Jump to content

my_nameaintearl

Honorary Members
  • Posts

    57
  • Joined

  • Last visited

Everything posted by my_nameaintearl

  1. Yup, the hard drive is on its way out. Gonna get a new one put in. Thanks for your time, though even though it wasn't a malware issue.
  2. Yeah, going through this process I don't think we've found anything to show that it's been been infected. Reinstalling Windows or factory resetting would have been my next option. How do I test the hard drive to see if it's failing?
  3. Still running slowly but it seems to be a little less slow than before....
  4. MiniToolBox by Farbar Version: 13-07-2013 Ran by Butch (administrator) on 17-10-2013 at 00:50:07 Running from "C:\Users\Butch\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected) Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected) Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Butch-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter Physical Address. . . . . . . . . : 1C-65-9D-8E-44-0B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card Physical Address. . . . . . . . . : 1C-65-9D-8E-44-0B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::4c02:3bcb:2a46:d492%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, October 16, 2013 12:19:31 AM Lease Expires . . . . . . . . . . : Thursday, October 17, 2013 7:12:55 PM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 303850909 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-DF-A2-7C-F0-4D-A2-AA-30-E5 DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : POST.local Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) Physical Address. . . . . . . . . : F0-4D-A2-AA-30-E5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.gateway.2wire.net: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:897:130b:9c41:caeb(Preferred) Link-local IPv6 Address . . . . . : fe80::897:130b:9c41:caeb%30(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{57C66962-0142-41A4-A2D2-B1AB14204021}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.POST.local: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: homeportal Address: 192.168.1.254 Name: google.com Addresses: 2607:f8b0:4006:801::1004 74.125.226.227 74.125.226.231 74.125.226.224 74.125.226.226 74.125.226.232 74.125.226.229 74.125.226.238 74.125.226.230 74.125.226.225 74.125.226.228 74.125.226.233 Pinging google.com [74.125.226.231] with 32 bytes of data: Reply from 74.125.226.231: bytes=32 time=26ms TTL=55 Reply from 74.125.226.231: bytes=32 time=27ms TTL=55 Ping statistics for 74.125.226.231: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 26ms, Maximum = 27ms, Average = 26ms Server: homeportal Address: 192.168.1.254 Name: yahoo.com Addresses: 206.190.36.45 98.139.183.24 98.138.253.109 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=171ms TTL=47 Reply from 206.190.36.45: bytes=32 time=119ms TTL=47 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 119ms, Maximum = 171ms, Average = 145ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 12...1c 65 9d 8e 44 0b ......Broadcom Virtual Wireless Adapter 11...1c 65 9d 8e 44 0b ......DW1501 Wireless-N WLAN Half-Mini Card 10...f0 4d a2 aa 30 e5 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) 1...........................Software Loopback Interface 1 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 30...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.69 281 192.168.1.69 255.255.255.255 On-link 192.168.1.69 281 192.168.1.255 255.255.255.255 On-link 192.168.1.69 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.69 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.69 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 30 58 ::/0 On-link 1 306 ::1/128 On-link 30 58 2001::/32 On-link 30 306 2001:0:9d38:90d7:c1e:3bcb:3f57:feba/128 On-link 11 281 fe80::/64 On-link 30 306 fe80::/64 On-link 30 306 fe80::c1e:3bcb:3f57:feba/128 On-link 11 281 fe80::4c02:3bcb:2a46:d492/128 On-link 1 306 ff00::/8 On-link 11 281 ff00::/8 On-link 30 306 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.) Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.) Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog5 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (10/17/2013 00:22:27 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (10/16/2013 07:13:02 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (10/16/2013 00:54:02 AM) (Source: Application Error) (User: ) Description: Faulting application name: DivXUpdate.exe, version: 1.0.6.88, time stamp: 0x511afc59 Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bda75 Exception code: 0xc0000005 Fault offset: 0x6d682505 Faulting process id: 0xff4 Faulting application start time: 0xDivXUpdate.exe0 Faulting application path: DivXUpdate.exe1 Faulting module path: DivXUpdate.exe2 Report Id: DivXUpdate.exe3 Error: (10/16/2013 00:28:32 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (10/16/2013 00:28:29 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.ServiceModel.Web, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (10/16/2013 00:28:29 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.Extensions, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (10/15/2013 05:41:02 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15662 Error: (10/15/2013 05:41:02 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15662 Error: (10/15/2013 05:41:02 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/15/2013 05:40:15 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 21612831 System errors: ============= Error: (10/16/2013 11:59:20 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 11:59:20 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 11:59:20 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 11:59:20 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 11:59:20 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 10:59:16 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 10:59:16 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 10:59:16 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 10:59:16 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (10/16/2013 10:59:16 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Microsoft Office Sessions: ========================= Error: (10/17/2013 00:22:27 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (10/16/2013 07:13:02 