Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Windows Defender service in Win8


  • Please log in to reply
13 replies to this topic

#1 Jon Fleming

Jon Fleming

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 07 July 2013 - 12:45 PM

Running Windows 8 (not pro) x64 with Start8 restoring the Start menu.

 

I got some malware yesterday. Not sure what variety it was, but Conduit seems to have been involved. It removed almost all my Start menu entries and file associations and several program's registration (including Start8).

 

I'm pretty proficient at removing malware, been doing it for others for years. I ran HijackThis, Malwarebytes quick scan, Combofix, RogueKiller, TDSSKiller, AdWCleaner, JRT, and Tweaking.com Windows Repair AIO. I'm almost back in business, but...

 

The Windows Defender service is missing. I tried importing two versions of HKLM\

System\CurrentControlSet\Services\WinDefend and both times I got:"Cannot import... not all data was written to the registry". I took ownership of that key; no help. I renamed the key to WinDefend.old and got the same result. I ran sfc /scannow and, as always, got a notice that some corrupted files were found but not all could be repaired (has anyone ever run sfc /scannow and gotten a different message? I haven't). No help. I tried using "reg import..." in an elevated command prompt



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 PM

Posted 07 July 2013 - 03:17 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Jon Fleming

Jon Fleming
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 08 July 2013 - 09:48 AM

Note that I now have the purchased version of MBAM, I bought it after getting hit.

-----------------------------------------Security Check:

Results of screen317's Security Check version 0.99.68
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.7.700.224
Mozilla Firefox 21.0 Firefox out of Date!
Mozilla Thunderbird (17.0.7)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

---------------------------------------Farbar

Farbar Service Scanner Version: 06-07-2013
Ran by Jon (administrator) on 08-07-2013 at 08:51:23
Running from "C:\Users\Jon\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 06:23] - [2013-05-04 03:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2013-06-14 19:24] - [2013-05-04 02:59] - 1483776 ____A (Microsoft Corporation) D0C69E44BC1E1D4AD290FD84104623D8

C:\Windows\System32\wscsvc.dll
[2013-05-18 04:38] - [2013-04-09 00:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-06-14 19:24] - [2013-05-04 02:59] - 3241472 ____A (Microsoft Corporation) BE302BABE45EC05995F8DC66E37BBB3D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 06:23] - [2013-04-23 18:55] - 0068096 ____A (Microsoft Corporation) AFA426B0E7975CEB21F8B6711EFA8945

C:\Program Files\Windows Defender\MpSvc.dll
[2013-04-01 14:32] - [2013-01-28 19:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-04-01 14:32] - [2013-01-28 21:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

---------------------------------------------------------------MiniToolBox

MiniToolBox by Farbar Version: 16-06-2013
Ran by Jon (administrator) on 08-07-2013 at 08:52:36
Running from "C:\Users\Jon\Desktop"
Windows 8 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================




127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
PPPoP WAN Adapter = Local Area Connection (Connected)
Ralink RT3290 802.11bgn Wi-Fi Adapter = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Main-2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 68-94-23-A0-6B-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 68-94-23-A0-6A-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Ralink RT3290 802.11bgn Wi-Fi Adapter
Physical Address. . . . . . . . . : 68-94-23-A0-6A-FF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 90-2B-34-E0-72-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::702f:c962:bc9b:20ac%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.13.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 8, 2013 8:25:17 AM
Lease Expires . . . . . . . . . . : Tuesday, July 9, 2013 8:25:17 AM
Default Gateway . . . . . . . . . : 192.168.13.1
DHCP Server . . . . . . . . . . . : 192.168.13.1
DHCPv6 IAID . . . . . . . . . . . : 261106484
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-3C-32-2C-90-2B-34-E0-72-FC
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-40-71
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::556e:6548:8936:b479%30(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 705167399
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-3C-32-2C-90-2B-34-E0-72-FC
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{940A1332-5391-47F9-A5A1-F16D72F1DE47}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{391325FF-ABAD-4F59-91BA-5D7343BD2318}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2607:f8b0:4006:802::100e
173.194.43.2
173.194.43.9
173.194.43.0
173.194.43.5
173.194.43.3
173.194.43.8
173.194.43.4
173.194.43.14
173.194.43.1
173.194.43.6
173.194.43.7


