Jump to content

BK_Malik

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by BK_Malik

  1. BK_Malik
    ComboFix 13-08-20.01 - Frys Electronics 08/20/2013 23:02:19.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5799.4321 [GMT -4:00] Running from: c:\users\Frys Electronics\Documents\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-07-21 to 2013-08-21 ))))))))))))))))))))))))))))))) . . 2013-08-21 03:10 . 2013-08-21 03:10 -------- d-----w- c:\users\Kiosk\AppData\Local\temp 2013-08-21 03:10 . 2013-08-21 03:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-20 03:29 . 2012-07-27 02:02 173504 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-08-20 03:26 . 2013-08-20 03:26 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-08-20 03:16 . 2013-08-20 03:16 -------- d-----w- c:\program files\HitmanPro 2013-08-20 03:15 . 2013-08-20 03:27 -------- d-----w- c:\programdata\HitmanPro 2013-08-20 03:04 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41F7C482-A59D-4CC6-B3EB-662DBA89CC48}\mpengine.dll 2013-08-20 02:55 . 2013-08-20 02:55 -------- d-----w- c:\windows\ERUNT 2013-08-19 06:04 . 2013-08-19 06:04 -------- d-----w- c:\program files\iPod 2013-08-19 06:04 . 2013-08-19 06:05 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-19 06:04 . 2013-08-19 06:05 -------- d-----w- c:\program files\iTunes 2013-08-19 06:04 . 2013-08-19 06:05 -------- d-----w- c:\program files (x86)\iTunes 2013-08-19 06:01 . 2013-08-19 06:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2013-08-19 06:01 . 2013-08-19 06:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2013-08-19 06:01 . 2013-08-19 06:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2013-08-19 06:01 . 2013-08-19 06:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2013-08-19 06:01 . 2013-08-19 06:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2013-08-19 06:01 . 2013-08-19 06:01 -------- d-----w- c:\program files (x86)\QuickTime 2013-08-19 01:39 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-15 01:00 . 2007-12-14 02:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll 2013-08-15 01:00 . 2007-12-14 02:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll 2013-08-15 01:00 . 2007-12-14 02:16 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll 2013-08-15 01:00 . 2006-12-28 17:39 176128 ------w- c:\windows\SysWow64\BroSNMP.dll 2013-08-15 00:47 . 2013-08-15 00:47 -------- d-----w- c:\program files\Unlocker 2013-08-15 00:04 . 2013-07-16 09:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E40B126E-1ADF-4C0E-90AC-084771C4BFD5}\gapaengine.dll 2013-08-15 00:00 . 2013-08-15 00:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-08-15 00:00 . 2013-08-15 00:00 -------- d-----w- c:\program files\Microsoft Security Client 2013-08-14 07:16 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll 2013-08-14 07:16 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll 2013-08-14 07:02 . 2013-08-14 07:05 -------- d-----w- c:\windows\system32\MRT 2013-08-14 06:34 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 06:34 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 06:34 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-14 06:34 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-08-14 06:34 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-14 06:34 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 06:34 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 06:34 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-08-14 06:31 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-12 04:52 . 2013-08-12 04:52 29184 ----a-r- c:\users\Frys Electronics\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe 2013-08-12 04:24 . 2013-08-12 04:24 -------- d-----w- c:\users\Frys Electronics\AppData\Roaming\FSC 2013-07-26 03:23 . 2013-08-05 03:52 -------- d-----w- c:\program files (x86)\AnvSoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-14 07:02 . 2012-10-03 07:38 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-25 03:19 . 2012-10-01 02:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-25 03:19 . 2011-08-30 11:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-09 04:45 . 2013-08-14 06:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-02 13:27 . 2013-07-02 13:27 97176 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll 2013-07-02 07:03 . 2013-07-02 07:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-07-02 07:03 . 2013-07-02 07:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-07-02 07:03 . 2013-07-02 07:03 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-07-02 07:03 . 2013-07-02 07:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-07-02 07:03 . 2013-07-02 07:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-07-02 07:03 . 2013-07-02 07:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-07-02 07:03 . 2013-07-02 07:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-07-02 07:03 . 2013-07-02 07:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-07-02 07:03 . 2013-07-02 07:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-07-02 07:03 . 2013-07-02 07:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-07-02 07:03 . 2013-07-02 07:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-07-02 07:03 . 2013-07-02 07:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-07-02 07:03 . 2013-07-02 07:03 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-07-02 07:03 . 