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (10/16/2013 00:54:02 AM) (Source: Application Error)(User: ) Description: DivXUpdate.exe1.0.6.88511afc59netprofm.dll_unloaded0.0.0.04a5bda75c00000056d682505ff401ceca2a063a1929C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exenetprofm.dllf96a6fe8-361e-11e3-827c-f04da2aa30e5 Error: (10/16/2013 00:28:32 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (10/16/2013 00:28:29 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.ServiceModel.Web, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (10/16/2013 00:28:29 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.Extensions, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (10/15/2013 05:41:02 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15662 Error: (10/15/2013 05:41:02 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15662 Error: (10/15/2013 05:41:02 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/15/2013 05:40:15 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 21612831 CodeIntegrity Errors: =================================== Date: 2013-09-23 04:02:17.698 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-23 04:02:17.464 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-23 04:02:17.214 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-23 04:02:16.964 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-20 00:16:36.540 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-20 00:16:36.306 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-20 00:16:36.072 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-20 00:16:35.853 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-16 20:00:30.587 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-16 19:42:39.122 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ µTorrent (Version: 3.3.1.30017) AC3Filter 1.62b (Version: 1.62b) Adobe Acrobat XI Pro (Version: 11.0.00) Adobe AIR (Version: 3.6.0.5970) Adobe Download Assistant (Version: 1.2.5) Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Reader XI (11.0.05) (Version: 11.0.05) AMD Catalyst Install Manager (Version: 8.0.877.0) AMD Fuel (Version: 2013.0424.1225.20315) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Atheros WLAN and Bluetooth Client Installation Program (Version: 9.0) Bluetooth Win7 Suite (64) (Version: 7.2.0.45) Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2013.0424.1225.20315) Catalyst Control Center InstallProxy (Version: 2013.0424.1225.20315) CCC Help Czech (Version: 2013.0424.1224.20315) CCC Help Danish (Version: 2013.0424.1224.20315) CCC Help Dutch (Version: 2013.0424.1224.20315) CCC Help English (Version: 2013.0424.1224.20315) CCC Help Finnish (Version: 2013.0424.1224.20315) CCC Help French (Version: 2013.0424.1224.20315) CCC Help German (Version: 2013.0424.1224.20315) CCC Help Greek (Version: 2013.0424.1224.20315) CCC Help Hungarian (Version: 2013.0424.1224.20315) CCC Help Italian (Version: 2013.0424.1224.20315) CCC Help Japanese (Version: 2013.0424.1224.20315) CCC Help Korean (Version: 2013.0424.1224.20315) CCC Help Norwegian (Version: 2013.0424.1224.20315) CCC Help Polish (Version: 2013.0424.1224.20315) CCC Help Portuguese (Version: 2013.0424.1224.20315) CCC Help Russian (Version: 2013.0424.1224.20315) CCC Help Spanish (Version: 2013.0424.1224.20315) CCC Help Swedish (Version: 2013.0424.1224.20315) CCC Help Thai (Version: 2013.0424.1224.20315) Cisco EAP-FAST Module (Version: 2.2.14) Cisco LEAP Module (Version: 1.0.19) Cisco PEAP Module (Version: 1.1.6) Click'N Design 3D (V5) (Version: v5.x.x) Content Manager Assistant for PlayStation® (Version: 2.00.5976.25) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX Setup (Version: 2.6.1.24) DW WLAN Card Utility (Version: 5.60.48.35) ERUNT 1.1j ESET Online Scanner v3 GmoteServer (Version: 2.0.2) Google Chrome (Version: 30.0.1599.69) Google Update Helper (Version: 1.3.21.165) iCloud (Version: 2.1.1.3) iTunes (Version: 11.0.2.26) Junk Mail filter update (Version: 16.4.3505.0912) Last.fm Scrobbler 2.1.33 Lexmark 6500 Series Lexmark Toolbar (Version: 4.0.53.0) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Security Client (Version: 4.3.0216.0) Microsoft Security Essentials (Version: 4.3.216.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Web Publishing Wizard 1.52 Movie Maker (Version: 16.4.3505.0912) Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Photo Explosion 3.0 Special Edition (Version: 3.0.0.6) Photo Gallery (Version: 16.4.3505.0912) Pinnacle Studio 14 (Version: 14.0.0.7255) Pinnacle Video Driver (Version: 12.1.0.030) PS3 Media Server (Version: 1.82.0) Quickset64 (Version: 10.5.0) QuickTime (Version: 7.73.80.64) SAMSUNG Intelli-studio SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0) Skype Click to Call (Version: 6.13.13771) Skype™ 6.0 (Version: 6.0.120) Spotify (Version: 0.9.1.57.ge7405149) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) Windows Live Communications Platform (Version: 16.4.3505.0912) Windows Live Essentials (Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3505.0912) Windows Live Mail (Version: 16.4.3505.0912) Windows Live Messenger (Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (Version: 16.4.3505.0912) Windows Live PIMT Platform (Version: 16.4.3505.0912) Windows Live SOXE (Version: 16.4.3505.0912) Windows Live SOXE Definitions (Version: 16.4.3505.0912) Windows Live UX Platform (Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (Version: 16.4.3505.0912) Windows Live Writer (Version: 16.4.3505.0912) Windows Live Writer Resources (Version: 16.4.3505.0912) WinRAR 4.20 (32-bit) (Version: 4.20.0) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 35% Total physical RAM: 3835.93 MB Available physical RAM: 2460.82 MB Total Pagefile: 7670.03 MB Available Pagefile: 5933.7 MB Total Virtual: 4095.88 MB Available Virtual: 3979.04 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:451.01 GB) (Free:220.57 GB) NTFS 2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF ========================= Users: ======================================== User accounts for \\BUTCH-PC Administrator Butch Guest ========================= Minidump Files ================================== **** End of log ****