Pinging google.com [173.194.43.2] with 32 bytes of data:
Reply from 173.194.43.2: bytes=32 time=12ms TTL=249
Reply from 173.194.43.2: bytes=32 time=11ms TTL=249

Ping statistics for 173.194.43.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 12ms, Average = 11ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 206.190.36.45
98.139.183.24
98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=99ms TTL=247
Reply from 206.190.36.45: bytes=32 time=101ms TTL=247

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 99ms, Maximum = 101ms, Average = 100ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
===========================================================================
Interface List
16...68 94 23 a0 6b 00 ......Bluetooth Device (Personal Area Network)
14...68 94 23 a0 6a f9 ......Microsoft Wi-Fi Direct Virtual Adapter
13...68 94 23 a0 6a ff ......Ralink RT3290 802.11bgn Wi-Fi Adapter
12...90 2b 34 e0 72 fc ......Realtek PCIe GBE Family Controller
30...08 00 27 00 40 71 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.13.1 192.168.13.103 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.13.0 255.255.255.0 On-link 192.168.13.103 266
192.168.13.103 255.255.255.255 On-link 192.168.13.103 266
192.168.13.255 255.255.255.255 On-link 192.168.13.103 266
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.13.103 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.13.103 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
30 276 fe80::/64 On-link
12 266 fe80::/64 On-link
30 276 fe80::556e:6548:8936:b479/128
On-link
12 266 fe80::702f:c962:bc9b:20ac/128
On-link
1 306 ff00::/8 On-link
30 276 ff00::/8 On-link
12 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/08/2013 08:52:36 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:52:21 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:52:06 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:51:51 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:51:36 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:51:21 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:51:06 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:50:51 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:50:36 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/08/2013 08:50:21 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error


System errors:
=============
Error: (07/08/2013 08:28:02 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (07/08/2013 08:27:57 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (07/08/2013 08:25:20 AM) (Source: Service Control Manager) (User: )
Description: The $(BrandName) service failed to start due to the following error:
%%1053

Error: (07/08/2013 08:25:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the $(BrandName) service to connect.

Error: (07/08/2013 08:21:00 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (07/08/2013 07:36:51 AM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%1053

Error: (07/08/2013 07:36:51 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.

Error: (07/07/2013 04:38:56 PM) (Source: DCOM) (User: MAIN-2)
Description: {B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}

Error: (07/07/2013 01:47:27 PM) (Source: Service Control Manager) (User: )
Description: The CarboniteService service terminated with the following error:
%%2147942583

Error: (07/07/2013 01:47:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CarboniteService service.


Microsoft Office Sessions:
=========================
Error: (07/08/2013 08:52:36 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:52:21 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:52:06 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:51:51 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:51:36 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:51:21 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:51:06 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:50:51 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:50:36 AM) (Source: ATIeRecord)(User: )
Description:

Error: (07/08/2013 08:50:21 AM) (Source: ATIeRecord)(User: )
Description:


