Jump to content

coleharperkc

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. coleharperkc
    Everything is working perfectly Thank you so much CatByte all your help was appreciated.
  2. coleharperkc
    Everything seems to be running fine do you think the viruses are gone now? Updated both adobe and service pack and have security essentials going.
  3. coleharperkc
    RogueKiller V8.5.3 _x64_ [Mar 16 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Cole [Admin rights] Mode : Scan -- Date : 03/16/2013 19:51:00 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10 EADS-65M2B1 SCSI Disk Device +++++ --- User --- [MBR] fdefa70f5cb93b7421a1d194918a91b5 [bSP] 81bf8ab4c8f11b7f6f57ab462148d465 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942584 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930618880 | Size: 11183 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_03162013_02d1951.txt >> RKreport[1]_S_03162013_02d1951.txt RogueKiller V8.5.3 _x64_ [Mar 16 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Cole [Admin rights] Mode : Remove -- Date : 03/16/2013 19:51:52 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10 EADS-65M2B1 SCSI Disk Device +++++ --- User --- [MBR] fdefa70f5cb93b7421a1d194918a91b5 [bSP] 81bf8ab4c8f11b7f6f57ab462148d465 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942584 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930618880 | Size: 11183 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_03162013_02d1951.txt >> RKreport[1]_S_03162013_02d1951.txt ; RKreport[2]_D_03162013_02d1951.txt RogueKiller V8.5.3 _x64_ [Mar 16 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Cole [Admin rights] Mode : Shortcuts HJfix -- Date : 03/16/2013 19:52:42 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 4 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 10 / Fail 0 Start menu: Success 1 / Fail 0 User folder: Success 80 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 2 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 169 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped [F:] \Device\HarddiskVolume4 -- 0x2 --> Restored [G:] \Device\HarddiskVolume5 -- 0x2 --> Restored [H:] \Device\HarddiskVolume6 -- 0x2 --> Restored [i:] \Device\HarddiskVolume7 -- 0x2 --> Restored [J:] \Device\HarddiskVolume8 -- 0x2 --> Restored Finished : << RKreport[3]_SC_03162013_02d1952.txt >> RKreport[1]_S_03162013_02d1951.txt ; RKreport[2]_D_03162013_02d1951.txt ; RKreport[3]_SC_03162013_02d1952.txt
  4. coleharperkc
    My computer doesn't seem to be working with Avira very well and I am unable to get realtime protection from it for some reason. I recently applied an update, but now it isn't working at all. Otherwise I have been experiencing similar things like in the past, slow start-up and crashes when I open a program. Should I try and fully delete Avira and perhaps use another program? When I updated it, Avira mentioned something about being incompatible with Malawarbytes and I tried to uninstall it, but I couldn't. ComboFix 13-03-14.02 - Cole 03/14/2013 7:43.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4807 [GMT -5:00] Running from: c:\users\Cole\Desktop\ComboFix.exe Command switches used :: c:\users\Cole\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Cole\AppData\Local\Temp\AskSLib.dll" "c:\users\Cole\Downloads\avira_free_antivirus_en.exe" "c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EYMCV0O\bdd6ee399bacd9cd[1].htm" "c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[2].htm" "c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3EI8A13G\video17637[1].htm" "c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57KR89QW\bdd6ee399bacd9cd[1].htm" "c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CTTP21VG\giftrewardcentral_net[1].htm" "c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQSMQDH4\video17637[1].htm" "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0" "c:\windows\temp\AVSETUP_5140b3c2\ApnIC.dll" "c:\windows\temp\AVSETUP_5140b3c2\ApnToolbarInstaller.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Cole\Downloads\avira_free_antivirus_en.exe c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EYMCV0O\bdd6ee399bacd9cd[1].htm c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[2].htm c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3EI8A13G\video17637[1].htm c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57KR89QW\bdd6ee399bacd9cd[1].htm c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CTTP21VG\giftrewardcentral_net[1].htm c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQSMQDH4\video17637[1].htm c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 . . ((((((((((((((((((((((((( Files Created from 2013-02-14 to 2013-03-14 ))))))))))))))))))))))))))))))) . . 2013-03-14 12:48 . 2013-03-14 12:48 -------- d-----w- c:\users\Kathy\AppData\Local\temp 2013-03-14 12:48 . 2013-03-14 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-14 12:48 . 2013-03-14 12:48 -------- d-----w- c:\users\Bill\AppData\Local\temp 2013-03-14 12:48 . 2013-03-14 12:48 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-03-14 08:02 . 2013-02-02 06:51 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-03-14 08:02 . 2013-02-02 06:50 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-03-14 08:02 . 2013-02-02 03:32 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2013-03-14 08:02 . 2013-02-02 03:31 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2013-03-14 08:02 . 