Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Default browser keeps opening by itself

Started by mugger , Sep 26 2015 07:12 AM
maleware virus spyware browser Maleware

  • This topic is locked This topic is locked
3 replies to this topic

#1 mugger

mugger

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 26 September 2015 - 07:12 AM

My default browser keeps opening by itself no matter if it's google chrome or firefox or even internet explorer,
and if iam using it, it refreshes the page to the home link...
This issue happens every 1-2 minutes, and if iam playing or useing anther application it happens every 2-3 secondes !!
This issue appeared and started happening 2 weeks ago...
I tried many free softwares that could help... anti-malewares, anti-spywares, anti-viruses... nothing fixed the issue.
I even Tried to changee the windows from windows 10 to 7 after formatting the partition "c", but issue isn't fixed.
 
I hope you can help me fixing that issue,
I read the instructions, and here are the log-files you need : 
 
1- aswMBr logfile :
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-09-26 13:28:38
-----------------------------
13:28:38.588    OS Version: Windows x64 6.1.7601 Service Pack 1
13:28:38.588    Number of processors: 8 586 0x2A07
13:28:38.589    ComputerName: KHALED-PC  UserName: khaled
13:28:39.836    Initialize success
13:28:39.930    VM: initialized successfully
13:28:39.931    VM: Intel CPU BiosDisabled 
14:06:07.961    AVAST engine defs: 15092600
14:08:47.131    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:08:47.137    Disk 0 Vendor: Hitachi_HTS547575A9E384 JE4OA50A Size: 715404MB BusType: 11
14:08:47.174    Disk 0 MBR read successfully
14:08:47.181    Disk 0 MBR scan
14:08:47.191    Disk 0 Windows 7 default MBR code
14:08:47.198    Disk 0 Partition 1 00     42          SFS                 0 MB offset 63
14:08:47.208    Disk 0 Partition 2 80 (A) 42          SFS NTFS          199 MB offset 2048
14:08:47.217    Disk 0 default boot code
14:08:47.235    Disk 0 Partition 3 00     42          SFS NTFS       372347 MB offset 409600
14:08:47.261    Disk 0 Partition 4 00     42          SFS NTFS       342856 MB offset 762976256
14:08:47.268    Disk 0 scanning C:\Windows\system32\drivers
14:08:47.607    Service scanning
14:09:10.528    Modules scanning
14:09:10.541    Disk 0 trace - called modules:
14:09:10.609    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
14:09:10.620    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008351790]
14:09:10.631    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8008104060]
14:09:11.535    AVAST engine scan C:\Windows
14:09:11.547    AVAST engine scan C:\Windows\system32
14:09:11.557    AVAST engine scan C:\Windows\system32\drivers
14:09:11.567    AVAST engine scan C:\Users\khaled
14:09:11.577    AVAST engine scan C:\ProgramData
14:09:11.583    Disk 0 statistics 26/0/0 @ 0.14 MB/s
14:09:11.586    Scan finished successfully
14:09:47.617    Disk 0 MBR has been saved successfully to "C:\Users\khaled\Desktop\MBR.dat"
14:09:47.621    The log file has been saved successfully to "C:\Users\khaled\Desktop\aswMBR.txt"
 