  5. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.194000 GHz Memory total: 4022259712, free: 2346090496 Downloaded database version: v2013.10.15.01 Downloaded database version: v2013.10.11.02 ======================================= Initializing... ------------ Kernel report ------------ 10/15/2013 01:35:01 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\Windows\system32\drivers\avgtpx64.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\bcmvwl64.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\btath_bus.sys \SystemRoot\system32\DRIVERS\MarvinBus64.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\BCM42RLY.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\sechost.dll \Windows\System32\advapi32.dll \Windows\System32\Wldap32.dll \Windows\System32\gdi32.dll \Windows\System32\iertutil.dll \Windows\System32\msctf.dll \Windows\System32\imagehlp.dll \Windows\System32\rpcrt4.dll \Windows\System32\clbcatq.dll \Windows\System32\user32.dll \Windows\System32\ws2_32.dll \Windows\System32\psapi.dll \Windows\System32\imm32.dll \Windows\System32\difxapi.dll \Windows\System32\wininet.dll \Windows\System32\normaliz.dll \Windows\System32\shell32.dll \Windows\System32\oleaut32.dll \Windows\System32\lpk.dll \Windows\System32\shlwapi.dll \Windows\System32\ole32.dll \Windows\System32\nsi.dll \Windows\System32\msvcrt.dll \Windows\System32\urlmon.dll \Windows\System32\comdlg32.dll \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\setupapi.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\cfgmgr32.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004893060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa800466d680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004893060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004892230, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004893060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800466d680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1BD21B23 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 206848 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30926848 Numsec = 945844272 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished
  6. Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.10.15.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Butch :: BUTCH-PC [administrator] 10/15/2013 1:35:06 AM mbar-log-2013-10-15 (01-35-06).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 231797 Time elapsed: 5 hour(s), 42 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
  7. MiniToolBox by Farbar Version: 13-07-2013 Ran by Butch (administrator) on 14-10-2013 at 09:59:54 Running from "C:\Users\Butch\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Network *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected) Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected) Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Butch-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter Physical Address. . . . . . . . . : 1C-65-9D-8E-44-0B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card Physical Address. . . . . . . . . : 1C-65-9D-8E-44-0B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::4c02:3bcb:2a46:d492%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, October 13, 2013 1:13:48 PM Lease Expires . . . . . . . . . . : Tuesday, October 15, 2013 1:13:48 AM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 303850909 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-DF-A2-7C-F0-4D-A2-AA-30-E5 DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : POST.local Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) Physical Address. . . . . . . . . : F0-4D-A2-AA-30-E5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.gateway.2wire.net: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.POST.local: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: homeportal Address: 192.168.1.254 Name: google.com Addresses: 2607:f8b0:4006:803::1003 173.194.43.36 173.194.43.33 173.194.43.38 173.194.43.39 173.194.43.46 173.194.43.32 173.194.43.34 173.194.43.41 173.194.43.40 173.194.43.37 173.194.43.35 Pinging google.com [173.194.43.35] with 32 bytes of data: Reply from 173.194.43.35: bytes=32 time=26ms TTL=55 Reply from 173.194.43.35: bytes=32 time=25ms TTL=55 Ping statistics for 173.194.43.35: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 25ms, Maximum = 26ms, Average = 25ms Server: homeportal Address: 192.168.1.254 Name: yahoo.com Addresses: 206.190.36.45 98.139.183.24 98.138.253.109 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=152ms TTL=47 Reply from 206.190.36.45: bytes=32 time=201ms TTL=47 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 152ms, Maximum = 201ms, Average = 176ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 12...1c 65 9d 8e 44 0b ......Broadcom Virtual Wireless Adapter 11...1c 65 9d 8e 44 0b ......DW1501 Wireless-N WLAN Half-Mini Card 10...f0 4d a2 aa 30 e5 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.69 281 192.168.1.69 255.255.255.255 On-link 192.168.1.69 281 192.168.1.255 255.255.255.255 On-link 192.168.1.69 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.69 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.69 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 11 281 fe80::/64 On-link 11 281 fe80::4c02:3bcb:2a46:d492/128 On-link 1 306 ff00::/8 On-link 11 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.) Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.) Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (10/12/2013 09:42:41 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15569 Error: (10/12/2013 09:42:41 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15569 Error: (10/12/2013 09:42:41 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/12/2013 09:37:10 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 90080108 Error: (10/12/2013 07:45:50 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15506 Error: (10/12/2013 07:45:50 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15506 Error: (10/12/2013 07:45:50 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/12/2013 00:29:52 AM) (Source: Application Error) (User: ) Description: Windows cannot access the file C:\Windows\System32\advapi32.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program FRST64.exe because of this error. Program: FRST64.exe File: C:\Windows\System32\advapi32.