5E7656769C63F9978080 Comp needed to restart, all I got was a black screen after the green welcome screen. had to restart a couple of times before desktop explorer loaded. Everything else seems to be fine. Sorry, thought I had got everything turned off. Didn't mean to panic.
  6. Hi Gringo, I would love to post the log but every program I try to start, I get a box telling me the registry key has been marked for deletion. I am using my husbands laptop right now, and I am getting a little worried! I can't even transfer the log using a thumbdrive. Um, what now?
  7. Hi Gringo, Thank you so much for taking the time to help me. Results of screen317's Security Check version 0.99.60 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Microsoft Security Essentials Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 13 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.171 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` # AdwCleaner v2.114 - Logfile created 03/08/2013 at 23:00:10 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Sami - SAMI-PC # Boot Mode : Normal # Running from : C:\Users\Sami\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Sami\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\Program Files (x86)\GamesBar Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\Sami\AppData\Local\Temp\boost_interprocess ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Google Chrome v25.0.1364.152 File : C:\Users\Sami\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1145 octets] - [08/03/2013 23:00:10] ########## EOF - C:\AdwCleaner[s1].txt - [1205 octets] ########## RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sami [Admin rights] Mode : Remove -- Date : 03/08/2013 23:11:51 | ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤ [Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc] [Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc] [sUSP PATH] ToolbarUpdater.exe -- C:\Users\Sami\AppData\Local\Temp\ToolbarUpdater.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BEVT-22A0RT0 +++++ --- User --- [MBR] 384d406136c0552c817f67fbc49b88d2 [bSP] 3bc7b8c3909f6d2db17f0c33c8e48490 : MBR Code unknown Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 25167872 | Size: 3584 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32507904 | Size: 100 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 32712704 | Size: 594506 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_03082013_02d2311.txt >> RKreport[1]_S_03082013_02d2310.txt ; RKreport[2]_D_03082013_02d2311.txt Lampathy
  8. Hi there, I keep having annoying snatches of speech and music played on my desktop and when I turned my laptop on sometimes desktop explorer is just black. Help! DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 14/12/2012 19:21:45 System Uptime: 08/03/2013 20:21:59 (1 hours ago) . Motherboard: Acer | | SM83-CP Processor: Intel® Core i7 CPU Q 720 @ 1.60GHz | CPU 1 | 1600/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 290 GiB total, 171.129 GiB free. D: is FIXED (NTFS) - 290 GiB total, 202.428 GiB free. E: is CDROM (CDFS) F: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP76: 28/02/2013 00:26:22 - Windows Update RP77: 03/03/2013 12:37:04 - Windows Update RP78: 03/03/2013 14:37:05 - Installed RollerCoaster Tycoon 2 RP79: 03/03/2013 14:41:44 - Installed RollerCoaster Tycoon 2: Wacky Worlds RP80: 03/03/2013 14:43:56 - Installed RollerCoaster Tycoon 2: Time Twister RP81: 03/03/2013 14:48:25 - Removed RollerCoaster Tycoon 2: Time Twister RP82: 03/03/2013 14:49:52 - Installed RollerCoaster Tycoon 2: Time Twister RP83: 03/03/2013 19:51:52 - Removed RollerCoaster Tycoon 2: Time Twister RP84: 06/03/2013 19:09:39 - Windows Update . ==== Installed Programs ====================== . Acer Arcade Instant On Acer Backup Manager Acer Bio Protection Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer Registration Acer Updater Acer VCM Acrobat.com Adelantado Adelantado Trilogy Book Two Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.1 MUI Angry Birds Seasons Anno 1503 GOLD Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATI Catalyst Install Manager µTorrent avast! Free Antivirus Avira Free Antivirus Backup Manager Advance Barn Yarn Collectors Edition Beach Life Bejeweled 3 Broadcom 802.11 Network Adapter Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Express Talk Fable III Farmscapes CE 1.00 Fingerprint Solution Free Mp3 Wma Converter V 2.2 Gardenscapes - Mansion Makeover Collectors Edition Gardenscapes 1.00 Gardenscapes 2 Collectors 1.00 Google Chrome Google Drive Google Toolbar for Internet