CodeIntegrity Errors:
===================================
Date: 2013-07-07 09:24:30.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-07 13:04:24.514
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\OO Software\DriveLED\oodleddr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29533)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AC3Filter 2.6.0b (Version: 2.6.0b)
ACDSee Photo Manager 12 (Version: 12.0.344)
ActiveState ActivePython 2.7.2.5 (64-bit) (Version: 2.7.5)
Adobe Acrobat XI Pro (Version: 11.0.03)
Adobe AIR (Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (Version: 6)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Help Manager (Version: 4.0.244)
Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Agent Ransack 2010 (64-bit)
AIDA64 Extreme Edition v2.85 (Version: 2.85)
Amazon Kindle
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225)
AnVir Task Manager Free
AnyDVD (Version: 7.1.7.0)
AoA Audio Extractor Platinum
Aspell English Dictionary-0.50-2
Assessment and Deployment Kit (Version: 8.59.25584)
AuctionSleuth (Version: 2.8.6)
AuctionSleuth 3.3.4
AutoCAD 2013 - English (Version: 19.0.55.0)
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0)
Autodesk Content Service (Version: 3.0.84.0)
Autodesk Content Service Language Pack (Version: 3.0.84.0)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Material Library 2013 (Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2013 (Version: 3.0.13)
Autodesk Sync (Version: 3.5.24.0)
AutoIt v3.3.8.1
AviSynth 2.5
Beyond Compare Version 3.3.5
Bitcoin (Version: 0.8.2)
Bittorrent Anonymizer (Version: 3.0.2)
bl (Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
Calendar Magic V18.2
calibre (Version: 0.9.28)
Canon MG6100 series MP Drivers
CanoScan LiDE 700F Scanner Driver
Carbonite (Version: 5.4.7 build 3239 (Jun-13-2013))
Carbonite Mirror Image (64-bit) (Version: 5.1.13813.2115)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225)
CCC Help Czech (Version: 2013.0328.2217.38225)
CCC Help Danish (Version: 2013.0328.2217.38225)
CCC Help Dutch (Version: 2013.0328.2217.38225)
CCC Help English (Version: 2013.0328.2217.38225)
CCC Help Finnish (Version: 2013.0328.2217.38225)
CCC Help French (Version: 2013.0328.2217.38225)
CCC Help German (Version: 2013.0328.2217.38225)
CCC Help Greek (Version: 2013.0328.2217.38225)
CCC Help Hungarian (Version: 2013.0328.2217.38225)
CCC Help Italian (Version: 2013.0328.2217.38225)
CCC Help Japanese (Version: 2013.0328.2217.38225)
CCC Help Korean (Version: 2013.0328.2217.38225)
CCC Help Norwegian (Version: 2013.0328.2217.38225)
CCC Help Polish (Version: 2013.0328.2217.38225)
CCC Help Portuguese (Version: 2013.0328.2217.38225)
CCC Help Russian (Version: 2013.0328.2217.38225)
CCC Help Spanish (Version: 2013.0328.2217.38225)
CCC Help Swedish (Version: 2013.0328.2217.38225)
CCC Help Thai (Version: 2013.0328.2217.38225)
CCC Help Turkish (Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
CCleaner (Version: 4.03)
Contextual Tool Yourprofitclub
CrossLoop 2.81 (Version: 2.81)
CutePDF Writer 3.0 (Version: 3.0)
CyberLink LabelPrint (Version: 2.5.1.5510)
CyberLink Media Suite 10 (Version: 10.0.1.1916)
CyberLink PhotoDirector (Version: 2.0.1.3109)
CyberLink Power2Go 8 (Version: 8.0.1.1902)
CyberLink PowerDirector 10 (Version: 10.0.1.1925)
CyberLink PowerDVD (Version: 10.0.1.4319)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
DemoForge Mirage Driver for TightVNC 2.0 (Version: 2.0)
DriveGLEAM V1.12
DriveImage XML (Private Edition) (Version: 2.44.000)
Dropbox (Version: 2.0.22)
DVD Decrypter (Remove Only)
EaseUS Partition Master 9.2.2
ExpressCache (Version: 1.0.102.0)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
ffdshow v1.3.4504 [2013-03-12] (Version: 1.3.4504.0)
FileZilla Client 3.7.0.1 (Version: 3.7.0.1)
Forté Agent (Version: 6.00)
FortiClient SSLVPN v4.0.2277 (Version: 4.0.2277)
GNU Aspell 0.50-3
GnuWin32: Gawk-3.1.6-1 (Version: 3.1.6-1)
Google Chrome (Version: 27.0.1453.116)
Google Drive (Version: 1.10.4769.632)
Google Update Helper (Version: 1.3.21.149)
Hauppauge WinTV 7 (Version: v7.0.31161 (CD 2.8a))
Hewlett-Packard ACLM.NET v1.2.0.0 (Version: 1.00.0000)
HP Connected Backup (Version: 8.7.0.0)
HP Connected Music (Meridian - installer) (Version: v1.0)