2013-07-02 07:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-07-02 07:03 . 2013-07-02 07:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-07-02 07:03 . 2013-07-02 07:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-07-02 07:03 . 2013-07-02 07:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-07-02 07:03 . 2013-07-02 07:03 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-07-02 07:03 . 2013-07-02 07:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-07-02 07:03 . 2013-07-02 07:03 81408 ----a-w- c:\windows\system32\icardie.dll 2013-07-02 07:03 . 2013-07-02 07:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-07-02 07:03 . 2013-07-02 07:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-07-02 07:03 . 2013-07-02 07:03 441856 ----a-w- c:\windows\system32\html.iec 2013-07-02 07:03 . 2013-07-02 07:03 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-07-02 07:03 . 2013-07-02 07:03 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-02 07:03 . 2013-07-02 07:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-07-02 07:03 . 2013-07-02 07:03 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-07-02 07:03 . 2013-07-02 07:03 235008 ----a-w- c:\windows\system32\url.dll 2013-07-02 07:03 . 2013-07-02 07:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-07-02 07:03 . 2013-07-02 07:03 216064 ----a-w- c:\windows\system32\msls31.dll 2013-07-02 07:03 . 2013-07-02 07:03 197120 ----a-w- c:\windows\system32\msrating.dll 2013-07-02 07:03 . 2013-07-02 07:03 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-07-02 07:03 . 2013-07-02 07:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-07-02 07:03 . 2013-07-02 07:03 144896 ----a-w- c:\windows\system32\wextract.exe 2013-07-02 07:03 . 2013-07-02 07:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-07-02 07:03 . 2013-07-02 07:03 102912 ----a-w- c:\windows\system32\inseng.dll 2013-07-02 07:03 . 2013-07-02 07:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-07-02 07:03 . 2013-07-02 07:03 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-07-02 07:03 . 2013-07-02 07:03 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-07-02 07:03 . 2013-07-02 07:03 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-07-02 07:03 . 2013-07-02 07:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-07-02 07:03 . 2013-07-02 07:03 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-07-02 07:03 . 2013-07-02 07:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-07-02 07:03 . 2013-07-02 07:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-07-02 07:03 . 2013-07-02 07:03 149504 ----a-w- c:\windows\system32\occache.dll 2013-07-02 07:03 . 2013-07-02 07:03 13824 ----a-w- c:\windows\system32\mshta.exe 2013-07-02 07:03 . 2013-07-02 07:03 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-07-02 07:03 . 2013-07-02 07:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-07-02 07:03 . 2013-07-02 07:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-06-28 07:40 . 2013-06-28 07:40 101184 ----a-w- c:\windows\system32\stkMonitor.dll 2013-06-25 06:00 . 2013-06-25 06:00 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-25 06:00 . 2012-10-21 07:34 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-25 06:00 . 2012-10-21 07:34 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-25 03:10 . 2012-12-17 00:21 82816 ----a-w- c:\users\Frys Electronics\AppData\Roaming\pcouffin.sys 2013-06-21 18:00 . 2013-06-30 04:44 127488 ----a-w- c:\windows\system32\ff_vfw.dll 2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-19 01:50 . 2013-06-19 01:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-06-05 03:34 . 2013-07-10 02:24 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 02:24 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 02:24 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-31 18:00 . 2013-06-30 04:43 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2009-09-27 13:39 369152 --sh--w- c:\windows\SysWOW64\avisynth.dll 2005-07-14 16:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll 2004-02-22 14:11 719872 --sh--w- c:\windows\SysWOW64\devil.dll 2004-01-25 04:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll 2004-01-25 04:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-10-03 23:14 220632 ----a-w- c:\users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-10-03 23:14 220632 ----a-w- c:\users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-10-03 23:14 220632 ----a-w- c:\users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2012-08-29 95744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640] "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . c:\users\Frys Electronics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808] eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2012-8-29 656896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x] R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x] R3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys;c:\windows\SYSNATIVE\drivers\CxPlrCap.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x] S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 03:19] . 2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25 03:40] . 