2013-02-02 07:31 17815040 ----a-w- c:\windows\system32\mshtml.dll 2013-03-14 08:02 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll 2013-03-14 08:01 . 2013-03-14 08:01 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-14 08:01 . 2013-03-14 08:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-13 23:38 . 2013-03-13 23:38 -------- d-----w- c:\program files (x86)\Ask.com 2013-03-13 23:38 . 2013-03-13 23:38 -------- d-----w- C:\Firefox 2013-03-13 23:38 . 2013-03-13 23:38 -------- d-----w- c:\users\Cole\AppData\Local\APN 2013-03-13 23:14 . 2013-03-13 23:14 -------- d-----w- c:\users\Cole\AppData\Roaming\Avira 2013-03-13 20:11 . 2013-03-13 17:10 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-13 20:11 . 2013-03-13 17:10 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-13 20:11 . 2013-03-13 17:10 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-13 20:10 . 2013-03-13 23:38 -------- d-----w- c:\programdata\Avira 2013-03-13 20:10 . 2013-03-13 20:10 -------- d-----w- c:\program files (x86)\Avira 2013-03-13 17:23 . 2013-03-13 17:23 -------- d-----w- c:\program files (x86)\ESET 2013-03-08 21:54 . 2013-03-08 21:54 -------- d-----w- c:\windows\ERUNT 2013-03-08 16:15 . 2013-03-08 21:54 -------- d-----w- C:\JRT 2013-03-08 00:12 . 2013-03-08 00:12 -------- d-----w- c:\users\Bill.Harper-PC 2013-02-18 02:00 . 2012-05-29 21:53 27456 ----a-w- c:\windows\system32\drivers\cpqdfw.sys 2013-02-18 01:56 . 2013-02-18 01:56 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-02-14 22:17 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 22:17 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 21:11 . 2013-01-05 05:57 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-14 21:11 . 2013-01-05 05:02 3957608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-14 21:11 . 2013-01-05 05:02 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-14 08:04 . 2010-06-25 05:48 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 13:45 . 2012-10-22 04:58 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 13:45 . 2011-10-08 08:14 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-04 04:43 . 2013-02-14 21:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 16:52 . 2012-12-20 23:38 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-20 23:38 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-20 23:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-20 23:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 22:49 . 2013-01-14 21:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2013-02-08 20:10 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-13 385248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-13 565472] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-25 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-13 27800] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-13 86752] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856] . . Contents of the 'Scheduled Tasks' folder . 2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 13:45] . 2013-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001Core.job - c:\users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 22:43] . 2013-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001UA.job - c:\users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 22:43] . 2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001Core.job - c:\users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 12:28] . 2013-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001UA.job - c:\users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 12:28] . 2013-02-18 c:\windows\Tasks\HPCeeScheduleForCole.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . 2013-03-04 c:\windows\Tasks\HPCeeScheduleForKathy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360] "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520] "EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272] . ------- Supplementary Scan ------- . uStart Page = hxxp://search.avira.com/?l=dis&o=APN10266&gct=hp&dc=US&locale=en_US uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.0.1 76.7.255.188 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-PC-Doctor for Windows localizer - c:\program files\PC-Doctor for Windows\localizer.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-14 07:50:26 ComboFix-quarantined-files.txt 2013-03-14 12:50 ComboFix2.txt 2013-03-08 04:53 . Pre-Run: 925,383,479,296 bytes free Post-Run: 925,100,335,104 bytes free . - - End Of File - - 19131E335E4E23588B570F2A4452E5CA Results of screen317's Security Check version 0.99.61 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.152 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  5. coleharperkc
    <p> </p> <div>-Sorry it took so long to get back to you CatByte, I was busy and at one point after the first scan, my computer was acting very odd and would crash often. I hope it is alright that the scans were not all done on the same day.