2- FRST.txt logfile :
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by khaled (administrator) on KHALED-PC (26-09-2015 14:16:40)
Running from C:\Users\khaled\Downloads
Loaded Profiles: khaled (Available Profiles: khaled)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Valve Corporation) M:\khaled\Steam\Steam.exe
(Valve Corporation) M:\khaled\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) M:\khaled\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-01] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BFDE9AB4-EA8E-4ABE-A019-0E38C5A07EB7}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2593012028-2614665045-1080795245-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-25] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-25]
CHR Extension: (Google Docs) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
CHR Extension: (Google Drive) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-25]
CHR Extension: (YouTube) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-25]
CHR Extension: (Google Sheets) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-25]
CHR Extension: (Google Docs Offline) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-25]
CHR Extension: (Gmail) - C:\Users\khaled\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-09-26] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-09-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\khaled\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\khaled\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-26 14:16 - 2015-09-26 14:16 - 00007386 _____ C:\Users\khaled\Downloads\FRST.txt
2015-09-26 14:15 - 2015-09-26 14:16 - 00000000 ____D C:\FRST
2015-09-26 14:14 - 2015-09-26 14:15 - 02192384 _____ (Farbar) C:\Users\khaled\Downloads\FRST64.exe
2015-09-26 14:09 - 2015-09-26 14:09 - 00002227 _____ C:\Users\khaled\Desktop\aswMBR.txt
2015-09-26 14:09 - 2015-09-26 14:09 - 00000512 _____ C:\Users\khaled\Desktop\MBR.dat
2015-09-26 13:26 - 2015-09-26 13:28 - 05198336 _____ (AVAST Software) C:\Users\khaled\Downloads\aswMBR.exe
2015-09-26 13:17 - 2015-09-26 13:17 - 00411792 _____ (TweakBit) C:\Users\khaled\Downloads\fix_Browsers-setup (1).exe
2015-09-26 12:01 - 2015-09-26 12:01 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-09-26 12:00 - 2015-09-26 12:00 - 00003092 _____ C:\Windows\system32\.crusader
2015-09-26 11:52 - 2015-09-26 12:00 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-26 11:52 - 2015-09-26 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-09-26 11:52 - 2015-09-26 11:52 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-26 11:49 - 2015-09-26 11:52 - 11350472 _____ (SurfRight B.V.) C:\Users\khaled\Downloads\HitmanPro_x64.exe
2015-09-26 11:23 - 2015-09-26 12:01 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-26 11:23 - 2015-09-26 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-26 11:23 - 2015-09-26 11:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-26 11:23 - 2015-09-26 11:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-26 11:23 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-26 11:23 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-26 11:23 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-26 11:16 - 2015-09-26 11:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\khaled\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-26 10:40 - 2015-09-26 10:41 - 01800512 _____ (Malwarebytes) C:\Users\khaled\Downloads\JRT.exe
2015-09-26 10:31 - 2015-09-26 10:38 - 00000000 ____D C:\AdwCleaner
2015-09-26 10:30 - 2015-09-26 10:31 - 01662976 _____ C:\Users\khaled\Downloads\adwcleaner_5.008.exe
2015-09-26 10:28 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-26 10:28 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-26 10:28 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-26 10:28 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-26 10:27 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-26 10:27 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-26 10:27 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-26 10:27 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-26 10:27 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-26 10:27 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-26 10:27 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-26 10:27 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-26 10:27 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-26 10:27 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-25 22:49 - 2015-09-25 22:49 - 00411792 _____ (TweakBit) C:\Users\khaled\Downloads\fix_Browsers-setup.exe
2015-09-25 22:02 - 2015-09-25 22:02 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-25 22:02 - 2015-09-25 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-25 21:55 - 2015-09-26 14:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-25 21:55 - 2015-09-26 12:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-25 21:55 - 2015-09-26 11:33 - 00000000 ____D C:\Users\khaled\AppData\Local\Google
2015-09-25 21:55 - 2015-09-25 22:02 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-25 21:55 - 2015-09-25 21:55 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-25 21:55 - 2015-09-25 21:55 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-25 21:54 - 2015-09-25 21:55 - 00000000 ____D C:\Users\khaled\AppData\Local\Deployment
2015-09-25 21:54 - 2015-09-25 21:54 - 00000000 ____D C:\Users\khaled\AppData\Local\Apps\2.0
2015-09-25 20:44 - 2015-09-25 20:44 - 00000206 _____ C:\Users\khaled\Desktop\Dota 2.url
2015-09-25 20:36 - 2015-09-25 20:36 - 00010047 _____ C:\Windows\DirectX.log
2015-09-25 20:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-09-25 20:36 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-09-25 20:36 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-09-25 20:36 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-09-25 20:36 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-09-25 20:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-09-25 20:36 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-09-25 20:36 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-09-25 20:36 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-09-25 20:36 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-09-25 20:36 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-09-25 20:36 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-09-25 20:36 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-09-25 20:36 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-09-25 20:36 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-09-25 20:36 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-09-25 20:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-09-25 20:36 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-09-25 20:36 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-09-25 20:36 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-09-25 20:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-09-25 20:36 