My pc recently started playing commercial audio ads, I've run malwarebytes, tdsskiller, spybot, combofix, adwcleaner, roguecleaner, hijackthis, and I still have the random audio. I'm not sure how to proceed from here, really don't want to reinstall windows 7, so if anyone can give me some steps I would greatly appreciate it!
Inactive PC plays random audio ads, tried numerous scanners, HELP!
- Thread starter joseph1981
- Start date
- Status
Broni
Posts: 56,041 +516
Welcome aboard
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
===================================
Never run Combofix on your own!
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
===================================
Never run Combofix on your own!
Here is my malwarebytes log:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.03.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
joey :: JOEY-PC [administrator]
Protection: Disabled
1/2/2014 11:55:49 PM
mbam-log-2014-01-02 (23-55-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212262
Time elapsed: 2 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS log files:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.45.2
Run by joey at 23:59:41 on 2014-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8155.4452 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\joey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\sppsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\joey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\joey\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{05458BD2-4B11-43CE-A13F-6F0D3332ACDA} : NameServer = 209.18.47.61,209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-2 207904]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-11-6 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-6 16152]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-11-6 17192]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-2 1034464]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-21 283064]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-11-6 16648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-2 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-2 50344]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-2 1042272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-6 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-6 788760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-19 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-11-6 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-6 565352]
RUnknown axhqnshm;axhqnshm; [x]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-2 65776]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-2 422216]
S1 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-11-6 647736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-19 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-19 701512]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-2 3921880]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-6 1255736]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-11-6 34752]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-6 14904]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
S4 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-6 129856]
S4 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-11-6 166720]
S4 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2013-12-15 20608]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-6 365344]
.
=============== Created Last 30 ================
.
2014-01-03 04:51:22 -------- d-----w- C:\Users\joey\AppData\Roaming\AVAST Software
2014-01-03 04:50:57 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-03 04:50:56 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-03 04:50:55 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-03 04:50:50 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-03 04:50:36 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-03 04:50:14 -------- d-----w- C:\Program Files\AVAST Software
2014-01-03 04:48:53 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-03 03:41:56 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-03 03:36:06 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-03 02:49:56 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-03 02:45:59 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys.bak
2014-01-03 02:29:22 -------- d-----w- C:\AdwCleaner
2014-01-03 02:22:32 98816 ----a-w- C:\Windows\sed.exe
2014-01-03 02:22:32 256000 ----a-w- C:\Windows\PEV.exe
2014-01-03 02:22:32 208896 ----a-w- C:\Windows\MBR.exe
2014-01-03 02:15:45 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-03 02:15:42 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31C8C9F7-4C4E-4BB3-9CF0-502E855F65DD}\mpengine.dll