2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25 03:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-10-03 23:14 244696 ----a-w- c:\users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-10-03 23:14 244696 ----a-w- c:\users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-10-03 23:14 244696 ----a-w- c:\users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2013-05-07 2794496] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: $talisma_url$ TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - yahoo.com FF - prefs.js: network.proxy.ftp - 31.3.250.54 FF - prefs.js: network.proxy.ftp_port - 6666 FF - prefs.js: network.proxy.http - 31.3.250.54 FF - prefs.js: network.proxy.http_port - 6666 FF - prefs.js: network.proxy.socks - 31.3.250.54 FF - prefs.js: network.proxy.socks_port - 6666 FF - prefs.js: network.proxy.ssl - 31.3.250.54 FF - prefs.js: network.proxy.ssl_port - 6666 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-06-30 05:51; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: 2013-07-06 02:31; SkipScreen@SkipScreen; c:\users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\extensions\SkipScreen@SkipScreen.xpi FF - ExtSQL: 2013-07-13 07:42; stealthyextension@gmail.com; c:\users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\extensions\stealthyextension@gmail.com.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-20 23:24:10 ComboFix-quarantined-files.txt 2013-08-21 03:24 ComboFix2.txt 2013-08-20 23:28 . Pre-Run: 1,355,356,803,072 bytes free Post-Run: 1,355,283,697,664 bytes free . - - End Of File - - 5DD1525A98BD8435F7DF4902DCEB282E
  2. BK_Malik
    Gringo, I'm going to need restart and run MBAM after Combofix is done to see if the infection is gone. Is this alright? I'm at work right now but I'll run Combofix when I get back home. Does it take a long time to run?
  3. BK_Malik
    Prior to this post when I ran Adware Cleaner and JRT I restarted both times and ran MBAM and both times the pup. infection came back.
  4. BK_Malik
    Hey Gringo, Just an FYI, I already ran both of these tools yesterday and as soon as I restarted the infection came back both times... # AdwCleaner v2.306 - Logfile created 08/20/2013 at 07:14:50 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Frys Electronics - THEHASSANFAMILY # Boot Mode : Normal # Running from : C:\Users\Frys Electronics\Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Frys Electronics\AppData\Local\Bundled software uninstaller Folder Deleted : C:\Users\Frys Electronics\AppData\Local\FilesFrog Update Checker Folder Deleted : C:\Users\Frys Electronics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker ***** [Registry] ***** Key Deleted : HKCU\Software\BI Key Deleted : HKCU\Software\Somoto Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [sDP] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16660 [OK] Registry is clean. -\\ Mozilla Firefox v23.0.1 (en-US) File : C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\prefs.js C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\user.js ... Deleted ! -\\ Google Chrome v [unable to get version] File : C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R10].txt - [3987 octets] - [19/08/2013 22:50:44] AdwCleaner[R11].txt - [1919 octets] - [20/08/2013 07:13:24] AdwCleaner[R9].txt - [3925 octets] - [19/08/2013 22:49:35] AdwCleaner[s7].txt - [3975 octets] - [19/08/2013 22:51:21] AdwCleaner[s8].txt - [1976 octets] - [20/08/2013 07:14:50] ########## EOF - C:\AdwCleaner[s8].txt - [2036 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.1 (08.19.2013:1) OS: Windows 7 Home Premium x64 Ran by Frys Electronics on Tue 08/20/2013 at 7:22:44.54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Frys Electronics\AppData\Roaming\mozilla\firefox\profiles\5z5oduer.default\minidumps [407 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/20/2013 at 7:29:12.81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. BK_Malik
    Every time that I restart and scan I get a set of pup. malware that reinstalls. Can you please help me remove it, Here are my logs: dds DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2 Run by Frys Electronics at 3:35:43 on 2013-08-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5799.3776 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Motive\pcCMService.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\ATT-SST\pcTrayApp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe C:\Users\Frys Electronics\AppData\Local\FilesFrog Update Checker\update_checker.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R uRun: [sDP] C:\Users\Frys Electronics\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} StartupFolder: C:\Users\FRYSEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\FRYSEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 Trusted Zone: $talisma_url$ TCP: NameServer = 192.168.1.254 TCP: Interfaces\{ED5E580A-AB82-4938-AE33-0B005A19ABCC} : DHCPNameServer = 192.168.1.254 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~2\citrix\icacli~1\rshook.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned> x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - yahoo.com FF - prefs.js: network.proxy.ftp - 31.3.250.54 FF - prefs.js: network.proxy.ftp_port - 6666 FF - prefs.js: network.proxy.http - 31.3.250.54 FF - prefs.js: network.proxy.http_port - 6666 FF - prefs.js: network.proxy.socks - 31.3.250.54 FF - prefs.js: network.proxy.socks_port - 6666 FF - prefs.js: network.proxy.ssl - 31.3.250.54 FF - prefs.js: network.proxy.ssl_port - 6666 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Common Files\supportsoft\bin\nptgctlsi.dll FF - plugin: C:\Program Files (x86)\Common Files\supportsoft\bin\nptgctlsr.