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-09-25 20:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-09-25 20:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-09-25 20:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-09-25 20:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-09-25 20:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-09-25 20:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-09-25 20:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-09-25 20:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-09-25 20:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-09-25 20:36 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-09-25 20:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-09-25 20:36 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-09-25 20:36 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-09-25 20:36 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-09-25 20:36 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-09-25 20:36 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-09-25 20:36 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-09-25 20:36 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-09-25 20:36 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-09-25 20:36 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-09-25 20:36 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-09-25 20:36 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-09-25 20:36 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-09-25 20:36 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-09-25 20:36 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-09-25 20:36 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-09-25 20:36 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-09-25 20:36 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-09-25 20:36 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-09-25 20:36 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-09-25 20:36 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-09-25 20:36 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-09-25 20:36 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-09-25 20:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-09-25 20:36 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-09-25 20:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-09-25 20:36 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-09-25 20:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-09-25 20:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-09-25 20:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-09-25 20:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-09-25 20:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-09-25 20:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-09-25 20:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-09-25 20:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-09-25 20:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-09-25 20:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-09-25 20:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-09-25 20:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-09-25 20:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-09-25 20:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-09-25 20:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-09-25 20:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-09-25 20:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-09-25 20:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-09-25 20:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-09-25 20:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-09-25 20:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-09-25 20:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-09-25 20:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-09-25 20:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-09-25 20:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-09-25 20:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-09-25 20:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-09-25 20:36 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-09-25 20:36 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-09-25 20:36 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-09-25 20:36 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-09-25 20:36 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-09-25 20:36 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-09-25 20:36 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-09-25 20:36 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-09-25 20:36 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-09-25 20:36 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-09-25 20:36 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-09-25 20:36 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-09-25 20:36 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-09-25 20:36 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-09-25 20:36 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-09-25 20:36 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-09-25 20:36 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-09-25 20:36 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-09-25 20:36 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-09-25 20:36 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-09-25 20:36 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-09-25 20:36 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-09-25 20:36 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-09-25 20:36 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-09-25 20:36 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-09-25 20:36 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-09-25 20:36 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-09-25 20:36 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-09-25 20:36 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-09-25 20:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-09-25 20:36 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-09-25 20:36 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-09-25 20:36 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-09-25 20:36 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-09-25 20:36 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-09-25 20:36 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-09-25 20:36 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-09-25 20:36 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-09-25 20:36 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-09-25 20:36 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-09-25 20:36 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-09-25 20:36 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-09-25 20:36 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-09-25 20:36 