Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender unable to turn ON


  • This topic is locked This topic is locked
9 replies to this topic

#1 David...

David...

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 01 May 2013 - 11:51 AM

Windows Defender unable to turn On.

 

 

I recently had Avast antivirus installed, just for an additional scan. But removed it properly using Revo Uninstaller.

 

I ran Services.msc and found that Windows Defender is set to manual (but is unable to be set to automatic, location is greyed).

 

When I run Action Center, in order to Turn ON Windows Defender it simply opens Windows/System32.

 

 

Found the following while researching online,

 

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 

Unable to set to '0', displays an error message..

  "Cannot edit DisableAntiSpyware"

 

 

Please help.

 



BC AdBot (Login to Remove)

 


#2 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 01 May 2013 - 12:03 PM

This post is from Farbar Service Scanner...

 

The files in question are the ones poses the problem. (MsMpEng.exe)

 

 

Farbar Service Scanner Version: 03-03-2013
Ran by David (administrator) on 01-05-2013 at 12:04:39
Running from "C:\Users\David\Desktop\Bleeping Computer"
Windows 8 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-04-13 14:54] - [2013-03-02 05:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-04-13 14:54] - [2013-03-01 22:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-03-18 22:22] - [2013-01-28 19:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-03-18 22:22] - [2013-01-28 21:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#3 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 01 May 2013 - 03:19 PM

With further research online, performed the following:

 

 

Method 1:

I would suggest you to make the “Windows defender Service” startup type to “Automatic”.

Follow these steps:

a. Press “Windows key + R” from keyboard.

b. Type “services.msc” without quotes in the “Run” Window and hit enter.

c. Search for “Windows Defender Service”.

d. Make “Startup Type” to “Automatic”.

e. Restart the computer and then check how it works.

Method 2:

Perform System File Check (SFC), and then check if this fixes the issue.

Follow the steps:

a. Press “Windows Key + Q” to open Charms Bar.

b. Type “cmd” without quotes in the search box.

c. On the left pane, right click on the “cmd” option and select “Run as Administrator”.

d. Type ‘sfc /scannow’ without quotes and hit enter.

 

 

With no luck, the problem still remains...

 

Method #1:

As I mentioned above, the section to adjust to 'automatic' is unadjustable. (Has been turned to grey).

 

Method #2:

No errors were found.

 

 

Any suggestions would be greatly appreciated.



#4 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 01 May 2013 - 03:37 PM

With further online research, removal of Avast includes the following...

 

I downloaded, aswclear.exe and ran it in SAFEMODE.

 

 

No luck.



#5 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 01 May 2013 - 09:47 PM

I believe this may have solved the problem.

 

Any expert advice?

 

You can also re-enable Windows Defender simply by typing in the command line:

sc start WinDefend Enable.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:56 AM

Posted 04 May 2013 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM

#7 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 04 May 2013 - 10:30 AM

Thank you for your assistance.