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (10/12/2013 00:29:52 AM) (Source: Application Error) (User: ) Description: Faulting application name: FRST64.exe, version: 3.3.8.1, time stamp: 0x4f25bafd Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a Exception code: 0xc0000006 Fault offset: 0x0000000000018f75 Faulting process id: 0xe4c Faulting application start time: 0xFRST64.exe0 Faulting application path: FRST64.exe1 Faulting module path: FRST64.exe2 Report Id: FRST64.exe3 Error: (10/11/2013 11:11:05 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 System errors: ============= Error: (10/14/2013 09:59:38 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:59:38 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:59:38 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:54:38 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:54:38 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:54:38 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:52:32 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:52:32 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:52:32 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/14/2013 09:48:36 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (10/12/2013 09:42:41 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15569 Error: (10/12/2013 09:42:41 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15569 Error: (10/12/2013 09:42:41 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/12/2013 09:37:10 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 90080108 Error: (10/12/2013 07:45:50 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15506 Error: (10/12/2013 07:45:50 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15506 Error: (10/12/2013 07:45:50 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/12/2013 00:29:52 AM) (Source: Application Error)(User: ) Description: C:\Windows\System32\advapi32.dllFRST64.exeC00001853 Error: (10/12/2013 00:29:52 AM) (Source: Application Error)(User: ) Description: FRST64.exe3.3.8.14f25bafdntdll.dll6.1.7601.1822951fb164ac00000060000000000018f75e4c01cec6fa2e2af4baC:\Users\Butch\Desktop\FRST64.exeC:\Windows\SYSTEM32\ntdll.dllef9dd62f-32f6-11e3-a5d8-f04da2aa30e5 Error: (10/11/2013 11:11:05 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 CodeIntegrity Errors: =================================== Date: 2013-09-23 04:02:17.698 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-23 04:02:17.464 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-23 04:02:17.214 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-23 04:02:16.964 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-20 00:16:36.540 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-20 00:16:36.306 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-20 00:16:36.072 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-20 00:16:35.853 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-16 20:00:30.587 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-16 19:42:39.122 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ µTorrent (Version: 3.3.1.30017) AC3Filter 1.62b (Version: 1.62b) Adobe Acrobat XI Pro (Version: 11.0.00) Adobe AIR (Version: 3.6.0.5970) Adobe Download Assistant (Version: 1.2.5) Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Reader XI (11.0.05) (Version: 11.0.05) AMD Catalyst Install Manager (Version: 8.0.877.0) AMD Fuel (Version: 2013.0424.1225.20315) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Atheros WLAN and Bluetooth Client Installation Program (Version: 9.0) Bluetooth Win7 Suite (64) (Version: 7.2.0.45) Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2013.0424.1225.20315) Catalyst Control Center InstallProxy (Version: 2013.0424.1225.20315) CCC Help Czech (Version: 2013.0424.1224.20315) CCC Help Danish (Version: 2013.0424.1224.20315) CCC Help Dutch (Version: 2013.0424.1224.20315) CCC Help English (Version: 2013.0424.1224.20315) CCC Help Finnish (Version: 2013.0424.1224.20315) CCC Help French (Version: 2013.0424.1224.20315) CCC Help German (Version: 2013.0424.1224.20315) CCC Help Greek (Version: 2013.0424.1224.20315) CCC Help Hungarian (Version: 2013.0424.1224.20315) CCC Help Italian (Version: 2013.0424.1224.20315) CCC Help Japanese (Version: 2013.0424.1224.20315) CCC Help Korean (Version: 2013.0424.1224.20315) CCC Help Norwegian (Version: 2013.0424.1224.20315) CCC Help Polish (Version: 2013.0424.1224.20315) CCC Help Portuguese (Version: 2013.0424.1224.20315) CCC Help Russian (Version: 2013.0424.1224.20315) CCC Help Spanish (Version: 2013.0424.1224.20315) CCC Help Swedish (Version: 2013.0424.1224.20315) CCC Help Thai (Version: 2013.0424.1224.20315) Cisco EAP-FAST Module (Version: 2.2.14) Cisco LEAP Module (Version: 1.0.19) Cisco PEAP Module (Version: 1.1.6) Click'N Design 3D (V5) (Version: v5.x.x) Content Manager Assistant for PlayStation® (Version: 2.00.5976.25) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX Setup (Version: 2.6.1.24) DW WLAN Card Utility (Version: 5.60.48.35) ERUNT 1.1j ESET Online Scanner v3 GmoteServer (Version: 2.0.2) Google Chrome (Version: 30.0.1599.69) Google Update Helper (Version: 1.3.21.153) iCloud (Version: 2.1.1.3) iTunes (Version: 11.0.2.26) Junk Mail filter update (Version: 16.4.3505.0912) Last.fm Scrobbler 2.1.33 Lexmark 6500 Series Lexmark Toolbar (Version: 4.0.53.0) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Security Client (Version: 4.3.0216.0) Microsoft Security Essentials (Version: 4.3.216.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Web Publishing Wizard 1.52 Movie Maker (Version: 16.4.3505.0912) Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Photo Explosion 3.0 Special Edition (Version: 3.0.0.6) Photo Gallery (Version: 16.4.3505.0912) Pinnacle Studio 14 (Version: 14.0.0.7255) Pinnacle Video Driver (Version: 12.1.0.030) PS3 Media Server (Version: 1.82.0) Quickset64 (Version: 10.5.0) QuickTime (Version: 7.73.80.64) SAMSUNG Intelli-studio SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0) Skype Click to Call (Version: 6.12.13601) Skype™ 6.0 (Version: 6.0.120) Spotify (Version: 0.9.1.57.ge7405149) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) Windows Live Communications Platform (Version: 16.4.3505.0912) Windows Live Essentials (Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3505.0912) Windows Live Mail (Version: 16.4.3505.0912) Windows Live Messenger (Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (Version: 16.4.3505.0912) Windows Live PIMT Platform (Version: 16.4.3505.0912) Windows Live