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-09-25 20:36 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-09-25 20:36 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-09-25 20:36 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-09-25 20:36 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-09-25 20:36 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-09-25 20:36 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-09-25 20:36 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-09-25 20:36 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-09-25 20:36 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-09-25 20:36 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-09-25 20:36 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-09-25 20:36 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-09-25 20:36 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-09-25 20:36 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-09-25 20:36 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-09-25 20:36 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-09-25 20:36 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-09-25 20:36 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-09-25 20:36 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-09-25 20:36 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-09-25 20:36 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-09-25 20:36 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-09-25 20:36 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-09-25 20:36 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-09-25 20:36 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-09-25 20:36 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-09-25 20:36 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-09-25 20:36 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-09-25 20:36 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-09-25 20:36 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-09-25 20:36 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-09-25 20:36 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-09-25 20:36 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-09-25 20:36 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-09-25 20:25 - 2015-09-25 20:25 - 00057560 _____ C:\Users\khaled\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-25 20:24 - 2015-09-25 20:24 - 00000000 ____D C:\Users\khaled\AppData\Local\Steam
2015-09-25 20:24 - 2015-09-25 20:24 - 00000000 ____D C:\Users\khaled\AppData\Local\CEF
2015-09-25 20:23 - 2015-09-25 20:23 - 00000000 ____D C:\Users\khaled\AppData\Roaming\ATI
2015-09-25 20:23 - 2015-09-25 20:23 - 00000000 ____D C:\Users\khaled\AppData\Local\ATI
2015-09-25 20:23 - 2015-09-25 20:23 - 00000000 ____D C:\ProgramData\ATI
2015-09-25 20:21 - 2015-09-25 20:21 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-09-25 20:20 - 2015-09-25 20:20 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-09-25 20:20 - 2015-09-25 20:20 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-25 20:20 - 2015-09-25 20:20 - 00000000 ____D C:\Program Files (x86)\AMD APP
2015-09-25 20:20 - 2015-09-25 20:20 - 00000000 ____D C:\Intel
2015-09-25 20:19 - 2011-03-17 13:51 - 00003929 _____ C:\Windows\SysWOW64\atipblup.dat
2015-09-25 20:19 - 2011-03-17 13:51 - 00003929 _____ C:\Windows\system32\atipblup.dat
2015-09-25 20:18 - 2015-09-25 20:19 - 00000000 ____D C:\Program Files\ATI Technologies
2015-09-25 20:18 - 2015-09-25 20:19 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-09-25 20:17 - 2015-09-25 20:17 - 00000000 ____D C:\Program Files\ATI
2015-09-25 20:16 - 2015-09-25 20:16 - 00000000 ____D C:\SWSetup
2015-09-25 20:15 - 2010-10-26 11:08 - 00406632 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-09-25 20:15 - 2010-01-06 00:39 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-09-25 20:15 - 2009-12-03 17:27 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2015-09-25 20:14 - 2015-09-25 20:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-25 20:14 - 2015-09-25 20:14 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-09-25 20:14 - 2015-09-25 20:14 - 00000000 ____D C:\Program Files (x86)\Intel Desktop Board
2015-09-25 17:26 - 2015-09-25 16:47 - 00000000 ____D C:\Windows\Panther
2015-09-25 16:48 - 2015-09-25 16:48 - 00001447 _____ C:\Users\khaled\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-25 16:48 - 2015-09-25 16:48 - 00001413 _____ C:\Users\khaled\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-25 16:48 - 2015-09-25 16:48 - 00000000 ____D C:\Users\khaled\AppData\Local\VirtualStore
2015-09-25 16:47 - 2015-09-26 12:01 - 00000000 ____D C:\Users\khaled
2015-09-25 16:47 - 2015-09-25 16:47 - 00000020 ___SH C:\Users\khaled\ntuser.ini
2015-09-25 16:47 - 2015-09-25 16:47 - 00000000 __SHD C:\Recovery
2015-09-25 16:47 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\khaled\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-25 16:47 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\khaled\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-25 16:30 - 2015-09-25 16:30 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-25 16:30 - 2015-09-25 16:30 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-25 16:29 - 2015-09-26 12:27 - 00108719 _____ C:\Windows\WindowsUpdate.log
2015-09-25 16:29 - 2015-09-25 16:29 - 00001355 _____ C:\Windows\TSSysprep.log
2015-09-25 16:28 - 2015-09-25 16:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-26 14:03 - 2009-07-13 21:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-26 14:03 - 2009-07-13 21:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-26 12:09 - 2009-07-13 22:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 12:01 - 2010-11-20 20:47 - 00005866 _____ C:\Windows\PFRO.log
2015-09-26 12:01 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-26 12:01 - 2009-07-13 21:51 - 00026377 _____ C:\Windows\setupact.log
2015-09-26 11:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PLA
2015-09-26 10:23 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-25 20:35 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-25 20:16 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-25 17:28 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\restore
2015-09-25 17:25 - 2009-07-13 22:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-09-25 17:25 - 2009-07-13 22:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-09-25 16:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-09-25 16:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-09-25 16:31 - 2009-07-13 21:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-25 16:30 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-25 16:30 - 2009-07-13 21:46 - 00002790 _____ C:\Windows\DtcInstall.log
2015-09-25 16:30 - 2009-07-13 20:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-25 16:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-09-25 16:27 - 2011-04-12 01:28 - 00000000 ____D C:\Windows\CSC
 