2014-01-03 02:09:17 388096 ----a-r- C:\Users\joey\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-03 02:09:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-01-03 01:34:45 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-01-03 01:34:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-01-03 01:34:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-03 01:01:31 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-01-03 00:58:26 -------- d-----w- C:\Program Files\AMD
2013-12-31 03:10:25 -------- d-----w- C:\Users\joey\AppData\Roaming\.minecraft
2013-12-31 02:52:48 -------- d-----w- C:\Users\joey\AppData\Roaming\.technic
2013-12-31 02:51:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-30 12:46:42 -------- d-----w- C:\Users\joey\AppData\Roaming\ooVoo Details
2013-12-29 08:08:38 -------- d-----w- C:\Users\joey\AppData\Roaming\NVIDIA
2013-12-29 07:59:20 -------- d-----w- C:\ProgramData\Oracle
2013-12-20 00:54:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-20 00:54:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-20 00:48:22 -------- d-----w- C:\Users\joey\AppData\Roaming\Malwarebytes
2013-12-20 00:48:17 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-15 18:03:35 -------- d-----w- C:\Users\joey\AppData\Roaming\RadeonPro
2013-12-15 18:01:43 -------- d-----w- C:\Program Files (x86)\RadeonPro
2013-12-15 17:37:36 -------- d-----w- C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2013-12-15 16:33:31 -------- d-----w- C:\Program Files (x86)\GOG.com
2013-12-15 14:59:23 -------- d-----w- C:\Program Files\CCleaner
2013-12-14 17:22:26 -------- d-----w- C:\BOSS
2013-12-11 12:08:41 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-11 12:08:40 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-11 12:08:40 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-11 12:08:40 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-10 00:07:06 -------- d-----w- C:\Windows\AutoKMS
2013-12-10 00:06:14 -------- d-----w- C:\ProgramData\Microsoft Toolkit
2013-12-09 23:56:38 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2013-12-09 23:56:17 -------- d-----w- C:\Windows\PCHEALTH
2013-12-09 23:56:17 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-12-09 23:54:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-12-09 23:53:44 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-12-09 23:53:44 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-12-09 23:52:27 -------- d-----w- C:\Users\joey\AppData\Local\Microsoft Help
2013-12-09 22:58:17 -------- d-----w- C:\Th.Eld3r.Scr0lls.V.Skyr1m.Update.13
2013-12-08 17:42:19 -------- d-----w- C:\Users\joey\AppData\Local\Skyrim
2013-12-08 17:41:08 -------- d-----w- C:\Users\joey\AppData\Local\Black_Tree_Gaming
2013-12-08 17:22:33 -------- d-----w- C:\Program Files\Nexus Mod Manager
2013-12-07 20:41:07 -------- d-----w- C:\Users\joey\AppData\Roaming\ImTOO
2013-12-07 20:36:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-07 02:11:15 -------- d-----w- C:\Users\joey\AppData\Roaming\Xilisoft
2013-12-06 22:08:46 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-12-06 22:08:22 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-12-06 21:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:54 96256 ----a-w- C:\Windows\System32\amdave64.dll
2013-12-06 20:22:48 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:38 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-12-06 20:22:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
.
==================== Find3M ====================
.
2014-01-03 00:39:42 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-12-11 01:17:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 01:17:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-11-26 17:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-21 23:18:27 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-11-15 15:46:08 0 ----a-w- C:\Windows\ativpsrm.bin
2013-11-09 04:38:38 200704 ----a-w- C:\Windows\SysWow64\clinfo.exe
2013-11-07 03:13:05 16648 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2013-10-08 13:39:10 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-10-08 13:39:10 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-10-08 13:39:08 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-10-08 13:39:08 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
.
============= FINISH: 0:00:10.41 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2013 12:54:20 PM
System Uptime: 1/2/2014 11:15:04 PM (1 hours ago)
.
Motherboard: ASRock | | Z75 Pro3
Processor: Intel(R) Core(TM) i5-2550K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 4.705 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 39.313 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 508.588 GiB free.
F: is CDROM (UDF)
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: msahci
Device ID: ROOT\LEGACY_MSAHCI\0000
Manufacturer:
Name: msahci
PNP Device ID: ROOT\LEGACY_MSAHCI\0000
Service: msahci
.
==== System Restore Points ===================
.