SOXE (Version: 16.4.3505.0912) Windows Live SOXE Definitions (Version: 16.4.3505.0912) Windows Live UX Platform (Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (Version: 16.4.3505.0912) Windows Live Writer (Version: 16.4.3505.0912) Windows Live Writer Resources (Version: 16.4.3505.0912) WinRAR 4.20 (32-bit) (Version: 4.20.0) ========================= Devices: ================================ Name: Standard Enhanced PCI to USB Host Controller Description: Standard Enhanced PCI to USB Host Controller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbehci Name: PCI standard host CPU bridge Description: PCI standard host CPU bridge Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) Description: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Name: System timer Description: System timer Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Microsoft System Management BIOS Driver Description: Microsoft System Management BIOS Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: mssmbios Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: WAN Miniport (IKEv2) Description: WAN Miniport (IKEv2) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasAgileVpn Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: High precision event timer Description: High precision event timer Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: WDC WD5000BEVT-75A0RT0 ATA Device Description: Disk drive Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard disk drives) Service: disk Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Standard OpenHCD USB Host Controller Description: Standard OpenHCD USB Host Controller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbohci Name: PCI standard host CPU bridge Description: PCI standard host CPU bridge Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: WAN Miniport (L2TP) Description: WAN Miniport (L2TP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: Rasl2tp Name: Direct memory access controller Description: Direct memory access controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: DW1501 Wireless-N WLAN Half-Mini Card Description: DW1501 Wireless-N WLAN Half-Mini Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: BCM43XX Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: WAN Miniport (Network Monitor) Description: WAN Miniport (Network Monitor) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Microsoft AC Adapter Description: Microsoft AC Adapter Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: CmBatt Name: WAN Miniport (IP) Description: WAN Miniport (IP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: High Definition Audio Controller Description: High Definition Audio Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Name: Standard OpenHCD USB Host Controller Description: Standard OpenHCD USB Host Controller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbohci Name: System speaker Description: System speaker Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: PCI standard host CPU bridge Description: PCI standard host CPU bridge Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: ATA Channel 0 Description: IDE Channel Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: AMD Phenom II N850 Triple-Core Processor Description: AMD Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Advanced Micro Devices Service: AmdPPM Name: WAN Miniport (IPv6) Description: WAN Miniport (IPv6) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: PCI bus Description: PCI bus Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: pci Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: System CMOS/real time clock Description: System CMOS/real time clock Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: ATA Channel 1 Description: IDE Channel Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: WAN Miniport (PPPOE) Description: WAN Miniport (PPPOE) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasPppoe Name: ATI I/O Communications Processor PCI Bus Controller Description: ATI I/O Communications Processor PCI Bus Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: ATI Service: pci Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Standard OpenHCD USB Host Controller Description: Standard OpenHCD USB Host Controller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbohci Name: PCI standard host CPU bridge Description: PCI standard host CPU bridge Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: System board Description: System board Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: WAN Miniport (PPTP) Description: WAN Miniport (PPTP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: PptpMiniport Name: ATA Channel 2 Description: IDE Channel Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: System board Description: System board Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: WAN Miniport (SSTP) Description: WAN Miniport (SSTP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasSstp Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: AMD Phenom II N850 Triple-Core Processor Description: AMD Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Advanced Micro Devices Service: AmdPPM Name: ATA Channel 3 Description: IDE Channel Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: ATI I/O Communications Processor SMBus Controller Description: ATI I/O Communications Processor SMBus Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: ATI Service: Name: PCI standard ISA bridge Description: PCI standard ISA bridge Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: msisadrv Name: AMD High Definition Audio Device Description: AMD High Definition Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Advanced Micro Devices Service: AtiHDAudioService Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: PCI standard host CPU bridge Description: PCI standard host CPU bridge Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Broadcom Virtual Wireless Adapter Description: Broadcom Virtual Wireless Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: BcmVWL Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Terminal Server Keyboard Driver Description: Terminal Server Keyboard Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: TermDD Name: Microsoft ISATAP Adapter Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Terminal Server Mouse Driver Description: Terminal Server Mouse Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: TermDD Name: Microsoft ISATAP Adapter #2 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Standard AHCI 1.0 Serial ATA Controller Description: Standard AHCI 1.0 Serial ATA Controller Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: Standard AHCI 1.0 Serial ATA Controller Service: msahci Name: High Definition Audio Controller Description: High Definition Audio Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Name: Plug and Play Software Device Enumerator Description: Plug and Play Software Device Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: swenum Name: Microsoft ISATAP Adapter #3 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: PCI Express standard Root Port Description: PCI Express standard Root Port Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: pci Name: Numeric data processor Description: Numeric data processor Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: High Definition Audio Device Description: High Definition Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Name: Atheros Bluetooth Bus Description: Atheros Bluetooth Bus Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Service: BTATH_BUS Name: AMD Phenom II N850 Triple-Core Processor Description: AMD Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Advanced Micro Devices Service: AmdPPM Name: Microsoft ISATAP Adapter #5 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Microsoft ACPI-Compliant Control Method Battery Description: Microsoft ACPI-Compliant Control Method Battery Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: CmBatt Name: Pinnacle Marvin Bus 64 Description: Pinnacle Marvin Bus 64 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Pinnacle Systems Service: MarvinBus Name: ACPI x64-based PC Description: ACPI x64-based PC Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard computers) Service: \Driver\ACPI_HAL Name: ACPI Power Button Description: ACPI Power Button Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: AMD IO Driver Description: AMD IO Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: AMD, Inc Service: amdiox64 Name: Standard Enhanced PCI to USB Host Controller Description: Standard Enhanced PCI to USB Host Controller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbehci Name: File as Volume Driver Description: File as Volume Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: blbdrive Name: ATI Mobility Radeon HD 4200 Series Description: ATI Mobility Radeon HD 4200 Series Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Advanced Micro Devices, Inc. Service: amdkmdap Name: PCI Express standard Root Port Description: PCI Express standard Root Port Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: pci Name: USB Composite Device Description: USB Composite Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbccgp Name: ACPI Lid Description: ACPI Lid Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: UMBus Root Bus Enumerator Description: UMBus Root Bus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: Composite Bus Enumerator Description: Composite Bus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: CompositeBus Name: Microsoft Virtual Drive Enumerator Driver Description: Microsoft Virtual Drive Enumerator Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: vdrvroot Name: ACPI Sleep Button Description: ACPI Sleep Button Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Integrated Webcam Description: USB Video Device Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Name: Microsoft Composite Battery Description: Microsoft Composite Battery Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: Compbatt Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Name: Volume Manager Description: Volume Manager Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: volmgr Name: Standard Enhanced PCI to USB Host Controller Description: Standard Enhanced PCI to USB Host Controller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbehci Name: PCI standard host CPU bridge Description: PCI standard host CPU bridge Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Microsoft Windows Management Interface for ACPI Description: Microsoft Windows Management Interface for ACPI Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: WmiAcpi Name: PCI standard PCI-to-PCI bridge Description: PCI standard PCI-to-PCI bridge Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: pci Name: ACPI Fixed Feature Button Description: ACPI Fixed Feature Button Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Microsoft ACPI-Compliant System Description: Microsoft ACPI-Compliant System Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: ACPI Name: TSSTcorp DVD+-RW TS-L633C ATA Device Description: CD-ROM Drive Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Name: Programmable interrupt controller Description: Programmable interrupt controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: ========================= Memory info: =================================== Percentage of memory in use: 15% Total physical RAM: 3835.93 MB Available physical RAM: 3222.94 MB Total Pagefile: 7670.04 MB Available Pagefile: 7082.16 MB Total Virtual: 4095.88 MB Available Virtual: 3976.04 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:451.01 GB) (Free:220.64 GB) NTFS 2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF ========================= Users: ======================================== User accounts for \\BUTCH-PC Administrator Butch Guest ========================= Minidump Files ================================== **** End of log ****
  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by Butch at 2013-10-12 00:28:50 Run:1 Running from C:\Users\Butch\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** DeleteJunctionsInDirectory: C:\Program Files\Windows Defender DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client ***************** "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
  9. Which of thse boxes should be checked when running the disk scan?
  10. Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (24.0) Google Chrome 30.0.1599.66 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  11. Done. No link appeared for Open Report, though. Is there somewhere where this file is automatically saved?