HP Connected Remote (Version: 1.0.1206)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP MyRoom (Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Quick Start (Version: 1.0.4660.30220)
HP Registration Service (Version: 1.0.5976.4186)
HP Support Assistant (Version: 7.0.33.6)
HP Support Information (Version: 12.00.0000)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
HydraVision (Version: 4.2.236.0)
IDT Audio (Version: 1.0.6418.0)
InterVideo DeviceService (Version: 1.0.0)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
John's Background Switcher 4.7 (Version: 4.7)
KeePass Password Safe 2.22
Kits Configuration Installer (Version: 8.59.25584)
Lame ACM MP3 Codec
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaInfo 0.7.63 (Version: 0.7.63)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft SkyDrive (Version: 17.0.2011.0627)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visio MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Visio Professional 2013 (Version: 15.0.4420.1017)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft XML Parser (Version: 8.20.8730.4)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 en-US) (Version: 17.0.7)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nero Burning ROM (Version: 12.5.5001)
Nero Burning ROM Help (CHM) (Version: 12.0.3000)
Nero BurningROM 12 (Version: 12.5.00900)
Nero ControlCenter (Version: 11.0.15600)
Nero ControlCenter Help (CHM) (Version: 12.0.12000)
Nero Core Components (Version: 11.0.20200)
Nero SharedVideoCodecs (Version: 1.0.12100.2.0)
Nero Update (Version: 11.0.11800.31.0)
Notepad++ (Version: 6.3.2)
Nuance OmniPage 18 (Version: 18.1.0000)
Opera 12.16 (Version: 12.16.1860)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
Paragon Hard Disk Manager™ 11 Server (Version: 90.00.0003)
Pavtube YouTube Converter version: 1.3.2.2376
PDF Settings CS6 (Version: 11.0)
ph (Version: 1.0.0)
Prerequisite installer (Version: 12.0.0003)
QuickBooks (Version: 20.0.4004.807)
QuickBooks Pro 2010 (Version: 20.0.4004.807)
Quicken 2013 (Version: 22.1.12.7)
QuickPar 0.9 (Version: 0.9)
RAIDXpert (Version: 3.3.1540.24)
Ralink Bluetooth Stack64 (Version: 9.0.720.5)
Ralink RT3290 802.11bgn Wi-Fi Adapter (Version: 5.0.0.0)
Recovery Manager (Version: 5.5.0.5530)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
SciTE4AutoIt3 6/10/2012 (Version: 6/10/2012)
SlimImage (Version: 1.1.27331)
Spybot - Search & Destroy (Version: 2.1.19)
Stardock ModernMix (Version: 1.05)
Stardock Start8 (Version: 1.16)
SugarSync (Version: 2.0.27.114357)
TCC LE x64 13.0 (Version: 13.06.75)
TeraCopy 2.0 beta 4
TightVNC (Version: 2.6.4.0)
Toolkit Documentation (Version: 8.59.25584)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wmaiper (Version: 012.000.1335)
TurboTax 2012 wrapper (Version: 012.000.0127)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.14)
Ulead DVD MovieFactory 6
Ulead DVD MovieFactory 6 (Version: 6.0.0)
Ulead GIF Animator 5
UltraISO Premium V9.35
Unlocker 1.9.2 (Version: 1.9.2)
Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2768004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 32-Bit Edition
Update for Microsoft Office 2013 (KB2810014) 32-Bit Edition
Update for Microsoft Office 2013 (KB2810017) 32-Bit Edition
Update for Microsoft Office 2013 (KB2810018) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817320) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2760334) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2810015) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2727013) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2767865) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2810019) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2768007) 32-Bit Edition
Update for Microsoft Word 2013 (KB2768337) 32-Bit Edition
Vector Magic (Version: 1.15)
VLC media player 2.0.7 (Version: 2.0.7)
Windows 8 Desktop Gadgets (Version: 1.1)
Windows Deployment Customizations (Version: 8.59.25584)
Windows Deployment Tools (Version: 8.59.25584)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows PE x86 x64 (Version: 8.59.25584)
Windows PE x86 x64 wims (Version: 8.59.25584)
Windows System Image Manager on amd64 (Version: 8.59.25584)
Xvid Video Codec (Version: 1.3.2)
ZOC Terminal 5.1 (Version: 5.10)