Explorer Google Update Helper Haunting at Cliffhouse Identity Card Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Intel® Turbo Boost Technology Monitor Java 7 Update 13 Java Auto Updater Junk Mail filter update Launch Manager LeapFrog Connect LeapFrog LeapPad Explorer Plugin LeapFrog Leapster Explorer Plugin Louisiana Adventure Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft WSE 3.0 Runtime Miskatonic MSVCRT MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Nuvoton CIR Device Drivers NVIDIA PhysX O2Micro 1394 OHCI Compliant Host Controller Driver O2Micro Flash Memory Card Windows Driver Realtek High Definition Audio Driver RockMelt Roll RollerCoaster Tycoon 2 RollerCoaster Tycoon 2: Wacky Worlds RollerCoaster Tycoon Deluxe Secret Files 3 © Deep Silver version 1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skype™ 6.1 Slingo Quest Hawaii Steam Sweet Kingdom - Enchanted Princess Synaptics Pointing Device Driver The Testament of Sherlock Holmes Tropico 2: Pirate Cove Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) Welcome Center Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Writer WinZip 17.0 Zeus and Poseidon . ==== Event Viewer Messages From Past Week ======== . 08/03/2013 20:26:13, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 08/03/2013 20:26:04, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 08/03/2013 13:04:06, Error: Service Control Manager [7034] - The Toolbar Updater service terminated unexpectedly. It has done this 1 time(s). 08/03/2013 09:23:42, Error: Service Control Manager [7023] - The Server service terminated with the following error: A system shutdown is in progress. 08/03/2013 09:23:42, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started. 05/03/2013 17:07:58, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.985.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 05/03/2013 17:07:58, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.985.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 03/03/2013 08:51:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect. 03/03/2013 08:51:26, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2 Run by Sami at 21:53:56 on 2013-03-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8124.5891 [GMT 0:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe C:\Windows\system32\WLANExt.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Users\Sami\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe D:\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\Acer Bio Protection\BASVC.exe D:\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe C:\Users\Sami\AppData\Local\Temp\ToolbarUpdater.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\SysWOW64\WinMonitor.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Users\Sami\AppData\Local\RockMelt\Application\rockmelt.exe C:\Users\Sami\AppData\Local\RockMelt\Application\rockmelt.exe C:\Users\Sami\AppData\Local\RockMelt\Application\rockmelt.exe C:\Users\Sami\AppData\Local\RockMelt\Application\rockmelt.exe C:\Users\Sami\AppData\Local\RockMelt\Application\rockmelt.exe C:\Users\Sami\AppData\Local\RockMelt\Application\rockmelt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {4DB74D06-491C-440D-305E-012400990F3E} - C:\Windows\SysWOW64\csscdll.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [RockMelt Update] "C:\Users\Sami\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Monitor] "D:\LeapFrog\LeapFrog Connect\Monitor.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min StartupFolder: C:\Users\Sami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe StartupFolder: C:\Users\Sami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx TCP: NameServer = 192.168.0.1 TCP: Interfaces\{26611264-994B-4962-9D76-CCA58F047AE1} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{26611264-994B-4962-9D76-CCA58F047AE1}\3596D62616 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{26FE4ACE-CB9D-4600-8142-A2F08F7E563A} : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_8943g&r=27361212i616l04h3z125t4681n93s x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-7 65408] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-7 177672] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-18 1025880] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-18 377992] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-8 27800] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-21 283200] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-12 202752] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-8 86752] R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-8 