</div> <div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div> <div>Junkware Removal Tool (JRT) by Thisisu</div> <div>Version: 4.6.9 (03.06.2013:1)</div> <div>OS: Windows 7 Home Premium x64</div> <div>Ran by Cole on Fri 03/08/2013 at 15:54:55.89</div> <div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div> <div> </div> <div> </div> <div> </div> <div> </div> <div>~~~ Services</div> <div> </div> <div> </div> <div> </div> <div>~~~ Registry Values</div> <div> </div> <div>Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} </div> <div> </div> <div> </div> <div> </div> <div>~~~ Registry Keys</div> <div> </div> <div>Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin</div> <div>Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1</div> <div>Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}</div> <div>Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}</div> <div>Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}</div> <div> </div> <div> </div> <div> </div> <div>~~~ Files</div> <div> </div> <div>Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"</div> <div> </div> <div> </div> <div> </div> <div>~~~ Folders</div> <div> </div> <div> </div> <div> </div> <div>~~~ Event Viewer Logs were cleared</div> <div> </div> <div> </div> <div> </div> <div> </div> <div> </div> <div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div> <div>Scan was completed on Fri 03/08/2013 at 16:00:20.71</div> <div>End of JRT log</div> <div>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div> <div> </div> <div> <div># AdwCleaner v2.114 - Logfile created 03/11/2013 at 00:28:50</div> <div># Updated 05/03/2013 by Xplode</div> <div># Operating system : Windows 7 Home Premium (64 bits)</div> <div># User : Cole - HARPER-PC</div> <div># Boot Mode : Normal</div> <div># Running from : C:\Users\Cole\Desktop\AdwCleaner.exe</div> <div># Option [Delete]</div> <div> </div> <div> </div> <div>***** [services] *****</div> <div> </div> <div> </div> <div>***** [Files / Folders] *****</div> <div> </div> <div>File Deleted : C:\Users\Public\Desktop\eBay.lnk</div> <div> </div> <div>***** [Registry] *****</div> <div> </div> <div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}</div> <div>Key Deleted : HKLM\SOFTWARE\Software</div> <div> </div> <div>***** [internet Browsers] *****</div> <div> </div> <div>-\\ Internet Explorer v9.0.8112.16464</div> <div> </div> <div>[OK] Registry is clean.</div> <div> </div> <div>-\\ Google Chrome v25.0.1364.152</div> <div> </div> <div>File : C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Preferences</div> <div> </div> <div>[OK] File is clean.</div> <div> </div> <div>*************************</div> <div> </div> <div>AdwCleaner[s1].txt - [847 octets] - [11/03/2013 00:28:50]</div> <div> </div> <div>########## EOF - C:\AdwCleaner[s1].txt - [906 octets] ##########</div> <div> </div> <div> <div>Malwarebytes Anti-Malware 1.70.0.1100</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2013.03.13.09</div> <div> </div> <div>Windows 7 x64 NTFS</div> <div>Internet Explorer 9.0.8112.16421</div> <div>Cole :: HARPER-PC [administrator]</div> <div> </div> <div>3/13/2013 12:17:11 PM</div> <div>mbam-log-2013-03-13 (12-17-11).txt</div> <div> </div> <div>Scan type: Quick scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 296531</div> <div>Time elapsed: 2 minute(s), 17 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div> </div> </div> <p>Aaaand...the ESET Scan</p> <p> </p> <p> </p> <div>C:\Users\Cole\AppData\Local\Temp\AskSLib.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div> <div>C:\Users\Cole\Downloads\avira_free_antivirus_en.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div> <div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EYMCV0O\bdd6ee399bacd9cd[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>JS/TrojanDownloader.FraudLoad.NAY trojan</div> <div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/Iframe.B.Gen virus</div> <div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CK4ZJFN\video17637[2].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/Iframe.B.Gen virus</div> <div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3EI8A13G\video17637[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/Iframe.B.Gen virus</div> <div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57KR89QW\bdd6ee399bacd9cd[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>JS/TrojanDownloader.FraudLoad.NAY trojan</div> <div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CTTP21VG\giftrewardcentral_net[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus</div> <div>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQSMQDH4\video17637[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/Iframe.B.Gen virus</div> <div>C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div> <div>C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div> <div>C:\Windows\temp\AVSETUP_5140b3c2\ApnIC.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div> <div>C:\Windows\temp\AVSETUP_5140b3c2\ApnToolbarInstaller.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div> <div> </div>
  6. coleharperkc
    ComboFix 13-03-07.03 - Cole 03/07/2013 22:44:41.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4487 [GMT -6:00] Running from: c:\users\Cole\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\6a32a696-3e6a-4959-8fac-ff924a511f43.ico c:\users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus Pro.lnk c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-02-08 to 2013-03-08 ))))))))))))))))))))))))))))))) . . 2013-03-08 04:50 . 2013-03-08 04:50 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-03-08 04:50 . 2013-03-08 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-08 00:12 . 2013-03-08 00:12 -------- d-----w- c:\users\Bill.Harper-PC 2013-02-18 02:00 . 2012-05-29 21:53 27456 ----a-w- c:\windows\system32\drivers\cpqdfw.sys 2013-02-18 01:56 . 2013-02-18 01:56 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-02-14 22:17 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 22:17 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 22:15 . 