========================= Devices: ================================

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 12077.12 MB
Available physical RAM: 7566.06 MB
Total Pagefile: 12477.12 MB
Available Pagefile: 8306.7 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.75 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1850.03 GB) (Free:1402.12 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:11.13 GB) (Free:1.35 GB) NTFS
3 Drive e: (Working) (Fixed) (Total:1863.01 GB) (Free:1296.83 GB) NTFS
10 Drive m: (6TB) (Fixed) (Total:5588.78 GB) (Free:3290.05 GB) NTFS
11 Drive n: (PORTABLE) (Removable) (Total:29.67 GB) (Free:6.95 GB) FAT32

========================= Users: ========================================

User accounts for \\MAIN-2

Acronis Agent User Administrator Guest
Jon


**** End of log ****

------------------------------------MBAM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.07.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Jon :: MAIN-2 [administrator]

Protection: Enabled

7/8/2013 8:53:48 AM
mbam-log-2013-07-08 (08-53-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222344
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------MBAR

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.08.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Jon :: MAIN-2 [administrator]

7/8/2013 9:22:02 AM
mbar-log-2013-07-08 (09-22-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 259530
Time elapsed: 31 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------RKilol

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/08/2013 08:54:37 AM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WinDefend [Missing ImagePath]

* WIMMount => \??\C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [Incorrect ImagePath]

* WinHttpAutoProxySvc => winhttp.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/08/2013 08:55:24 AM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 PM

Posted 08 July 2013 - 06:52 PM

There is some registry issue but before we go there couple more scans...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


=============================================================================

p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


=======================================

p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Jon Fleming

Jon Fleming
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 11 July 2013 - 06:47 AM

Security Check says "UNSUPPORTED OPERATING SYSTEM". Eset found no threats.

 

 

# AdwCleaner v2.304 - Logfile created 07/09/2013 at 08:12:33
# Updated 03/07/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Jon - MAIN-2
# Boot Mode : Normal
# Running from : C:\Users\Jon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\u5g0mbih.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.16.1860.0

File : C:\Users\Jon\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2192 octets] - [06/07/2013 19:52:15]
AdwCleaner[R2].txt - [1163 octets] - [07/07/2013 09:09:08]
AdwCleaner[R3].txt - [1224 octets] - [07/07/2013 09:14:43]
AdwCleaner[R4].txt - [1258 octets] - [09/07/2013 08:12:03]
AdwCleaner[S1].txt - [1966 octets] - [06/07/2013 19:52:45]
AdwCleaner[S2].txt - [1189 octets] - [09/07/2013 08:12:33]

########## EOF - C:\AdwCleaner[S2].txt - [1249 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.2 (07.09.2013:1)
OS: Windows 8 x64
Ran by Jon on Tue 07/09/2013 at 8:22:28.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7B07239C-4BA6-4415-BAAC-880FF82FA7CA}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/09/2013 at 8:24:24.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#6 Jon Fleming

Jon Fleming
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 11 July 2013 - 07:21 AM

Hum, something funny here...

 

Since yesterday, while Eset was running, when I open Windows Explorer it shows only Favorites, Desktop, and under it Libraries in the left pane. It takes more than a minute for the green bar to reach the right end. If I type something into the address bar it appears instantly in the right pane and its path appears in the left pane.

 

All jpg files appear as white-piece-of-paper icons.

 

On the View ribbon all the layout options are grayed out except the one currently active. If I right click and choose View all the options are available.

 

Also on the View ribbon the "Hide selected item" and "Options" items are always grayed out.

 

I'm going to run a full MBAM scan.



#7 Jon Fleming

Jon Fleming
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 11 July 2013 - 11:15 AM

OK, a reboot fixed the Explorer issue. Now it's just Windows Defender that isn't workinbg.



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 PM

Posted 11 July 2013 - 06:37 PM

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

Post new FSS log as well.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Jon Fleming

Jon Fleming
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 12 July 2013 - 01:16 PM

OK, SFC gave me:

 

Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

The system file repair changes will take effect after the next reboot.

 

======================================

 

There's no SFC entries in CBS.log.