Some files in TEMP:
====================
C:\Users\khaled\AppData\Local\Temp\pc-support-bar-setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-25 17:21
 
==================== End of FRST.txt ============================
 
3- addition.txt logfile :
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by khaled (2015-09-26 14:17:13)
Running from C:\Users\khaled\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-09-25 23:47:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2593012028-2614665045-1080795245-500 - Administrator - Disabled)
Guest (S-1-5-21-2593012028-2614665045-1080795245-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2593012028-2614665045-1080795245-1002 - Limited - Enabled)
khaled (S-1-5-21-2593012028-2614665045-1080795245-1000 - Administrator - Enabled) => C:\Users\khaled
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.246 - SurfRight B.V.)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
TweakBit PCSupportBar (HKLM-x32\...\{4960F354-CC53-4BED-A330-FCDFA3178CFA}_is1) (Version: 1.1.1.0 - Auslogics Labs Pty Ltd)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
25-09-2015 17:28:12 Scheduled Checkpoint
25-09-2015 20:14:49 Installed Realtek Ethernet Controller Driver
25-09-2015 20:35:21 Installed DirectX
26-09-2015 10:27:10 Windows Update
26-09-2015 10:43:06 JRT Pre-Junkware Removal
26-09-2015 11:57:52 Checkpoint by HitmanPro
26-09-2015 12:00:16 Checkpoint by HitmanPro
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {42517381-4AF7-4F09-AF50-2F012446B2E0} - \TweakBit\PCSupportBar\Start PCSupportBar оn khaled logon -> No File <==== ATTENTION
Task: {4949D450-4CC9-424E-8CF4-48628CD30DB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
Task: {D30740C3-053A-4191-979B-C48931D23E4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-08-09 07:44 - 2011-08-09 07:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-30 22:07 - 2011-09-30 22:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-02 10:49 - 2011-09-02 10:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-09-10 18:28 - 2015-07-03 09:12 - 00778240 _____ () M:\khaled\Steam\SDL2.dll
2015-09-10 18:28 - 2015-07-03 09:12 - 04962816 _____ () M:\khaled\Steam\v8.dll
2015-09-10 18:28 - 2015-07-03 09:12 - 01556992 _____ () M:\khaled\Steam\icui18n.dll
2015-09-10 18:28 - 2015-07-03 09:12 - 01187840 _____ () M:\khaled\Steam\icuuc.dll
2015-09-10 18:28 - 2015-08-19 13:39 - 02413248 _____ () M:\khaled\Steam\video.dll
2015-09-10 18:28 - 2014-12-01 14:31 - 02396672 _____ () M:\khaled\Steam\libavcodec-56.dll
2015-09-10 18:28 - 2014-12-01 14:31 - 00442880 _____ () M:\khaled\Steam\libavutil-54.dll
2015-09-10 18:28 - 2014-12-01 14:31 - 00479744 _____ () M:\khaled\Steam\libavformat-56.dll
2015-09-10 18:28 - 2014-12-01 14:31 - 00332800 _____ () M:\khaled\Steam\libavresample-2.dll
2015-09-10 18:28 - 2014-12-01 14:31 - 00485888 _____ () M:\khaled\Steam\libswscale-3.dll
2015-09-10 18:29 - 2015-08-19 13:39 - 00704192 _____ () M:\khaled\Steam\bin\chromehtml.DLL
2015-09-10 18:29 - 2015-07-26 18:13 - 00171008 _____ () M:\khaled\Steam\bin\openvr_api.dll
2015-09-10 18:29 - 2015-07-03 09:12 - 39553928 _____ () M:\khaled\Steam\bin\libcef.dll
2015-09-25 22:02 - 2015-09-23 19:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 22:02 - 2015-09-23 19:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2593012028-2614665045-1080795245-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\khaled\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1421C978-8301-436B-AE4A-B534D4AF37FB}] => (Allow) M:\khaled\Steam\Steam.exe
FirewallRules: [{12F950E3-9C64-4083-AE3B-57967B58B9B6}] => (Allow) M:\khaled\Steam\Steam.exe
FirewallRules: [{59ADA0A7-B357-47DE-B617-9565953BE1A3}] => (Allow) M:\khaled\Steam\bin\steamwebhelper.exe
FirewallRules: [{E5D83B13-3940-4EAF-807A-939A887204D2}] => (Allow) M:\khaled\Steam\bin\steamwebhelper.exe
FirewallRules: [{8B1A355C-D027-4914-9ABB-524873CC7D96}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{25909A99-4D91-4061-B991-709F418A7093}] => (Allow) M:\khaled\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3D30AE87-3BFA-4F23-AF7E-EDCFBF81DD0C}] => (Allow) M:\khaled\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Network Controller
Description: Network Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/26/2015 12:03:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000016c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000010BEF60.72).  hr = 0x80070005, Access is denied.
.
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,000000000097E250.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bfe25bec-7fcc-4854-b9e8-866ae5c90011}
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008a0,(null),0,REG_BINARY,0000000006ACDEB0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {b0e15402-e2af-4b13-b8d3-13273c33840f}
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000864,(null),0,REG_BINARY,000000000222DE90.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {34207bbd-7a54-4702-b05b-b40ebe49d3d5}
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,(null),0,REG_BINARY,0000000001BDE820.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {a483a11a-cc8c-4799-a6bc-47c06dbecb10}
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,(null),0,REG_BINARY,000000000271F490.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {0f30632f-c183-453a-9fa2-9d90f6eb1705}
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,000000000097E250.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bfe25bec-7fcc-4854-b9e8-866ae5c90011}
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,(null),0,REG_BINARY,0000000001C8EA10.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0f9d8e11-52d9-42c1-b132-026ad416024e}
 