2013-01-09 01:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-14 22:15 . 2013-01-08 21:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-02-14 22:15 . 2013-01-09 01:53 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-02-14 22:15 . 2013-01-09 01:09 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2013-02-14 22:15 . 2013-01-09 01:04 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-14 22:15 . 2013-01-09 01:00 248320 ----a-w- c:\windows\system32\ieui.dll 2013-02-14 22:15 . 2013-01-08 22:42 149528 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2013-02-14 22:15 . 2013-01-08 22:00 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll 2013-02-14 22:15 . 2013-01-08 21:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-02-14 21:11 . 2013-01-05 05:57 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-14 21:11 . 2013-01-05 05:02 3957608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-14 21:11 . 2013-01-05 05:02 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-06 22:11 . 2013-02-06 22:11 -------- d-----w- c:\users\Cole\AppData\Roaming\CyberLink . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-26 21:45 . 2012-10-22 04:58 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-26 21:45 . 2011-10-08 08:14 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-14 22:19 . 2010-06-25 05:48 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-04 04:43 . 2013-02-14 21:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 16:52 . 2012-12-20 23:38 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-20 23:38 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-20 23:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-20 23:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 22:49 . 2013-01-14 21:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-25 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-04 86224] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856] . . Contents of the 'Scheduled Tasks' folder . 2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 21:45] . 2013-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001Core.job - c:\users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 22:43] . 2013-03-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001UA.job - c:\users\Cole\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 22:43] . 2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001Core.job - c:\users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 12:28] . 2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428569062-3262642124-3831323437-1001UA.job - c:\users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 12:28] . 2013-02-18 c:\windows\Tasks\HPCeeScheduleForCole.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . 2013-03-04 c:\windows\Tasks\HPCeeScheduleForKathy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . 2012-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360] "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728] "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520] "EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 76.7.255.188 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-99445418.sys AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-07 22:53:58 ComboFix-quarantined-files.txt 2013-03-08 04:53 . Pre-Run: 921,624,252,416 bytes free Post-Run: 923,082,354,688 bytes free . - - End Of File - - DC3B7E0A3831034DB88DF1B60C03F31C
  7. coleharperkc
    I don't really use this computer too terribly often, but I have seen some inexplicably slow responses and similar crashes and freezes that correlate with my previous virus experiences. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-03-06 21:41:58 ----------------------------- 21:41:58.967 OS Version: Windows x64 6.1.7600 21:41:58.967 Number of processors: 4 586 0x502 21:41:58.967 ComputerName: HARPER-PC UserName: Cole 21:42:01.952 Initialize success 22:04:30.509 AVAST engine defs: 13030601 22:06:46.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 22:06:46.760 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3 22:06:46.790 Disk 0 MBR read successfully 22:06:46.796 Disk 0 MBR scan 22:06:46.808 Disk 0 unknown MBR code 22:06:46.815 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:06:46.835 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942584 MB offset 206848 22:06:46.885 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11183 MB offset 1930618880 22:06:46.947 Disk 0 scanning C:\Windows\system32\drivers 22:06:56.855 Service scanning 22:07:18.160 Modules scanning 22:07:18.177 Disk 0 trace - called modules: 22:07:18.201 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 22:07:18.208 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e5b060] 22:07:18.213 3 CLASSPNP.SYS[fffff8800193843f] -> nt!IofCallDriver -> [0xfffffa8004ea1e40] 22:07:18.220 5 ACPI.sys[fffff88000f25781] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80058ef9c0] 22:07:22.137 AVAST engine scan C:\Windows 22:07:30.385 AVAST engine scan C:\Windows\system32 22:13:06.550 AVAST engine scan C:\Windows\system32\drivers 22:14:14.526 Disk 0 MBR has been saved successfully to "C:\Users\Cole\Desktop\MBR.dat" 22:14:14.532 The log file has been saved successfully to "C:\Users\Cole\Desktop\aswMBR.txt" 22:14:21.009 AVAST engine scan C:\Users\Cole 22:19:24.428 AVAST engine scan C:\ProgramData 22:20:36.799 Scan finished successfully 22:20:47.538 Disk 0 MBR has been saved successfully to "C:\Users\Cole\Desktop\MBR.dat" 22:20:47.542 The log file has been saved successfully to "C:\Users\Cole\Desktop\aswMBR.txt" MBR.zip