 

=====================================

 

 

Starting Repairs...
Start (7/7/2013 1:14:18 PM)

Register System Files
Start (7/7/2013 1:14:18 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:14:57 PM)

Repair WMI
Start (7/7/2013 1:14:57 PM)
Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

Done (7/7/2013 1:17:46 PM)

Repair Windows Firewall
Start (7/7/2013 1:17:46 PM)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (7/7/2013 1:18:20 PM)

Repair Internet Explorer
Start (7/7/2013 1:18:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:18:41 PM)

Repair MDAC/MS Jet
Start (7/7/2013 1:18:41 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:18:52 PM)

Repair Hosts File
Start (7/7/2013 1:18:52 PM)
Running Repair Under System Account
Done (7/7/2013 1:18:54 PM)

Remove Policies Set By Infections
Start (7/7/2013 1:18:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:18:59 PM)

Repair Missing Start Menu Icons Removed By Infections
Start (7/7/2013 1:18:59 PM)
Running Repair Under System Account
Done (7/7/2013 1:19:02 PM)

Repair Icons
Start (7/7/2013 1:19:02 PM)
Running Repair Under System Account
Could Not Find C:\Users\Jon\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Jon\AppData\Local\IconCache.db
Done (7/7/2013 1:19:04 PM)

Repair Winsock & DNS Cache
Start (7/7/2013 1:19:04 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:19:09 PM)

Remove Temp Files
Start (7/7/2013 1:19:09 PM)
Running Repair Under System Account
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
C:\Users\Jon\AppData\Local\Temp\JETE2CF.tmp - The process cannot access the file because it is being 
C:\Users\Jon\AppData\Local\Temp\SCOPED~4\Cookies - The process cannot access the file because it is being used by another process.
C:\Users\Jon\AppData\Local\Temp\SCOPED~4\Cookies-journal - The process cannot access the file because it is being used by another process.
C:\Users\Jon\AppData\Local\Temp\SCOPED~4\data_0 - Access is denied.
C:\Users\Jon\AppData\Local\Temp\SCOPED~4\data_1 - Access is denied.
C:\Users\Jon\AppData\Local\Temp\SCOPED~4\data_2 - Access is denied.
C:\Users\Jon\AppData\Local\Temp\SCOPED~4\data_3 - Access is denied.
C:\Users\Jon\AppData\Local\Temp\SCOPED~4\index - Access is denied.
C:\Users\Jon\AppData\Local\Temp\~DF197E2F9E8AD7E8C6.TMP - The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
Access is denied.
C:\Windows\Temp\HSPERF~1\1848 - Access is denied.
C:\Windows\Temp\JETB634.tmp - The process cannot access the file because it is being used by another process.
Done (7/7/2013 1:19:11 PM)

Repair Proxy Settings
Start (7/7/2013 1:19:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:19:16 PM)

Repair Windows Updates
Start (7/7/2013 1:19:16 PM)
Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (7/7/2013 1:19:31 PM)

Repair CD/DVD Missing/Not Working
Start (7/7/2013 1:19:31 PM)
Done (7/7/2013 1:19:31 PM)

Repair Volume Shadow Copy Service
Start (7/7/2013 1:19:31 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:19:54 PM)

Repair MSI (Windows Installer)
Start (7/7/2013 1:19:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:03 PM)

Repair bat Association
Start (7/7/2013 1:20:03 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:08 PM)

Repair cmd Association
Start (7/7/2013 1:20:08 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:13 PM)

Repair com Association
Start (7/7/2013 1:20:13 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:18 PM)

Repair Directory Association
Start (7/7/2013 1:20:18 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:22 PM)

Repair Drive Association
Start (7/7/2013 1:20:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:27 PM)

Repair exe Association
Start (7/7/2013 1:20:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:32 PM)

Repair Folder Association
Start (7/7/2013 1:20:32 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:37 PM)

Repair inf Association
Start (7/7/2013 1:20:37 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:41 PM)

Repair lnk (Shortcuts) Association
Start (7/7/2013 1:20:41 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:46 PM)

Repair msc Association
Start (7/7/2013 1:20:46 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:51 PM)

Repair reg Association
Start (7/7/2013 1:20:51 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:20:56 PM)

Repair scr Association
Start (7/7/2013 1:20:56 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:21:01 PM)

Repair Windows Safe Mode
Start (7/7/2013 1:21:01 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:21:05 PM)

Repair Print Spooler
Start (7/7/2013 1:21:05 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:21:18 PM)

Restore Important Windows Services
Start (7/7/2013 1:21:18 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:21:23 PM)

Set Windows Services To Default Startup
Start (7/7/2013 1:21:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/7/2013 1:21:28 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (7/7/2013 1:21:28 PM)
Total Repair Time: 00:07:10


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
Running Repair Under System Account
Starting Repairs...
Start (7/12/2013 2:02:02 PM)

Register System Files
Start (7/12/2013 2:02:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:02:53 PM)

Repair WMI
Start (7/12/2013 2:02:53 PM)
Running Repair Under Current User Account
^CThe process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Invalid Global Switch.