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-30 05:51; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: 2013-07-06 02:31; SkipScreen@SkipScreen; C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\extensions\SkipScreen@SkipScreen.xpi FF - ExtSQL: 2013-07-13 07:42; stealthyextension@gmail.com; C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\extensions\stealthyextension@gmail.com.xpi . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-8-30 282704] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-30 22648] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-30 20520] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-30 62776] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984] R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624] R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424] R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-6-30 101888] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-8-19 109352] R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-30 255376] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-30 701512] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-2-27 369152] R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-2-27 460288] R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-2-27 342528] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-10-3 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-8-30 54784] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-30 77696] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-30 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-30 533096] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-12-25 33872] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2013-5-28 31968] S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-12-3 95344] S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-12-3 21872] S3 CXPLRCAP;Capture Device;C:\Windows\System32\drivers\CxPlrCap.sys [2010-1-6 235904] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-16 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-16 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-3 1255736] . =============== Created Last 30 ================ . 2013-08-20 03:29:31 173504 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2013-08-20 03:26:30 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-08-20 03:16:18 -------- d-----w- C:\Program Files\HitmanPro 2013-08-20 03:15:11 -------- d-----w- C:\ProgramData\HitmanPro 2013-08-20 03:11:29 -------- d-----w- C:\Users\Frys Electronics\AppData\Local\Bundled software uninstaller 2013-08-20 03:10:47 -------- d-----w- C:\Users\Frys Electronics\AppData\Local\FilesFrog Update Checker 2013-08-20 03:04:08 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41F7C482-A59D-4CC6-B3EB-662DBA89CC48}\mpengine.dll 2013-08-20 02:55:38 -------- d-----w- C:\Windows\ERUNT 2013-08-19 06:04:48 -------- d-----w- C:\Program Files\iPod 2013-08-19 06:04:47 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-19 06:04:47 -------- d-----w- C:\Program Files\iTunes 2013-08-19 06:04:47 -------- d-----w- C:\Program Files (x86)\iTunes 2013-08-19 06:01:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll 2013-08-19 06:01:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll 2013-08-19 06:01:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2013-08-19 06:01:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll 2013-08-19 06:01:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll 2013-08-19 01:39:04 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-15 01:00:38 5120 ------w- C:\Windows\SysWow64\BrDctF2L.dll 2013-08-15 01:00:37 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll 2013-08-15 01:00:37 3072 ------w- C:\Windows\SysWow64\BrDctF2S.dll 2013-08-15 01:00:37 176128 ------w- C:\Windows\SysWow64\BroSNMP.dll 2013-08-15 00:47:02 -------- d-----w- C:\Program Files\Unlocker 2013-08-15 00:04:46 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E40B126E-1ADF-4C0E-90AC-084771C4BFD5}\gapaengine.dll 2013-08-15 00:00:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-08-15 00:00:51 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-08-14 07:02:47 -------- d-----w- C:\Windows\System32\MRT 2013-08-14 06:34:01 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-08-14 06:34:01 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-08-14 06:34:01 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-08-14 06:34:01 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-08-14 06:34:01 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-08-14 06:34:00 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-08-14 06:34:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-08-14 06:34:00 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-08-14 06:31:19 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-12 04:52:26 29184 ----a-r- C:\Users\Frys Electronics\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe 2013-08-12 04:24:38 -------- d-----w- C:\Users\Frys Electronics\AppData\Roaming\FSC 2013-07-26 03:23:20 -------- d-----w- C:\Program Files (x86)\AnvSoft . ==================== Find3M ==================== . 