  8. coleharperkc
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/24/2010 7:06:18 PM System Uptime: 3/6/2013 3:54:51 PM (3 hours ago) . Motherboard: PEGATRON CORPORATION | | VIOLET6 Processor: AMD Athlon II X4 630 Processor | CPU 1 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 920 GiB total, 858.106 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.589 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: NVIDIA nForce Networking Controller Device ID: PCI\VEN_10DE&DEV_0760&SUBSYS_2A9E103C&REV_A2\3&267A616A&0&50 Manufacturer: NVIDIA Name: NVIDIA nForce 10/100 Mbps Ethernet PNP Device ID: PCI\VEN_10DE&DEV_0760&SUBSYS_2A9E103C&REV_A2\3&267A616A&0&50 Service: NVNET . ==== System Restore Points =================== . RP153: 2/14/2013 4:14:29 PM - Windows Update RP154: 2/17/2013 7:57:08 PM - Installed HP Support Assistant RP155: 2/17/2013 8:01:33 PM - Windows Modules Installer RP156: 2/17/2013 8:02:48 PM - Windows Modules Installer RP157: 2/26/2013 3:37:47 PM - Scheduled Checkpoint RP158: 3/6/2013 12:34:49 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.5) Adobe Shockwave Player 11.6 Avira Free Antivirus Compatibility Pack for the 2007 Office system D3DX10 Diablo III Beta DirectX for Managed Code Update (Summer 2004) DVD Menu Pack for HP MediaSmart Video Facebook Video Calling 1.2.0.287 Google Chrome Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.2.1.1 HP Advisor HP Customer Experience Enhancements HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP MediaSmart/TouchSmart Netflix HP Odometer HP Remote Solution HP Setup HP Support Assistant HP Support Information HP Update Hulu Desktop Junk Mail filter update LabelPrint Lexmark 5600-6600 Series Lexmark Printable Web Lexmark Tools for Office Lexmark Universal v2 Uninstaller LightScribe System Software Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Application Error Reporting Microsoft Live Search Toolbar Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Home and Student 60 day trial Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Rise Of Nations Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Movie Theme Pack for HP MediaSmart Video MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser Norton Online Backup NVIDIA Drivers PictureMover PlayReady PC Runtime amd64 Power2Go PowerDirector Realtek High Definition Audio Driver Recovery Manager Rise of Nations Thrones and Patriots Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 6.1 swMSM Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 3/6/2013 4:10:50 PM, Error: Service Control Manager [7022] - The Server service hung on starting. 3/6/2013 3:54:27 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 2/27/2013 6:40:28 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 2/27/2013 6:40:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 2/27/2013 6:40:25 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846. 2/27/2013 6:40:25 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown. 2/27/2013 6:40:25 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 Run by Cole at 18:24:50 on 2013-03-06 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3578 [GMT -6:00] . AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\lxducoms.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\explorer.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Users\Cole\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll uRun: [Google Update] "C:\Users\Cole\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 76.7.255.188 TCP: Interfaces\{FBBBE36F-F340-4CE6-BE40-75613EBEE305} : DHCPNameServer = 192.168.0.1 76.7.255.188 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe x64-Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe" x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-8-3 27760] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-8-3 86224] R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-8-3 110032] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-8-3 98848] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-24 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-24 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-02-18 02:00:08 27456 ----a-w- C:\Windows\System32\drivers\cpqdfw.sys 2013-02-18 01:56:56 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-02-14 22:17:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 22:17:05 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 22:15:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-14 22:15:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-14 22:15:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-14 22:15:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll 2013-02-14 22:15:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2013-02-14 22:15:00 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2013-02-14 22:15:00 149528 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2013-02-14 21:11:32 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-14 21:11:31 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-14 21:11:31 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ==================== Find3M ==================== . 2013-02-26 21:45:13 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 21:45:13 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll 2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs . ============= FINISH: 18:24:59.34 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.