  12. I have 56 threats but under Action it only gives me the options to Move or Delete instead Cure or Ignore.
  13. Yup. Computer is just acting up more than ever now. I'll get it down when I get home today a different way though.
  14. ComboFix 13-09-28.02 - Butch 09/29/2013 16:56:13.9.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2444 [GMT -4:00] Running from: c:\users\Butch\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-29 ))))))))))))))))))))))))))))))) . . 2013-09-29 21:38 . 2013-09-29 21:38 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-09-29 21:38 . 2013-09-29 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-29 19:48 . 2013-09-05 02:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5F96A4B-489D-4A25-9FFD-2D5229CFAA6C}\mpengine.dll 2013-09-27 22:13 . 2013-09-05 02:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-20 23:38 . 2013-09-20 23:30 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62F1B52C-E8F4-414B-A143-189F40D5F95D}\gapaengine.dll 2013-09-20 23:23 . 2013-09-20 23:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-09-20 23:22 . 2013-09-20 23:23 -------- d-----w- c:\program files\Microsoft Security Client 2013-09-12 07:32 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-12 07:32 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-12 07:32 . 2013-08-10 05:20 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-12 07:29 . 2013-08-10 05:20 701952 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2013-09-12 07:28 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-09-12 01:39 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-09-12 01:36 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys 2013-09-12 01:36 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-09-12 01:36 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-09-10 03:26 . 2013-09-10 03:26 -------- d-----w- C:\FRST 2013-09-09 05:42 . 2013-09-09 05:42 -------- d-----w- c:\program files (x86)\ESET 2013-09-08 18:07 . 2013-09-11 20:45 -------- d-----w- C:\AdwCleaner 2013-09-06 22:07 . 2013-09-08 07:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-09-04 02:10 . 2013-09-04 02:10 -------- d-----w- c:\program files (x86)\ERUNT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-20 05:25 . 2012-10-09 06:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-20 05:25 . 2012-10-09 06:15 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-21 20:43 . 2013-08-21 20:43 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2013-08-20 08:55 . 2013-05-12 23:13 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-08-02 01:48 . 2013-09-12 01:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-25 09:25 . 2013-08-21 09:45 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-21 09:45 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58 . 2013-08-21 09:48 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-21 09:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-09 05:52 . 2013-08-20 00:33 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-21 09:42 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-20 00:33 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-20 00:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-20 00:33 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-21 09:44 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-20 00:33 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-20 00:33 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-20 00:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-20 00:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-07-06 06:03 . 2013-08-21 09:45 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2010-02-10 307880] "PhotoExplosionCalCheck"="c:\program files (x86)\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\System32\drivers\SMR322.SYS;c:\windows\SYSNATIVE\drivers\SMR322.SYS [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] R3 AWiCSrvc;AWiCSrvc;c:\program files (x86)\Atheros\AWiCSrvc.exe;c:\program files (x86)\Atheros\AWiCSrvc.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [x] S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe;c:\windows\SYSNATIVE\lxdfcoms.exe [x] S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdfserv.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-20 00:00 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 05:25] . 2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31 03:49] . 2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31 03:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AWiC"="c:\program files (x86)\Atheros\AWiCMgr.exe" [2010-11-11 167936] "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536] "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896] "lxdfmon.exe"="c:\program files (x86)\Lexmark 6500 Series\lxdfmon.exe" [2010-02-10 455336] "lxdfamon"="c:\program files (x86)\Lexmark 6500 Series\lxdfamon.exe" [2010-02-10 25256] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Butch\AppData\Roaming\Mozilla\Firefox\Profiles\1xuzf5mh.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-29 17:48:26 ComboFix-quarantined-files.txt 2013-09-29 21:48 ComboFix2.txt 2013-09-23 08:16 ComboFix3.txt 2013-09-05 14:12 ComboFix4.txt 2013-09-04 21:25 ComboFix5.txt 2013-09-29 20:46 . Pre-Run: 237,239,492,608 bytes free Post-Run: 237,212,356,608 bytes free . - - End Of File - - 406E0B83116F339649E85A4F7081CCC0 A36C5E4F47E84449FF07ED3517B43A31
  15. https://www.virustotal.com/en/file/01eb95fa3943cf3c6b1a21e473a5c3cb9fcbce46913b15c96cac14e4f04075b4/analysis/1380382746/
  16. Ehh.. it says Microsoft Security Essentials was enabled. I thought I completely shut it down before scanning. Should I try it again?