2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-25 03:19:08 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-25 03:19:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-07-02 13:27:51 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll 2013-06-28 07:40:55 101184 ----a-w- C:\Windows\System32\stkMonitor.dll 2013-06-25 06:00:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-25 06:00:48 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-25 06:00:48 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-25 03:10:46 99384 ----a-w- C:\Users\Frys Electronics\AppData\Roaming\inst.exe 2013-06-25 03:10:46 82816 ----a-w- C:\Users\Frys Electronics\AppData\Roaming\pcouffin.sys 2013-06-21 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll 2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-05-31 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2009-09-27 13:39:26 369152 --sh--w- C:\Windows\SysWOW64\avisynth.dll 2005-07-14 16:31:20 32256 --sh--w- C:\Windows\SysWOW64\AVSredirect.dll 2004-02-22 14:11:08 719872 --sh--w- C:\Windows\SysWOW64\devil.dll 2004-01-25 04:00:00 70656 --sh--w- C:\Windows\SysWOW64\i420vfw.dll 2004-01-25 04:00:00 70656 --sh--w- C:\Windows\SysWOW64\yv12vfw.dll . ============= FINISH: 3:38:10.36 =============== attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 5/9/2012 10:35:54 PM System Uptime: 8/20/2013 3:32:11 AM (0 hours ago) . Motherboard: Acer | | Aspire M3450 Processor: AMD FX-4100 Quad-Core Processor | CPU 1 | 3276/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 1380 GiB total, 1262.949 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 396.984 GiB free. H: is Removable I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP407: 8/20/2013 2:32:12 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . clear.fi "Nero SoundTrax Help 7-Zip 9.20 AC3Filter 2.6.0b Acer eRecovery Management Acer Registration Acer ScreenSaver Acer System Information Acer Updater Add/Remove Pro (Freeware) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Adobe Shockwave Player 11.6 Advertising Center Amazon MP3 Downloader 1.0.17 Amazon Send to Kindle AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Any Audio Converter 4.0.1 Any Video Converter 5.0.8 AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update AT&T Quick Fix Client AT&T Troubleshoot & Resolve Tool ATI AVIVO64 Codecs Bonjour Brother MFL-Pro Suite MFC-490CW Bundled software uninstaller Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Citrix Authentication Manager Citrix Receiver Citrix Receiver (HDX Flash Redirection) Citrix Receiver Inside Citrix Receiver Updater Citrix Receiver(Aero) Citrix Receiver(DV) Citrix Receiver(USB) clear.fi clear.fi Client ConvertXtoDVD 4.1.20.0 D3DX10 Daum PotPlayer 1.5.34665 x64 Edition DivX Setup DolbyFiles Dropbox DVD Audio Extractor 7.1.1 eFax Messenger Etron USB3.0 Host Controller Evernote v. 4.5.1 FilesFrog Update Checker Free M4a to MP3 Converter 8.0 Freemake Audio Converter version 1.1.0 Galerie de photos Google Update Helper HitmanPro 3.7 Hotkey Utility Identity Card ImagXpress ImgBurn iPhoneBrowser iTunes Java 7 Update 25 Java Auto Updater Junk Mail filter update K-Lite Codec Pack 9.9.9 (64-bit) K-Lite Mega Codec Pack 9.9.5 LockHunter 2.0 beta 2, 64 bit Malwarebytes Anti-Malware version 1.75.0.1300 Menu Templates - Starter Kit Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office Click-to-Run 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Starter 2010 - English Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 mkv2vob Movie Maker Movie Templates - Starter Kit Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service MP3 Repair Tool v1.5.2 MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker MyWinLocker 4 MyWinLocker Suite Nero 9 Nero BurningROM Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Nero InfoTool Nero Installer Nero Live Nero Live Help Nero Mega Plugin Pack Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress neroxml NOOK for PC Norton Online Backup Online Plug-in Photo Common Photo Gallery QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Revo Uninstaller 1.95 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Self-service Plug-in Should I Remove It Shredder Skype™ 5.10 SoundTrax StreamTransport version: 1.0.2.2171 swMSM TagScanner 5.1.637 Times Reader Unlocker 1.9.2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VC80CRTRedist - 8.0.50727.6195 VLC media player 2.0.7 VobSub v2.23 (Remove Only) VSO ConvertXToDVD Welcome Center Windows 7 USB/DVD Download Tool Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.2 WinRAR 4.20 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 8/20/2013 3:31:28 AM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). 8/20/2013 12:29:27 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 8/20/2013 1:38:29 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 8/19/2013 11:52:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 8/19/2013 11:52:54 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/19/2013 11:52:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/19/2013 11:52:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 8/19/2013 11:52:52 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 8/19/2013 11:43:36 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 8/19/2013 11:31:11 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.