Invalid Global Switch.

Done (7/12/2013 2:04:00 PM)

Repair Windows Firewall
Start (7/12/2013 2:04:00 PM)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (7/12/2013 2:04:34 PM)

Repair Internet Explorer
Start (7/12/2013 2:04:34 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:05:21 PM)

Repair MDAC/MS Jet
Start (7/12/2013 2:05:21 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:05:38 PM)

Repair Hosts File
Start (7/12/2013 2:05:38 PM)
Running Repair Under System Account
Done (7/12/2013 2:05:41 PM)

Remove Policies Set By Infections
Start (7/12/2013 2:05:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:05:47 PM)

Repair Missing Start Menu Icons Removed By Infections
Start (7/12/2013 2:05:47 PM)
Running Repair Under System Account
Done (7/12/2013 2:05:50 PM)

Repair Icons
Start (7/12/2013 2:05:50 PM)
Running Repair Under System Account
Could Not Find C:\Users\Jon\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Jon\AppData\Local\IconCache.db
Done (7/12/2013 2:05:53 PM)

Repair Winsock & DNS Cache
Start (7/12/2013 2:05:53 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:06:07 PM)

Remove Temp Files
Start (7/12/2013 2:06:07 PM)
Running Repair Under System Account
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
C:\Users\Jon\AppData\Local\Temp\JETF7C6.tmp - The process cannot access the file because it is being used by another process.
C:\Users\Jon\AppData\Local\Temp\qtsingleapp-Bittor-ad7d-1-lockfile - The process cannot access the file because it is being used by another process.
C:\Users\Jon\AppData\Local\Temp\~DF8AECD35DFCBC8B5E.TMP - The process cannot access the file because it is being used by another process.
C:\Users\Jon\AppData\Local\Temp\~DFBAD26810D22C1634.TMP - The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
Access is denied.
C:\Windows\Temp\HSPERF~1\1164 - Access is denied.
C:\Windows\Temp\JETADBB.tmp - The process cannot access the file because it is being used by another process.
Done (7/12/2013 2:06:12 PM)

Repair Proxy Settings
Start (7/12/2013 2:06:12 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:06:17 PM)

Repair Windows Updates
Start (7/12/2013 2:06:17 PM)
Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (7/12/2013 2:06:36 PM)

Repair CD/DVD Missing/Not Working
Start (7/12/2013 2:06:36 PM)
Done (7/12/2013 2:06:36 PM)

Repair Volume Shadow Copy Service
Start (7/12/2013 2:06:36 PM)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (7/12/2013 2:06:41 PM)

Repair MSI (Windows Installer)
Start (7/12/2013 2:06:41 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:06:50 PM)

Repair bat Association
Start (7/12/2013 2:06:50 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:06:55 PM)

Repair cmd Association
Start (7/12/2013 2:06:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:00 PM)

Repair com Association
Start (7/12/2013 2:07:00 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:04 PM)

Repair Directory Association
Start (7/12/2013 2:07:04 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:09 PM)

Repair Drive Association
Start (7/12/2013 2:07:09 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:14 PM)

Repair exe Association
Start (7/12/2013 2:07:14 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:18 PM)

Repair Folder Association
Start (7/12/2013 2:07:18 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:23 PM)

Repair inf Association
Start (7/12/2013 2:07:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:28 PM)

Repair lnk (Shortcuts) Association
Start (7/12/2013 2:07:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:33 PM)

Repair msc Association
Start (7/12/2013 2:07:33 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:37 PM)

Repair reg Association
Start (7/12/2013 2:07:37 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:42 PM)

Repair scr Association
Start (7/12/2013 2:07:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:47 PM)