RP58: 1/2/2014 11:49:45 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
abgx360 v1.0.6
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
AMD Accelerated Video Transcoding
AMD APP SDK 2.9
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
ASRock App Charger v1.0.6
ASRock InstantBoot v1.29
ASRock RapidStart v1.0.6
ASRock SmartConnect v1.0.6
avast! Free Antivirus
Battlefield 4 Update 2
Battlefield 4™
Battlelog Web Plugins
BitTorrent
BOSS
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CPUID CPU-Z 1.67
CPUID HWMonitor 1.24
DAEMON Tools Lite
DMUninstaller
Dropbox
ESN Sonar
GetFoldersize 2.5.24
Google Chrome
Google Update Helper
HiJackThis
ImgBurn
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iwdfix
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Application Compatibility Toolkit 5.6
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Xbox 360 Accessories 1.2
Minecraft1.7.2
MSI Afterburner 2.3.1
Neverwinter Nights Diamond Edition
Nexus Mod Manager
Outlast
PFPortChecker 1.0.39
Portforward Static IP Address 1.0.47
RadeonPro 1.0 (Build 1.1.1.0)
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Sapphire TRIXX
Shadow Warrior
Spybot - Search & Destroy
TechPowerUp GPU-Z
VLC media player 2.1.2
WinRAR 5.00 (32-bit)
XFast LAN v6.61
XFastUSB
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
12/28/2013 8:43:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/2/2014 9:25:48 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/2/2014 7:32:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
1/2/2014 7:32:04 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 7:32:04 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 5:23:58 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
1/2/2014 5:18:56 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
1/2/2014 5:18:56 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 2:12:24 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
1/2/2014 2:07:12 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/2/2014 2:07:12 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/2/2014 11:21:19 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/2/2014 11:17:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStorA iaStorV msahci
1/2/2014 11:17:02 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
1/2/2014 11:16:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
1/2/2014 11:16:48 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2014 11:16:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
1/2/2014 11:16:10 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2014 11:03:08 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
1/2/2014 10:34:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/2/2014 10:17:42 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024809
1/2/2014 10:17:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024809
1/2/2014 10:17:27 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/2/2014 10:16:00 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/2/2014 10:07:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/2/2014 10:07:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/2/2014 10:07:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/2/2014 10:07:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/2/2014 10:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/2/2014 10:07:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsrAppCharger cFosSpeed DfsC discache iaStorA iaStorV msahci NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2014 5:12:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RadeonPro Support Service service to connect.
1/1/2014 5:12:14 PM, Error: Service Control Manager [7000] - The RadeonPro Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/1/2014 2:43:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
1/1/2014 1:58:10 AM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x800706bf'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/1/2014 1:57:59 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid.
1/1/2014 1:11:11 AM, Error: Service Control Manager [7023] - The Intel(R) Management and Security Application User Notification Service service terminated with the following error: %%-2147221165
1/1/2014 1:11:05 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
.
==== End Of File ===========================
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.03.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
joey :: JOEY-PC [administrator]
Protection: Disabled
1/2/2014 11:55:49 PM
mbam-log-2014-01-02 (23-55-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212262
Time elapsed: 2 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS log files:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.45.2
Run by joey at 23:59:41 on 2014-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8155.4452 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\joey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\sppsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\joey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\joey\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{05458BD2-4B11-43CE-A13F-6F0D3332ACDA} : NameServer = 209.18.47.61,209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-2 207904]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-11-6 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-6 16152]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-11-6 17192]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-2 1034464]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-21 283064]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-11-6 16648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-2 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-2 50344]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-2 1042272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-6 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-6 788760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-19 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-11-6 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-6 565352]
RUnknown axhqnshm;axhqnshm; [x]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-2 65776]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-2 422216]
S1 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-11-6 647736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-19 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-19 701512]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-2 3921880]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-6 1255736]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-11-6 34752]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-6 14904]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
S4 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-6 129856]
S4 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-11-6 166720]
S4 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2013-12-15 20608]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-6 365344]
.
=============== Created Last 30 ================
.