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by David at 11:13:45 on 2013-05-04
Microsoft Windows 8 Pro  6.2.9200.0.1252.2.1033.18.6044.4314 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EADCCA93-1794-4639-BB88-B2B62C52238E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2012-12-10 652344]
R2 hmip;hmip;C:\WINDOWS\System32\Drivers\hmip64.sys [2012-12-10 37832]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-10 14904]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-1 701512]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-12-12 794272]
R3 AmUStor;AM USB Stroage Driver;C:\WINDOWS\System32\Drivers\AmUStor.sys [2011-12-15 85080]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\Drivers\L1C63x64.sys [2012-10-5 118936]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-5-1 25928]
R3 QIOMem;Generic IO & Memory Access;C:\WINDOWS\System32\Drivers\QIOMem.sys [2012-9-24 14000]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S4 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
.
=============== Created Last 30 ================
.
2013-05-04 14:57:25 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F4F6DC2-8EC2-46ED-8787-A06AD2EE4553}\mpengine.dll
2013-05-03 22:34:25 -------- d-----w- C:\Users\David\AppData\Local\Deployment
2013-05-03 22:34:25 -------- d-----w- C:\Users\David\AppData\Local\Apps
2013-05-03 20:57:25 9317456 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-05-02 03:56:41 -------- d-----w- C:\Users\David\AppData\Roaming\WinPatrol
2013-05-02 03:56:33 -------- d-----w- C:\ProgramData\InstallMate
2013-05-02 03:56:33 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-05-02 03:11:57 -------- d-----w- C:\WINDOWS\SysWow64\sda
2013-05-01 23:07:48 -------- d-----w- C:\WINDOWS\System32\catroot2
2013-05-01 22:41:14 -------- d-----w- C:\RegBackup
2013-05-01 21:11:58 788896 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-05-01 21:11:57 866720 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-05-01 21:11:56 95648 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-05-01 20:42:53 -------- d-----w- C:\WINDOWS\System32\wbem\repository
2013-05-01 18:52:18 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-05-01 18:52:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-01 16:26:14 -------- d-----w- C:\Users\David\AppData\Roaming\Registry Mechanic
2013-05-01 14:41:39 -------- d-----w- C:\WINDOWS\SysWow64\wbem\Performance
2013-05-01 02:34:46 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-04-30 21:51:30 -------- d-----w- C:\Program Files (x86)\Canon
2013-04-30 21:51:29 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2013-04-30 21:50:30 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2013-04-18 03:15:21 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-04-17 20:55:55 78176 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-04-17 20:55:55 692576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-04-15 18:09:36 1011200 ----a-w- C:\WINDOWS\System32\reseteng.dll
2013-04-15 18:09:35 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2013-04-13 18:53:59 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-04-13 18:53:59 26112 ----a-w- C:\WINDOWS\System32\drivers\mouhid.sys
2013-04-13 18:53:59 235008 ----a-w- C:\Program Files\Windows NT\Accessories\WordpadFilter.dll
2013-04-13 18:53:59 195072 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll
2013-04-13 18:53:57 39424 ----a-w- C:\WINDOWS\System32\wuapp.exe
2013-04-13 18:53:53 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2013-04-13 18:53:53 30720 ----a-w- C:\WINDOWS\System32\drivers\monitor.sys
2013-04-13 18:53:08 4041728 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-04-13 18:52:14 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-04-13 18:52:06 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-04-13 18:52:05 2240512 ----a-w- C:\WINDOWS\System32\wininet.dll
.
==================== Find3M  ====================
.
2013-05-02 15:29:56 278800 ------w- C:\WINDOWS\System32\MpSigStub.exe
2013-03-07 06:50:56 6991592 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-03-02 10:57:48 337128 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2013-03-02 10:57:46 283880 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\WINDOWS\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:23:43 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\WINDOWS\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 8857088 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-03-02 08:23:19 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
2013-03-02 08:22:36 357888 ----a-w- C:\WINDOWS\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2013-03-02 08:22:18 361984 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2013-03-02 08:22:17 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\WINDOWS\SysWow64\drvstore.dll
2013-03-02 08:21:40 309760 ----a-w- C:\WINDOWS\SysWow64\BCP47Langs.dll
2013-03-02 08:21:39 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2013-03-02 08:21:32 145408 ----a-w- C:\WINDOWS\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\WINDOWS\System32\SettingSyncInfo.dll
2013-03-02 02:44:41 455168 ----a-w- C:\WINDOWS\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\WINDOWS\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\WINDOWS\System32\mstscax.dll
2013-03-02 02:44:30 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\WINDOWS\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\WINDOWS\System32\discan.dll
2013-03-02 02:44:05 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll
2013-03-02 02:43:59 1933312 ----a-w- C:\WINDOWS\System32\wbem\cimwin32.dll
2013-03-02 02:43:56 389120 ----a-w- C:\WINDOWS\System32\BCP47Langs.dll
2013-03-02 02:43:55 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2013-03-02 02:43:51 2146304 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2013-03-02 02:43:50 156160 ----a-w- C:\WINDOWS\System32\powercfg.cpl
2013-03-01 04:56:33 156672 ----a-w- C:\WINDOWS\System32\drivers\rfcomm.sys
2013-03-01 04:55:37 1175040 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-02-21 10:29:37 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2013-02-21 10:15:00 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-02-21 10:14:05 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2013-02-19 09:53:00 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2013-02-15 07:58:59 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-02-12 00:17:50 20992 ----a-w- C:\WINDOWS\System32\drivers\usb8023.sys
2013-02-07 01:33:01 754176 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2013-02-06 06:42:08 26520 ----a-w- C:\WINDOWS\System32\drivers\tosrfec.sys
2013-02-05 22:31:11 622080 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
.
============= FINISH: 11:15:02.05 ===============