Error: (09/26/2015 12:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008a0,(null),0,REG_BINARY,0000000006ACDEB0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {b0e15402-e2af-4b13-b8d3-13273c33840f}
 
 
System errors:
=============
Error: (09/26/2015 12:01:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (09/26/2015 10:44:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/26/2015 10:44:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/26/2015 10:44:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (09/26/2015 10:44:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/26/2015 10:44:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/26/2015 10:36:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/26/2015 10:36:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (09/26/2015 10:36:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/26/2015 10:36:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 24%
Total physical RAM: 8139.86 MB
Available physical RAM: 6125.11 MB
Total Virtual: 16277.91 MB
Available Virtual: 13893.22 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:363.62 GB) (Free:337.04 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.67 GB) (Free:1.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive m: () (Fixed) (Total:320.05 GB) (Free:10.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 3C306E3B)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=363.6 GB) - (Type=42)
Partition 4: (Not Active) - (Size=334.8 GB) - (Type=42)
 
==================== End of Addition.txt ============================
 
*Thanks for wasting your time trying to help us fixing this issues*

Edited by mugger, 26 September 2015 - 07:14 AM.

    Advertisements

Register to Remove

#2 mAL_rEm018

mAL_rEm018

    Visiting Fellow

  • MRU Teachers
  • 9 posts

Posted 27 September 2015 - 02:07 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Virus, Spyware & Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello mugger,

My name is mAL_rEm018, but feel free to call me mAL :).  I'm an undergraduate trainee at the Malware Removal University and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:


  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


 


Admin/Teacher at MalWare Removal University

#3 mAL_rEm018

mAL_rEm018

    Visiting Fellow

  • MRU Teachers
  • 9 posts

Posted 28 September 2015 - 09:22 AM

Hello mugger,


Backup your registry using TCRB

  • Download TCRB from the following link TCRB
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.


Please run the following scans..

MGA Diagnostics


  • Please download and save the following tool to your desktop Link.
  • Right-click on MGADiag.exe and select Run as Administrator.
  • Select Continue.  The diagnosis will now begin.
  • When the process is over, click Copy.
  • Open Notepad and paste the contents.
  • Save this file as MGADiag.txt.
  • Post the content on MGADiag.txt in your next reply.

Next..

CKScanner


  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • MGADiag.txt
  • CKFiles.txt
    Please post everything in the order given.

 


Admin/Teacher at MalWare Removal University

#4 Cypher

Cypher

    MRU Teacher

  • MRU Teachers
  • 2 posts
  • Interests:Computers. Reading. Sports. Military History. Archeology.

Posted 01 October 2015 - 10:36 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic


Admin/Teacher at Malware Removal University
Member of UNITE

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: maleware, virus, spyware, browser, Maleware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·