110816] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-18 33472] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-18 80888] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-7 45248] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-8 99912] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-3-12 325200] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-2-21 865824] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-12 13336] R2 IGBASVC;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2010-3-8 3456880] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-9 250368] R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-3-12 260640] R2 TolbarUpdater;Toolbar Updater;C:\Users\Sami\AppData\Local\Temp\ToolbarUpdater.exe [2013-3-1 508416] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-21 2314240] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-12 240160] R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\System32\drivers\FPSensor.sys [2011-9-15 36656] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-21 56344] R3 hidshim;Service for HID-KMDF Shim layer;C:\Windows\System32\drivers\hidshim.sys [2009-8-31 6656] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-12 75304] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 nuvotonhidcir;Nuvoton HID CIR Receiver;C:\Windows\System32\drivers\nuvotonhidcir.sys [2009-8-31 26624] R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2010-3-5 75624] R3 O2SDGRDR;O2SDGRDR;C:\Windows\System32\drivers\o2sdgx64.sys [2010-1-11 50976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-3-12 53800] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-12-15 48488] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2012-9-28 40320] S3 nuvotoncir;Nuvoton IR Transceiver;C:\Windows\System32\drivers\nuvotoncir.sys [2009-8-31 48128] S3 nuvotonir;Nuvoton CIR Transceiver;C:\Windows\System32\drivers\nuvotonir.sys [2009-8-31 68096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-16 59392] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-15 1255736] . =============== Created Last 30 ================ . 2013-03-08 20:36:49 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C0D49F0-9AF1-4B65-98C9-2B0FA976D34C}\mpengine.dll 2013-03-08 15:29:48 -------- d-----w- C:\Users\Sami\AppData\Roaming\Avira 2013-03-08 15:24:16 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2013-03-08 15:24:16 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2013-03-08 15:24:14 -------- d-----w- C:\ProgramData\Avira 2013-03-08 15:24:14 -------- d-----w- C:\Program Files (x86)\Avira 2013-03-07 19:20:58 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-07 00:14:36 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-03-07 00:14:36 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-03-06 12:43:20 -------- d-----w- C:\Program Files (x86)\NCH Software 2013-03-06 12:43:18 -------- d-----w- C:\Users\Sami\AppData\Roaming\NCH Software 2013-03-05 22:40:55 -------- d-----w- C:\Users\Sami\AppData\Roaming\Realore_Whiterra Adelantado2 2013-03-05 22:39:56 -------- d-----w- C:\Windows\Adelantado Trilogy Book Two 2013-03-05 22:37:21 -------- d-----w- C:\Windows\SysWow64\3045 2013-03-04 23:17:52 -------- d-----w- C:\Users\Sami\AppData\Roaming\realore_whiterra_adelantado_beta 2013-03-04 23:17:21 -------- d-----w- C:\Windows\Adelantado 2013-03-03 14:45:32 225280 ----a-w- C:\Users\Sami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe 2013-03-03 14:37:14 -------- d-----w- C:\Program Files (x86)\Infogrames Interactive 2013-03-02 22:27:05 -------- d-----w- C:\Users\Sami\AppData\Roaming\BlamGames 2013-03-02 22:09:31 -------- d-----w- C:\Windows\The Keepers 2 - The Order's Last Secret CE 2013-03-01 19:15:56 -------- d-----w- C:\Island Echo 2013-02-28 00:27:10 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-02-28 00:27:09 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-02-28 00:27:09 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-02-28 00:27:09 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-02-25 18:15:31 -------- d-----w- C:\Program Files (x86)\GOGcom 2013-02-24 19:22:02 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2013-02-24 19:21:32 -------- d-----w- C:\Windows\PCHEALTH 2013-02-24 19:21:32 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-02-24 19:15:44 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2013-02-24 19:15:10 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-02-24 19:09:56 -------- d-----w- C:\MS OFFICE 2013-02-23 22:52:10 -------- d-----w- C:\Users\Sami\AppData\Roaming\Liam games 2013-02-21 22:57:25 -------- d-----w- C:\Users\Sami\AppData\Roaming\DailyMagic 2013-02-21 22:57:25 -------- d-----w- C:\ProgramData\DailyMagic 2013-02-21 22:30:51 -------- d-----w- C:\Program Files\CCleaner 2013-02-21 22:30:17 -------- d-----w- C:\Windows\Sable Maze - Sullivan River Collector's Edition 2013-02-19 14:41:57 256000 ----a-w- C:\Users\Sami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe 2013-02-19 14:39:02 45568 ----a-w- C:\Windows\UniFish3.exe 2013-02-19 12:29:00 -------- d-----w- C:\Users\Sami\AppData\Roaming\Color Brush 2013-02-19 12:29:00 -------- d-----w- C:\ProgramData\Color Brush 2013-02-18 14:14:52 -------- d-----w- C:\Users\Sami\AppData\Local\GameHouse 2013-02-18 14:13:55 -------- d-----w- C:\Windows\Bejeweled 3 2013-02-18 14:13:55 -------- d-----w- C:\Program Files (x86)\Bejeweled 3 2013-02-18 13:12:38 -------- d-----w- C:\Bejeweled 3 (PC) 2013-02-17 16:52:27 -------- d-----w- C:\Users\Sami\AppData\Roaming\Playrix Entertainment 2013-02-17 09:40:11 -------- d-----w- C:\ProgramData\Playrix Entertainment 2013-02-17 07:33:01 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2013-02-17 07:33:01 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2013-02-17 07:33:01 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2013-02-17 07:33:00 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2013-02-17 07:30:49 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-02-16 19:17:49 -------- d-----w- C:\Windows\System32\SPReview 2013-02-16 19:16:41 -------- d-----w- C:\Windows\System32\EventProviders 2013-02-15 09:13:03 -------- d-s---w- C:\Users\Sami\Google Drive 2013-02-14 22:28:22 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 22:28:22 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 09:40:29 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-14 09:40:27 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-14 09:40:26 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-14 09:40:16 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-14 09:40:12 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-14 09:40:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-14 09:40:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-14 09:40:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-14 09:40:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-14 09:40:06 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-14 09:39:59 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-14 09:39:58 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2013-02-14 09:39:58 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-13 21:05:30 -------- d-----w- C:\Users\Sami\AppData\Roaming\PlayFavoriteGames 2013-02-13 20:45:54 -------- d-----w- C:\Windows\9 - The Dark Side Of Notre Dame Collector's Edition 2013-02-12 22:06:40 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-11 22:25:00 -------- d-----w- C:\ProgramData\AlawarEntertainment . ==================== Find3M ==================== . 2013-03-04 10:27:18 128512 ----a-w- C:\Windows\SysWow64\WinMonitor.exe 2013-03-04 10:27:15 17864381 ----a-w- C:\Windows\SysWow64\libs.exe 2013-02-28 08:36:33 71064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-02-28 08:36:33 1025880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-02-28 08:36:32 80888 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-02-28 08:36:07 41664 ----a-w- C:\Windows\avastSS.scr 2013-02-26 21:13:28 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 21:13:28 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-16 19:29:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2013-02-16 19:29:00 175616 ----a-w- C:\Windows\System32\msclmd.dll 2013-02-12 22:06:26 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-12 22:06:26 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-20 15:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 15:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-11 16:49:44 303616 ----a-w- C:\Windows\System32\drivers\atksgt.sys 2013-01-11 16:49:43 35328 ----a-w- C:\Windows\System32\drivers\lirsgt.sys 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-01 21:33:19 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll 2012-12-26 20:56:08 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-12-20 23:07:52 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll 2012-12-20 23:07:52 4572224 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS 2012-12-20 23:07:52 3906360 ----a-w- C:\Windows\System32\bcmihvsrv64.dll 2012-12-20 23:07:52 3572024 ----a-w- C:\Windows\System32\bcmihvui64.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 21:54:50.85 =============== Thank you!