 

DDS Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-12-07 11:59:15 PM
System Uptime: 2013-05-02 2:03:41 AM (57 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1
Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz | U3E1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 359.908 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP25: 2013-04-12 4:02:09 PM - Scheduled Checkpoint
RP26: 2013-04-23 2:34:29 PM - Scheduled Checkpoint
RP27: 2013-04-30 4:39:41 PM - Created by PC Tools Registry Mechanic                         
RP28: 2013-05-01 12:27:39 PM - Created by PC Tools Registry Mechanic                         
RP29: 2013-05-03 5:55:42 PM - Revo Uninstaller's restore point - Google Chrome
.
==== Installed Programs ======================
.
Alcor Micro USB Card Reader
BlackBerry Desktop Software 7.1
Canon Utilities CameraWindow DC 8
CCleaner
Classic Shell
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
Google Update Helper
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 21
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SkyDrive
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MPC-HC 1.6.7.7114 (9eb64ec) (64-bit)
Need For Speed Underground
PC Tools Registry Mechanic 11.1
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Revo Uninstaller 1.94
Samsung AllShare
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Tweaking.com - Windows Repair (All in One)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WinPatrol
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
2013-05-01 4:43:53 PM, Error: Service Control Manager [7022]  - The Internet Connection Sharing (ICS) service hung on starting.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error:  A device attached to the system is not functioning.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2013-05-01 3:29:01 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2013-05-01 3:28:47 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
2013-05-01 2:30:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2013-05-01 2:29:48 PM, Error: Service Control Manager [7001]  - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
2013-05-01 2:29:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2013-05-01 2:28:54 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
2013-05-01 2:28:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2013-05-01 2:28:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2013-05-01 12:46:46 PM, Error: Service Control Manager [7034]  - The Classic Shell Service service terminated unexpectedly.  It has done this 1 time(s).
2013-05-01 11:42:50 PM, Error: Service Control Manager [7000]  - The SAS Core Service service failed to start due to the following error:  The system cannot find the file specified.
2013-05-01 11:37:13 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user David-pc\David SID (S-1-5-21-3885438069-3004873837-2681399290-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
2013-04-30 6:51:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ce (0xfffff880021e5c64, 0x0000000000000008, 0xfffff880021e5c64, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 043013-48953-01.
2013-04-30 11:46:56 PM, Error: Microsoft-Windows-Ntfs [98]  - Volume C: (\Device\HarddiskVolume2) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
2013-04-29 9:35:57 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user David-pc\David SID (S-1-5-21-3885438069-3004873837-2681399290-1001) from address LocalHost (Using LRPC) running in the application container AccuWeather.AccuWeatherforWindows8_2.2.0.0_x64__8zz2pj9h1h1d8 SID (S-1-15-2-359386925-4037696881-724898997-1416845164-233709623-2974364301-3644279824). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

 

 

WHY Do I have so many errors? Can you help me fix this mess?

Please

 

 

 

 

Security Check

 Results of screen317's Security Check version 0.99.63
   x64 (UAC is enabled)
 Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300
 Java 7 Update 21
 Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbamservice.exe
 Malwarebytes Anti-Malware mbamgui.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 Windows Defender MsMpEng.exe 
 BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

Please note I have IE 10 installed but above only says IE9?

 

 

AdwCleaner

 

# AdwCleaner v2.300 - Logfile created 05/04/2013 at 11:23:11
# Updated 28/04/2013 by Xplode
# Operating system : Windows 8 Pro  (64 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [785 octets] - [04/05/2013 11:23:11]

########## EOF - C:\AdwCleaner[S2].txt - [844 octets] ##########

 

 

Thanking you again,

David



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:56 AM

Posted 04 May 2013 - 01:46 PM

Your logs are clean.

It may just be that winpatrol is protecting your Registry.

Disable it and run your fixes.

How is it now.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:56 AM

Posted 10 May 2013 - 06:41 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:56 AM

Posted 16 May 2013 - 07:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users