2014-01-03 04:51:22 -------- d-----w- C:\Users\joey\AppData\Roaming\AVAST Software
2014-01-03 04:50:57 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-03 04:50:56 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-03 04:50:55 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-03 04:50:50 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-03 04:50:36 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-03 04:50:14 -------- d-----w- C:\Program Files\AVAST Software
2014-01-03 04:48:53 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-03 03:41:56 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-03 03:36:06 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-03 02:49:56 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-03 02:45:59 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys.bak
2014-01-03 02:29:22 -------- d-----w- C:\AdwCleaner
2014-01-03 02:22:32 98816 ----a-w- C:\Windows\sed.exe
2014-01-03 02:22:32 256000 ----a-w- C:\Windows\PEV.exe
2014-01-03 02:22:32 208896 ----a-w- C:\Windows\MBR.exe
2014-01-03 02:15:45 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-03 02:15:42 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31C8C9F7-4C4E-4BB3-9CF0-502E855F65DD}\mpengine.dll
2014-01-03 02:09:17 388096 ----a-r- C:\Users\joey\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-03 02:09:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-01-03 01:34:45 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-01-03 01:34:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-01-03 01:34:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-03 01:01:31 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-01-03 00:58:26 -------- d-----w- C:\Program Files\AMD
2013-12-31 03:10:25 -------- d-----w- C:\Users\joey\AppData\Roaming\.minecraft
2013-12-31 02:52:48 -------- d-----w- C:\Users\joey\AppData\Roaming\.technic
2013-12-31 02:51:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-30 12:46:42 -------- d-----w- C:\Users\joey\AppData\Roaming\ooVoo Details
2013-12-29 08:08:38 -------- d-----w- C:\Users\joey\AppData\Roaming\NVIDIA
2013-12-29 07:59:20 -------- d-----w- C:\ProgramData\Oracle
2013-12-20 00:54:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-20 00:54:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-20 00:48:22 -------- d-----w- C:\Users\joey\AppData\Roaming\Malwarebytes
2013-12-20 00:48:17 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-15 18:03:35 -------- d-----w- C:\Users\joey\AppData\Roaming\RadeonPro
2013-12-15 18:01:43 -------- d-----w- C:\Program Files (x86)\RadeonPro
2013-12-15 17:37:36 -------- d-----w- C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2013-12-15 16:33:31 -------- d-----w- C:\Program Files (x86)\GOG.com
2013-12-15 14:59:23 -------- d-----w- C:\Program Files\CCleaner
2013-12-14 17:22:26 -------- d-----w- C:\BOSS
2013-12-11 12:08:41 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-11 12:08:40 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-11 12:08:40 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-11 12:08:40 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-10 00:07:06 -------- d-----w- C:\Windows\AutoKMS
2013-12-10 00:06:14 -------- d-----w- C:\ProgramData\Microsoft Toolkit
2013-12-09 23:56:38 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2013-12-09 23:56:17 -------- d-----w- C:\Windows\PCHEALTH
2013-12-09 23:56:17 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-12-09 23:54:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-12-09 23:53:44 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-12-09 23:53:44 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-12-09 23:52:27 -------- d-----w- C:\Users\joey\AppData\Local\Microsoft Help
2013-12-09 22:58:17 -------- d-----w- C:\Th.Eld3r.Scr0lls.V.Skyr1m.Update.13
2013-12-08 17:42:19 -------- d-----w- C:\Users\joey\AppData\Local\Skyrim
2013-12-08 17:41:08 -------- d-----w- C:\Users\joey\AppData\Local\Black_Tree_Gaming
2013-12-08 17:22:33 -------- d-----w- C:\Program Files\Nexus Mod Manager
2013-12-07 20:41:07 -------- d-----w- C:\Users\joey\AppData\Roaming\ImTOO
2013-12-07 20:36:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-07 02:11:15 -------- d-----w- C:\Users\joey\AppData\Roaming\Xilisoft
2013-12-06 22:08:46 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-12-06 22:08:22 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-12-06 21:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:54 96256 ----a-w- C:\Windows\System32\amdave64.dll
2013-12-06 20:22:48 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:38 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-12-06 20:22:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
.
==================== Find3M ====================
.
2014-01-03 00:39:42 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-12-11 01:17:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 01:17:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-11-26 17:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-21 23:18:27 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-11-15 15:46:08 0 ----a-w- C:\Windows\ativpsrm.bin
2013-11-09 04:38:38 200704 ----a-w- C:\Windows\SysWow64\clinfo.exe
2013-11-07 03:13:05 16648 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2013-10-08 13:39:10 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-10-08 13:39:10 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-10-08 13:39:08 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-10-08 13:39:08 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
.
