Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I've just been infected with a bootkit.


  • Please log in to reply
4 replies to this topic

#1 BCMusic

BCMusic

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:05:32 AM

Posted 31 August 2013 - 07:48 PM

I haven't restarted the PC yet (I'm afraid to do so,) but here are the symptoms:

 

1. Files are being infected/altered.

2. Start-up entries are being deleted

3. Tasks are being killed

4. Killed tasks are then altered by the infection and cannot be deleted.

 

Regarding number 1. As examples, F.lux and Steam executables are currently showing as the same exact size right down to the bit. These two programs were active tasks until being killed and subsequently altered. They cannot be deleted by any means (Unlocker, LockHunter, CMD force delete, taking ownership, etc.) I've removed suspicious scheduled tasks and start-up entries/autoruns, but I'm not sure it's completely gone. I've been running WinPatrol which is how I initially found out by being alerted of start-up entries having been removed automatically.

 

I will admit right here that this infection came from a torrent. It was (supposed to be) a legit torrent, but that doesn't matter at this point.


Edited by BCMusic, 31 August 2013 - 07:50 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:32 AM

Posted 31 August 2013 - 08:14 PM

Hello, BCMusic (hmm is that BleepingComuter music?? LOL)

These are dangerous infections. You should back up important data.
Can you run these?
 
Malwarebytes Anti-Rootkit
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
 
 
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

 
 
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:05:32 AM

Posted 31 August 2013 - 08:57 PM

MBAR Log

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
 
Database version: v2013.08.31.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Steve :: STEVE-PC [administrator]
 
8/31/2013 8:00:38 PM
mbar-log-2013-08-31 (20-00-38).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 339909
Time elapsed: 13 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Steve\AppData\Local\Temp\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

MBAR System-Log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 8562434048, free: 5992341504
 
Downloaded database version: v2013.08.31.05
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     08/31/2013 20:00:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\BUSB2902.sys
\SystemRoot\system32\drivers\busbwdm.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\uxpatch.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008341060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa8008893b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007b28060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
Lower Device Object: 0xfffffa8006b29680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b28060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800796d900, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b28060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006b29680, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E710D
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 396305437
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 396307485  Numsec = 1557212580
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008341060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008894b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008341060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008893b60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4B57300
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 18956637
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 18956700  Numsec = 606180645
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072932352 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Users\Steve\AppData\Local\Temp\spoolsv.exe --> [Heuristics.Reserved.Word.Exploit]
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished


#4 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:05:32 AM

Posted 31 August 2013 - 09:00 PM

aswMBR Log

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-08-31 20:26:16
-----------------------------
20:26:16.443    OS Version: Windows x64 6.1.7601 Service Pack 1
20:26:16.443    Number of processors: 4 586 0x403
20:26:16.444    ComputerName: STEVE-PC  UserName: Steve
20:26:17.659    Initialize success
20:28:05.207    AVAST engine defs: 13083101
20:28:22.128    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6
20:28:22.134    Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 11
20:28:22.242    Disk 0 MBR read successfully
20:28:22.248    Disk 0 MBR scan
20:28:22.331    Disk 0 Windows 7 default MBR code
20:28:22.333    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       193508 MB offset 2048
20:28:22.368    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       760357 MB offset 396307485
20:28:22.422    Disk 0 scanning C:\Windows\system32\drivers
20:28:37.557    Service scanning
20:29:11.691    Modules scanning
20:29:11.710    Disk 0 trace - called modules:
20:29:11.736    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
20:29:11.739    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b28060]
20:29:11.751    3 CLASSPNP.SYS[fffff880015b143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0xfffffa8006b29680]
20:29:13.488    AVAST engine scan C:\Windows
20:29:15.567    AVAST engine scan C:\Windows\system32
20:33:53.213    AVAST engine scan C:\Windows\system32\drivers
20:34:21.798    AVAST engine scan C:\Users\Steve
20:48:25.747    AVAST engine scan C:\ProgramData
20:53:08.546    Scan finished successfully
20:53:23.451    Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
20:53:23.500    The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"


MiniToolBox Log

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Steve (administrator) on 31-08-2013 at 20:54:14
Running from "C:\Users\Steve\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet8" address=192.168.203.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.31.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Steve-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : BC-5F-F4-84-AD-2E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::99e3:647a:a3ad:5ee0%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, August 30, 2013 7:27:48 AM
   Lease Expires . . . . . . . . . . : Sunday, September 01, 2013 7:05:15 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 247226356
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-80-D4-E6-BC-5F-F4-84-AD-2E
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VMware Network Adapter VMnet1:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::90d9:3b27:e143:456%16(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.31.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 352342102
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-80-D4-E6-BC-5F-F4-84-AD-2E
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VMware Network Adapter VMnet8:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a0eb:e97:4130:7ad4%17(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.203.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 369119318
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-80-D4-E6-BC-5F-F4-84-AD-2E
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{CCB34AF8-B8AB-4F51-8D7D-4FC954B91F4D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{BF5B6034-57FD-4ECE-A034-E82FD30AC55F}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A06FFB06-CAFC-4AC6-8E07-BE9B774EE42F}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4000:802::1005
 74.125.227.196
 74.125.227.195
 74.125.227.193
 74.125.227.198
 74.125.227.192
 74.125.227.194
 74.125.227.206
 74.125.227.197
 74.125.227.201
 74.125.227.200
 74.125.227.199
 