  9. Thank you for all your help, Master. Hopefully we won't need to do this again!
  10. There is an update for Windows, but I can't install it. Husband is having the same problem on his clean machine.
  11. Results of screen317's Security Check version 0.99.41 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 31 Java version out of date! Adobe Reader 9 Adobe Reader out of date! Google Chrome 19.0.1084.52 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` I'm not getting redirected with Chrome, and no more unsafe signatures from websites. So something good is happening!
  12. I have no idea what has happened to formatting, sorry.
  13. <p> </p> <div>K, this is the log file, which didn't seem right.</div> <div> </div> <div> </div> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner64.ocx - registred OK</div> <div>OnlineScanner.ocx - registred OK</div> <div> </div> <div>And these are the results of the scan, which didn't save automatically. This looks more up your alley <img alt="" class="bbc_emoticon" src="http://forums.malwarebytes.org/public/style_emoticons/default/wink.png" title="" /></div> <div> </div> <div> <div>C:\FRST\Quarantine\{46aea556-3b27-4fe4-c5d6-735ab4da8640}\U\00000008.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Agent.BA trojan</div> <div>C:\FRST\Quarantine\{46aea556-3b27-4fe4-c5d6-735ab4da8640}\U\80000000.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AE trojan</div> <div>C:\FRST\Quarantine\{46aea556-3b27-4fe4-c5d6-735ab4da8640}\U\80000032.@<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/Sirefef.EU trojan</div> <div>C:\FRST\Quarantine\{46aea556-3b27-4fe4-c5d6-735ab4da8640}\U\80000064.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AE trojan</div> <div>C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AD trojan</div> <div>C:\Users\Sami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VKS0RCUE\71196[1].pdf<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.PFS.Gen trojan</div> <div>C:\Users\Sami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XAHK0JRA\1a67b[1].pdf<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.PFS.Gen trojan</div> <div>C:\Users\Sami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XAHK0JRA\2e2ab[1].pdf<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.PFS.Gen trojan</div> <div>C:\Users\Sami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XAHK0JRA\88f14[1].pdf<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.PFS.Gen trojan</div> <div>C:\Users\Sami\Downloads\dvdburning_1289.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallIQ application</div> <div> </div> </div> <div> </div> <div> </div> <div> </div>
  14. Just before CF log popped up, MBAM (which I thought I had disabled) opened with a warning. 2012/06/03 06:07:52 -0700 SAMI-HP Sami MESSAGE Starting protection 2012/06/03 06:08:01 -0700 SAMI-HP Sami MESSAGE Protection started successfully 2012/06/03 06:08:05 -0700 SAMI-HP Sami MESSAGE Starting IP protection 2012/06/03 06:08:05 -0700 SAMI-HP Sami ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/06/03 13:25:18 -0700 SAMI-HP Sami MESSAGE Starting protection 2012/06/03 13:25:23 -0700 SAMI-HP Sami MESSAGE Protection started successfully 2012/06/03 13:25:26 -0700 SAMI-HP Sami MESSAGE Starting IP protection 2012/06/03 13:25:26 -0700 SAMI-HP Sami ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2012/06/03 19:56:31 -0700 SAMI-HP Sami MESSAGE Starting protection 2012/06/03 19:56:34 -0700 SAMI-HP Sami MESSAGE Protection started successfully 2012/06/03 19:56:37 -0700 SAMI-HP Sami MESSAGE Starting IP protection 2012/06/03 19:56:42 -0700 SAMI-HP Sami MESSAGE IP Protection started successfully 2012/06/03 21:28:54 -0700 SAMI-HP Sami MESSAGE Starting protection 2012/06/03 21:28:58 -0700 SAMI-HP Sami MESSAGE Protection started successfully 2012/06/03 21:29:01 -0700 SAMI-HP Sami MESSAGE Starting IP protection 2012/06/03 21:29:05 -0700 SAMI-HP Sami MESSAGE IP Protection started successfully 2012/06/03 21:34:27 -0700 SAMI-HP Sami DETECTION C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Trojan.0access QUARANTINE Did I quarantine ComboFix?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.