============= FINISH: 0:00:10.41 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2013 12:54:20 PM
System Uptime: 1/2/2014 11:15:04 PM (1 hours ago)
.
Motherboard: ASRock | | Z75 Pro3
Processor: Intel(R) Core(TM) i5-2550K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 4.705 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 39.313 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 508.588 GiB free.
F: is CDROM (UDF)
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: msahci
Device ID: ROOT\LEGACY_MSAHCI\0000
Manufacturer:
Name: msahci
PNP Device ID: ROOT\LEGACY_MSAHCI\0000
Service: msahci
.
==== System Restore Points ===================
.
RP58: 1/2/2014 11:49:45 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
abgx360 v1.0.6
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
AMD Accelerated Video Transcoding
AMD APP SDK 2.9
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
ASRock App Charger v1.0.6
ASRock InstantBoot v1.29
ASRock RapidStart v1.0.6
ASRock SmartConnect v1.0.6
avast! Free Antivirus
Battlefield 4 Update 2
Battlefield 4™
Battlelog Web Plugins
BitTorrent
BOSS
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CPUID CPU-Z 1.67
CPUID HWMonitor 1.24
DAEMON Tools Lite
DMUninstaller
Dropbox
ESN Sonar
GetFoldersize 2.5.24
Google Chrome
Google Update Helper
HiJackThis
ImgBurn
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iwdfix
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Application Compatibility Toolkit 5.6
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Xbox 360 Accessories 1.2
Minecraft1.7.2
MSI Afterburner 2.3.1
Neverwinter Nights Diamond Edition
Nexus Mod Manager
Outlast
PFPortChecker 1.0.39
Portforward Static IP Address 1.0.47
RadeonPro 1.0 (Build 1.1.1.0)
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Sapphire TRIXX
Shadow Warrior
Spybot - Search & Destroy
TechPowerUp GPU-Z
VLC media player 2.1.2
WinRAR 5.00 (32-bit)
XFast LAN v6.61
XFastUSB
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
12/28/2013 8:43:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/2/2014 9:25:48 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/2/2014 7:32:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
1/2/2014 7:32:04 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 7:32:04 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 5:23:58 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
1/2/2014 5:18:56 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
1/2/2014 5:18:56 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 2:12:24 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
1/2/2014 2:07:12 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/2/2014 2:07:12 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/2/2014 11:21:19 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/2/2014 11:17:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStorA iaStorV msahci
1/2/2014 11:17:02 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
1/2/2014 11:16:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
1/2/2014 11:16:48 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2014 11:16:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
1/2/2014 11:16:10 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2014 11:03:08 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
1/2/2014 10:34:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/2/2014 10:17:42 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024809
1/2/2014 10:17:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024809
1/2/2014 10:17:27 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/2/2014 10:16:00 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/2/2014 10:07:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/2/2014 10:07:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/2/2014 10:07:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/2/2014 10:07:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/2/2014 10:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/2/2014 10:07:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsrAppCharger cFosSpeed DfsC discache iaStorA iaStorV msahci NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/2/2014 10:07:32 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2014 5:12:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RadeonPro Support Service service to connect.
1/1/2014 5:12:14 PM, Error: Service Control Manager [7000] - The RadeonPro Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/1/2014 2:43:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
1/1/2014 1:58:10 AM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x800706bf'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/1/2014 1:57:59 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid.
1/1/2014 1:11:11 AM, Error: Service Control Manager [7023] - The Intel(R) Management and Security Application User Notification Service service terminated with the following error: %%-2147221165
1/1/2014 1:11:05 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
.
==== End Of File ===========================
Broni
Posts: 56,041 +516
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
- Status