 
Pinging google.com [173.194.46.9] with 32 bytes of data:
Reply from 173.194.46.9: bytes=32 time=21ms TTL=55
Reply from 173.194.46.9: bytes=32 time=20ms TTL=55
 
Ping statistics for 173.194.46.9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 21ms, Average = 20ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=62ms TTL=49
Reply from 206.190.36.45: bytes=32 time=63ms TTL=49
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 63ms, Average = 62ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...bc 5f f4 84 ad 2e ......Realtek PCIe GBE Family Controller
 16...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 17...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.9     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.9    276
      192.168.1.9  255.255.255.255         On-link       192.168.1.9    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.9    276
     192.168.31.0    255.255.255.0         On-link      192.168.31.1    276
     192.168.31.1  255.255.255.255         On-link      192.168.31.1    276
   192.168.31.255  255.255.255.255         On-link      192.168.31.1    276
    192.168.203.0    255.255.255.0         On-link     192.168.203.1    276
    192.168.203.1  255.255.255.255         On-link     192.168.203.1    276
  192.168.203.255  255.255.255.255         On-link     192.168.203.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.9    276
        224.0.0.0        240.0.0.0         On-link     192.168.203.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.31.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.9    276
  255.255.255.255  255.255.255.255         On-link     192.168.203.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.31.1    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 17    276 fe80::/64                On-link
 16    276 fe80::/64                On-link
 16    276 fe80::90d9:3b27:e143:456/128
                                    On-link
 10    276 fe80::99e3:647a:a3ad:5ee0/128
                                    On-link
 17    276 fe80::a0eb:e97:4130:7ad4/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 17    276 ff00::/8                 On-link
 16    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\vsocklib.dll [63128] (VMware, Inc.)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [63128] (VMware, Inc.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\vsocklib.dll [67224] (VMware, Inc.)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [67224] (VMware, Inc.)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/31/2013 02:25:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11450
 
Error: (08/31/2013 02:25:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11450
 
Error: (08/31/2013 02:25:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2013 02:25:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10452
 
Error: (08/31/2013 02:25:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10452
 
Error: (08/31/2013 02:25:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2013 02:25:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9454
 
Error: (08/31/2013 02:25:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9454
 
Error: (08/31/2013 02:25:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2013 02:25:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8455
 
 
System errors:
=============
Error: (08/31/2013 08:53:21 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C01C0005
 
Error: (08/31/2013 08:53:18 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C0000022
 
Error: (08/31/2013 08:53:18 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C0000022
 
Error: (08/31/2013 08:53:18 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C0000022
 
Error: (08/31/2013 08:53:18 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C0000022
 
Error: (08/31/2013 08:53:18 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C0000022
 
Error: (08/31/2013 08:53:18 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C0000022
 
Error: (08/31/2013 08:21:32 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C000000D
 
Error: (08/31/2013 08:21:32 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C000000D
 
Error: (08/31/2013 08:21:32 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon Failed to obtain file name information - C000000D
 
 
Microsoft Office Sessions:
=========================
Error: (08/31/2013 02:25:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11450
 
Error: (08/31/2013 02:25:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11450
 
Error: (08/31/2013 02:25:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2013 02:25:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10452
 
Error: (08/31/2013 02:25:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10452
 
Error: (08/31/2013 02:25:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2013 02:25:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9454
 
Error: (08/31/2013 02:25:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9454
 
Error: (08/31/2013 02:25:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2013 02:25:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8455
 