  17. ComboFix 13-09-22.01 - Butch 09/23/2013 3:22.8.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2536 [GMT -4:00] Running from: c:\users\Butch\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Butch\AppData\Local\Google\Chrome\User Data\Default\Preferences . c:\windows\SysWow64\user32.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2013-08-23 to 2013-09-23 ))))))))))))))))))))))))))))))) . . 2013-09-23 08:05 . 2013-09-23 08:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-09-23 08:05 . 2013-09-23 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-22 17:09 . 2013-09-05 02:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C17A6BA8-28CF-4515-B226-10C1BBD1FCC5}\mpengine.dll 2013-09-21 08:38 . 2013-09-05 02:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-20 23:38 . 2013-09-20 23:30 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62F1B52C-E8F4-414B-A143-189F40D5F95D}\gapaengine.dll 2013-09-20 23:23 . 2013-09-20 23:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-09-20 23:22 . 2013-09-20 23:23 -------- d-----w- c:\program files\Microsoft Security Client 2013-09-12 07:32 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-12 07:32 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-12 07:32 . 2013-08-10 05:20 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-12 07:29 . 2013-08-10 05:20 701952 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2013-09-12 07:28 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-09-12 01:39 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-09-12 01:36 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys 2013-09-12 01:36 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-09-12 01:36 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-09-10 03:26 . 2013-09-10 03:26 -------- d-----w- C:\FRST 2013-09-09 05:42 . 2013-09-09 05:42 -------- d-----w- c:\program files (x86)\ESET 2013-09-08 18:07 . 2013-09-11 20:45 -------- d-----w- C:\AdwCleaner 2013-09-06 22:07 . 2013-09-08 07:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-09-04 02:10 . 2013-09-04 02:10 -------- d-----w- c:\program files (x86)\ERUNT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-20 05:25 . 2012-10-09 06:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-20 05:25 . 2012-10-09 06:15 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-21 20:43 . 2013-08-21 20:43 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2013-08-20 08:55 . 2013-05-12 23:13 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-08-02 01:48 . 2013-09-12 01:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-25 09:25 . 2013-08-21 09:45 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-21 09:45 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58 . 2013-08-21 09:48 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-21 09:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-09 05:52 . 2013-08-20 00:33 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-21 09:42 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-20 00:33 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-20 00:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-20 00:33 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-21 09:44 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-20 00:33 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-20 00:33 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-20 00:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-20 00:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-07-06 06:03 . 2013-08-21 09:45 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2010-02-10 307880] "PhotoExplosionCalCheck"="c:\program files (x86)\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\System32\drivers\SMR322.SYS;c:\windows\SYSNATIVE\drivers\SMR322.SYS [x] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] R3 AWiCSrvc;AWiCSrvc;c:\program files (x86)\Atheros\AWiCSrvc.exe;c:\program files (x86)\Atheros\AWiCSrvc.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [x] S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe;c:\windows\SYSNATIVE\lxdfcoms.exe [x] S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdfserv.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-20 00:00 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 05:25] . 2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31 03:49] . 2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31 03:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AWiC"="c:\program files (x86)\Atheros\AWiCMgr.exe" [2010-11-11 167936] "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536] "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896] "lxdfmon.exe"="c:\program files (x86)\Lexmark 6500 Series\lxdfmon.exe" [2010-02-10 455336] "lxdfamon"="c:\program files (x86)\Lexmark 6500 Series\lxdfamon.exe" [2010-02-10 25256] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Butch\AppData\Roaming\Mozilla\Firefox\Profiles\1xuzf5mh.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-23 04:16:24 ComboFix-quarantined-files.txt 2013-09-23 08:16 ComboFix2.txt 2013-09-05 14:12 ComboFix3.txt 2013-09-04 21:25 ComboFix4.txt 2013-08-20 04:30 ComboFix5.txt 2013-09-23 07:11 . Pre-Run: 236,120,997,888 bytes free Post-Run: 236,665,946,112 bytes free . - - End Of File - - B4F7ED7AA8804B34D12F9EC61E89B701 A36C5E4F47E84449FF07ED3517B43A31
  18. Yes and it worked. Have been trying to run the scan the past few days. Having a bit of issues with it.
  19. Not able to uninstall AVG. I hit Uninstall and nothing happens. If I press it again it says "Please wait until the current program is finished uninstalling or being changed". I pressed Uninstall and left it overnight to see if it'd do anything. Nothing. :/
  20. Sorry - busy weekend/week. I'll get started on these now.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.