Repair Windows Safe Mode
Start (7/12/2013 2:07:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:52 PM)

Repair Print Spooler
Start (7/12/2013 2:07:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:07:58 PM)

Restore Important Windows Services
Start (7/12/2013 2:07:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:08:03 PM)

Set Windows Services To Default Startup
Start (7/12/2013 2:08:03 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/12/2013 2:08:08 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (7/12/2013 2:08:08 PM)
Total Repair Time: 00:06:06


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account

 

====================================

 

 

Farbar Service Scanner Version: 10-07-2013 01
Ran by Jon (administrator) on 12-07-2013 at 14:12:57
Running from "C:\Users\Jon\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 06:23] - [2013-05-04 03:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2013-06-14 19:24] - [2013-05-04 02:59] - 1483776 ____A (Microsoft Corporation) D0C69E44BC1E1D4AD290FD84104623D8

C:\Windows\System32\wscsvc.dll
[2013-05-18 04:38] - [2013-04-09 00:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-06-14 19:24] - [2013-05-04 02:59] - 3241472 ____A (Microsoft Corporation) BE302BABE45EC05995F8DC66E37BBB3D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 06:23] - [2013-04-23 18:55] - 0068096 ____A (Microsoft Corporation) AFA426B0E7975CEB21F8B6711EFA8945

C:\Program Files\Windows Defender\MpSvc.dll
[2013-04-01 14:32] - [2013-01-28 19:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-04-01 14:32] - [2013-01-28 21:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Edited by Jon Fleming, 12 July 2013 - 01:17 PM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 PM

Posted 12 July 2013 - 06:25 PM

It looks better.

Windows Updates issue got fixed.

 

Let's see if we can fix Windows Defender issue.

 

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/

Windows 8: http://www.vikitech.com/11302/system-restore-windows-8

Download WinDefend.reg file from here: http://download.bleepingcomputer.com/win-services/8/WinDefend.reg

Double click on WinDefend.reg file and confirm the prompt.
Restart computer.

Post new FSS log.
 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Jon Fleming

Jon Fleming
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 13 July 2013 - 07:23 AM

No luck.

 

Error_zps29544152.png

 

I checked permissions:

 

Permissions_zpsf0eef2f6.png

 

And just to make things even better, when I clicked on the "Get Links" link in freakin' Photobucket for the second image, I got a fake WIndows Defender warning saying I was infected and offering to clean my PC. Oh well, off to run MBAM again. Carp carp carp carp carp...

 



#12 Jon Fleming

Jon Fleming
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 13 July 2013 - 07:57 AM

I FIXED IT!! At least the Windows Defender issue. It took some sneakiness. While messing around in Regedit trying to see what I could do I found I could rename the WinDefend registry key. After a couple of failed tries to import the WinDefend.reg I figured out:

  1. Use a text editor to globally replace WinDefend with W0 in WinDefend.reg (four places)
  2. Rename WinDefend.reg to w0.reg
  3. Double-click w0.reg and import it.
  4. In regedit rename HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend to WInDefend_old
  5. Rename HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W0 to WinDefend
  6. Reboot.

and Windows Defender service is running! Now to see if I actually caught something from that fake AV popup...



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 PM

Posted 13 July 2013 - 10:32 AM

Good job :)

 

Your computer is clean p3879546.jpg

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
Windows 8: http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#disable

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 acuvic

acuvic

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 17 January 2014 - 06:41 AM

I FIXED IT!! At least the Windows Defender issue. It took some sneakiness. While messing around in Regedit trying to see what I could do I found I could rename the WinDefend registry key. After a couple of failed tries to import the WinDefend.reg I figured out:

  1. Use a text editor to globally replace WinDefend with W0 in WinDefend.reg (four places)
  2. Rename WinDefend.reg to w0.reg
  3. Double-click w0.reg and import it.
  4. In regedit rename HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend to WInDefend_old
  5. Rename HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W0 to WinDefend
  6. Reboot.

and Windows Defender service is running! Now to see if I actually caught something from that fake AV popup...

I know it's old thread but I need to say this. Thanks a million to Jon for this convoluted method that stopped me pulling all my hair out. God knows how you worked it out but it saved my sanity. THANKS +++++






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users