 
=========================== Installed Programs ============================
 
«Euro Truck Simulator 2» v.1.4.8s
µTorrent (Version: 3.3.1.30003)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AES Crypt (Version: 3.09)
AIDA64 Extreme Edition v3.00 (Version: 3.00)
AMD OverDrive Beta (Version: 4.2.6.0659)
Angry Birds (Version: 3.0.0)
Angry Birds Rio (Version: 1.4.4)
Angry Birds Seasons (Version: 3.2.0)
Angry Birds Space (Version: 1.4.1)
Angry Birds Star Wars (Version: 1.1.2)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AptDiff 1.6.1.33 (Version: 1.6.1.33)
ASIO4ALL (Version: 2.11 Beta1)
ASRock eXtreme Tuner v0.1.122
Audacity 2.0.3 (Version: 2.0.3)
Battlefield 3™ (Version: 1.6.0.0)
Battlelog Web Plugins (Version: 2.1.7)
BEHRINGER USB AUDIO DRIVER
Bonjour (Version: 3.0.0.10)
Call of Duty: Black Ops II
Call of Duty: Modern Warfare 2
CCleaner (Version: 4.05)
Cheat Engine 6.3
CodeMeter Runtime Kit v4.30c (Version: 4.30.485.503)
CPUID CPU-Z 1.65.1
Crysis® 2 (Version: 1.9.0.0)
Cube World - July 23, 2013 (Version: July 23, 2013)
Dead Space 2 (Version: Dead Space 2)
Dead Space™ (Version: 1.0.222.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dota 2
EASEUS Partition Master 9.1.0 Professional
ESN Sonar (Version: 0.70.4)
Etron USB3.0 Host Controller (Version: 0.104)
Euro Truck Simulator 2 (Version: 1.1.1)
Everything 1.2.1.371
Fiddler (Version: 4.4.4.8)
Fiddler Syntax-Highlighting Addons
File Property Edit Free (Version: 3.70)
FL Studio 11
FlowStone FL 3.0
Garry's Mod
Google Chrome (Version: 29.0.1547.62)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hex Workshop v6.7 (Version: 6.7.0.5247)
IceChat 7.70 (Build 20101031) (Version: 7.70)
IDA PRO Advanced Edition (Version: v6.1.1)
IL Download Manager
IL Shared Libraries
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LockHunter 3.0 beta 1, 32/64 bit
MAGIX Burn routines (64-Bit) (Version: 9.0.0.212)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27)
Medal of Honor™ Warfighter (Version: 1.0.0.3)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WorldWide Telescope (Version: 4.1.74)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MIDI Yoke (Version: 1.75.53)
Minecraft1.6.2
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MySQL Connector/ODBC 5.2 64bit (community edition) (Version: 5.2.5)
Native Instruments Enhanced EQ
Native Instruments Kontakt 5
Native Instruments Massive
Native Instruments Passive EQ
Native Instruments Pro-53
Native Instruments Reaktor 5
Native Instruments Service Center
Native Instruments Vari Comp
Need for Speed™ Hot Pursuit (Version: 1.0.0.0)
Nexus Mod Manager (Version: 0.45.6)
Node.js (Version: 0.10.13)
Notepad++ (Version: 6.4.2)
NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49)
NVIDIA 3D Vision Driver 320.49 (Version: 320.49)
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Graphics Driver 320.49 (Version: 320.49)
NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2049)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
Open Broadcaster Software
Operation Flashpoint: Red River
Origin (Version: 9.3.1.4482)
PDF Settings CS6 (Version: 11.0)
PowerISO (Version: 5.6)
PunkBuster Services (Version: 0.991)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
REAPER (x64)
reFX Nexus VSTi RTAS v2.2.0
Sequoia 12 (Version: 12.0.2.100)
SHIELD Streaming (Version: 1.05.19)
Skype™ 6.7 (Version: 6.7.102)
Sniper Elite: Nazi Zombie Army
Sothink Flash Downloader for Browser
Sothink SWF Catcher (Version: 2.6)
Sothink SWF Decompiler (Version: 7.4)
SpeedFan (remove only)
SpinTires Tech Demo (June 060613) (Version: 1.3)
Spotify (Version: 0.9.1.57.ge7405149)
StealthNet 0.8.7.9
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 6.0.3.0)
tools-freebsd (Version: 9.2.3.1031769)
tools-linux (Version: 9.2.3.1031769)
tools-netware (Version: 9.2.3.1031769)
tools-solaris (Version: 9.2.3.1031769)
tools-windows (Version: 9.2.3.1031769)
tools-winPre2k (Version: 9.2.3.1031769)
Total Commander 64-bit (Remove or Repair) (Version: 8.01)
TrueCrypt (Version: 7.1a)
Universe Sandbox
Unlocker 1.9.2 (Version: 1.9.2)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
UxStyle Core Beta (Version: 0.2.1.1)
VideoPad Video Editor
VLC media player 2.0.8 (Version: 2.0.8)
VMware Workstation (Version: 9.0.2)
War Thunder Launcher 1.0.1.252
Windows 8 Transformation Pack (Version: 7.0)
Windows Live ID Client Runtime (Version: 7.250.4226.0)
WinPatrol (Version: 28.5.2013.0)
Winspector
World of Goo
 
========================= Memory info: ===================================
 
Percentage of memory in use: 47%
Total physical RAM: 8165.77 MB
Available physical RAM: 4286.18 MB
Total Pagefile: 16329.73 MB
Available Pagefile: 11686.98 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.63 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:188.97 GB) (Free:63.46 GB) NTFS
2 Drive d: (Everything) (Fixed) (Total:742.54 GB) (Free:355.64 GB) NTFS
4 Drive g: (KONBOOT) (Fixed) (Total:0.29 GB) (Free:0.29 GB) FAT32
5 Drive h: (Data) (Fixed) (Total:288.76 GB) (Free:45.33 GB) NTFS
6 Drive i: (Seagate) (Fixed) (Total:9.04 GB) (Free:8.27 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\STEVE-PC
 
Administrator            Guest                    Steve                    
UpdatusUser              
 
 
**** End of log ****

Edited by BCMusic, 31 August 2013 - 09:00 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:32 AM

Posted 31 August 2013 - 09:10 PM

Do one more thing and tell me how it is.
 
 run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users